Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Startpage virus [Solved]

Started by jrngrndlmn , Oct 01 2013 09:43 AM

  • This topic is locked This topic is locked

#1
jrngrndlmn
Posted 01 October 2013 - 09:43 AM

jrngrndlmn

    New Member

  • Member
  • Pip
  • 4 posts
Hi there,

My pc has seem to have caught a very annoying virus. When I reboot my pc I instantly get a new homepage and default search engine for both browsers (Chrome and IE). It's called Startpage. It slows my computer down a lot.

I was wondering if anybody here might be able to help me with this one. I ran HijackThis for the logfile. Thanks a lot in advance for taking a look at it.


Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 17:05:03, on 10/1/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
CHROME: 29.0.1547.76

Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Users\Jeroen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Jeroen\AppData\Roaming\drive.exe
C:\Windows\VPro620.exe
C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
C:\Users\Jeroen\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\Jeroen.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeroen\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeroen\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpage.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Jeroen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jeroen\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [JRNGRNDLMN] C:\Users\Jeroen\AppData\Roaming\drive.exe
O4 - Startup: Dropbox.lnk = Jeroen\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Jeroen.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = Jeroen\AppData\Local\Temp\{09A10C0F-49C6-4450-8246-20C63C56770C}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: RollerCoaster Tycoon 3_ Wild Registration.lnk = Jeroen\AppData\Local\Temp\{F5CF0C98-F649-4CC1-A6BC-3B090B589837}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: VPro620.lnk = C:\Windows\VPro620.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.line6.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MSI_SuperCharger - MSI - C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14224 bytes


  • 0

Advertisements

#2
Valinorum
Posted 01 October 2013 - 10:09 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi jrngrndlmn, :)

:welcome:

My name is Valinorum and I will be your helper today. Before we proceed, please, acknowledge yourself the following(s):

  • Please do not create any new threads on this while we are working on your system, as it wastes another volunteer's time.
  • Please do not install any new software while we are working on this system,as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malwares infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction stop and ask. do not keep going on.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

Note: Please, bare in mind that I am still a trainee and my replies need to be reviewed by my teachers before I post them to you. Take it as a good thing because now you have two people examining your problem. I really hope that we will be able to send you home with a smile on your face. :)

 

  • Step #1
  • Please download OldTimer's Listit from one of the following locations and save it to your Desktop.
    Download Link 1
    Download Link 2
    Downlaod LInk 3
  • Copy and Paste the following code inside the Custom Scans/Fixes box;
    netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT
  • Click the Quick Scan button;
  • After the scan two logs will be produced;
  • Copy and paste the content of the logs in your next reply

  • Required Log(s):
  • OTL.txt;
  • Extras.txt

Regards,
Valinorum
  • 0

#3
admin
Posted 01 October 2013 - 12:08 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
This is a duplicate topic that has also been posted at another site: http://www.bleepingc...tartpage-virus/

Please respect the time of our volunteers, and don't post for help at multiple sites. Since that topic was posted first, I am closing this one.
  • 0

#4
admin
Posted 01 October 2013 - 05:38 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
@ Valinorum, the topic has been closed at other site. This one can proceed. :thumbsup:
  • 0

#5
Valinorum
Posted 01 October 2013 - 08:24 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Acknowledged, Blair. :)
  • 0

#6
jrngrndlmn
Posted 02 October 2013 - 07:04 AM

jrngrndlmn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks!

Here are the logs:

OTL

OTL logfile created on: 10/2/2013 00:42:02 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jeroen\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.98 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 42.77% Memory free
7.96 Gb Paging File | 5.11 Gb Available in Paging File | 64.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1014.47 Gb Free Space | 54.46% Space Free | Partition Type: NTFS
Drive E: | 3.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 7.64 Gb Total Space | 4.26 Gb Free Space | 55.75% Space Free | Partition Type: FAT32

Computer Name: JRNGRNDLMN | User Name: Jeroen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/01 20:10:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeroen\Desktop\OTL.exe
PRC - [2013/10/01 01:42:49 | 003,551,576 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2013/09/30 15:54:43 | 001,209,832 | -HS- | M] () -- C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\Jeroen.exe
PRC - [2013/09/28 18:49:08 | 001,140,736 | ---- | M] (Spotify Ltd) -- C:\Users\Jeroen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/09/20 10:57:08 | 000,064,008 | ---- | M] (Google) -- C:\Users\Jeroen\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/07/15 15:30:44 | 005,582,776 | ---- | M] (Security Stronghold) -- C:\Program Files (x86)\Win 32. Trojan . Start Page Removal Tool\Win32.Trojan.StartPageRemovalTool.exe
PRC - [2013/07/12 23:47:20 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/05/25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jeroen\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/07 01:17:21 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/06/28 17:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2012/01/03 13:34:20 | 000,138,768 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
PRC - [2012/01/03 13:34:16 | 000,502,288 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
PRC - [2011/08/17 09:28:14 | 003,120,448 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2011/07/06 07:15:26 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/07/06 07:15:20 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/06/24 11:57:04 | 000,136,704 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2007/06/18 16:10:00 | 000,061,440 | ---- | M] (Philips) -- C:\Windows\VPro620.exe
PRC - [2004/12/14 02:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/01 01:42:52 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Origin\tufao.dll
MOD - [2013/09/30 15:54:43 | 001,209,832 | -HS- | M] () -- C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\Jeroen.exe
MOD - [2013/09/30 15:54:37 | 000,279,955 | -HS- | M] () -- C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\libidn-11.dll
MOD - [2013/09/30 15:54:37 | 000,148,760 | -HS- | M] () -- C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\libpdcurses.dll
MOD - [2013/09/30 15:54:37 | 000,084,992 | -HS- | M] () -- C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\zlib1.dll
MOD - [2013/09/25 16:44:32 | 000,283,032 | ---- | M] () -- C:\Program Files (x86)\Battlelog Web Plugins\launcher-119.dll
MOD - [2013/09/17 05:21:27 | 000,410,576 | ---- | M] () -- C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppgooglenaclpluginchrome.dll
MOD - [2013/09/17 05:21:25 | 004,053,456 | ---- | M] () -- C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll
MOD - [2013/09/17 05:20:34 | 000,709,584 | ---- | M] () -- C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\29.0.1547.76\libglesv2.dll
MOD - [2013/09/17 05:20:33 | 000,099,792 | ---- | M] () -- C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\29.0.1547.76\libegl.dll
MOD - [2013/09/17 05:20:31 | 001,604,560 | ---- | M] () -- C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll
MOD - [2013/03/13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Jeroen\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/11/29 23:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2012/11/14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Jeroen\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/09/28 03:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/11/11 12:08:32 | 000,126,520 | R--- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/07 01:17:21 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/01/03 13:34:20 | 000,138,768 | ---- | M] (MSI) [Auto | Running] -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe -- (MSI_SuperCharger)
SRV - [2011/07/06 07:15:26 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/07/06 07:15:20 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/24 11:57:04 | 000,136,704 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/01 23:24:31 | 000,032,512 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/31 11:50:58 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/26 13:05:52 | 000,121,224 | ---- | M] (e2eSoft) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VCam_WDM.sys -- (VCam_WDM)
DRV:64bit: - [2012/11/15 03:38:20 | 000,040,712 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/10/11 05:08:38 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/09/28 04:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/28 03:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/09/25 11:52:10 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/20 13:08:21 | 000,271,424 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/05/14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/26 22:00:16 | 000,772,224 | ---- | M] (Line 6) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L6TPortA64.sys -- (L6TPortA)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/29 11:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/19 00:46:06 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2011/05/19 17:29:28 | 000,334,400 | ---- | M] (ShiningMorning Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdevice.sys -- (mcdevice)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 16:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/03/04 16:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/03/02 17:58:58 | 000,036,448 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2010/11/21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/10/20 17:20:36 | 000,114,608 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\phaudlwr.sys -- (phaudlwr)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/09/28 16:12:04 | 000,008,192 | ---- | M] (Philips ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC620m.sys -- (SPC620m)
DRV:64bit: - [2007/09/28 16:12:02 | 000,581,120 | ---- | M] (Philips ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC620.sys -- (SPC620)
DRV:64bit: - [2005/09/23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2011/12/12 13:45:08 | 000,017,936 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys -- (ipadtst)
DRV - [2010/01/18 10:36:44 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys -- (NTIOLib_1_0_3)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?r...cid=iehp&tc=120
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0B 00 D7 75 31 2A CE 01 [binary data]
IE - HKCU\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: {7bf3f322-c1a4-4654-b9b0-e0ddf67d86c2}:0.8
FF - prefs.js..extensions.enabledAddons: {f8d46537-88fa-41cd-9f4f-a47ba0346190}:1.5
FF - prefs.js..extensions.enabledAddons: gmailwatcher@sonthakit:1.56
FF - prefs.js..network.proxy.type:
FF - prefs.js..browser.startup.homepage: "http://startpage.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://startpage.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://startpage.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://startpage.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://startpage.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://startpage.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://startpage.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://startpage.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://startpage.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=2.1.5.3: C:\Users\Jeroen\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jeroen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Jeroen\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Jeroen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jeroen\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jeroen\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Jeroen\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]

[2013/06/12 21:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeroen\AppData\Roaming\Mozilla\Extensions
[2013/06/12 21:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeroen\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/02/02 20:28:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\9i3vucai.default\extensions
[2012/07/29 13:52:27 | 000,000,000 | ---D | M] (Facebook Touch Panel) -- C:\Users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\9i3vucai.default\extensions\{7bf3f322-c1a4-4654-b9b0-e0ddf67d86c2}
[2012/07/18 03:30:51 | 000,000,000 | ---D | M] (Youtube Just The Video) -- C:\Users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\9i3vucai.default\extensions\{f8d46537-88fa-41cd-9f4f-a47ba0346190}
[2012/09/07 23:47:14 | 000,221,699 | ---- | M] () (No name found) -- C:\Users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\9i3vucai.default\extensions\[email protected]
[2012/08/30 19:39:23 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\9i3vucai.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/10/01 23:24:59 | 000,001,907 | ---- | M] () -- C:\Users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\9i3vucai.default\searchplugins\google.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Downloader Detector (Enabled) = C:\Program Files (x86)\Downloader\npdd.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jeroen\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Ace Stream P2P Multimedia Plug-in (Enabled) = C:\Users\Jeroen\AppData\Roaming\ACEStream\player\npace_plugin.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Jeroen\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Jeroen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Jeroen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Jeroen\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Chrome In-App Payments service = C:\Users\Jeroen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Jeroen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2013/10/01 23:23:04 | 000,000,019 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (MSI)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Google Update] File not found
O4 - HKCU..\Run: [JRNGRNDLMN] C:\Users\Jeroen\AppData\Roaming\drive.exe File not found
O4 - HKCU..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O4 - HKCU..\Run: [Spotify Web Helper] File not found
O4 - HKLM..\RunOnce\Setup: [Registering MS MPEG4 ActiveX filter...] C:\Windows\SysWOW64\MPG4ds32.ax (Microcrap Corporation)
O4 - Startup: C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jeroen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jeroen.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 5.104.112.68 5.104.112.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B27B7D5B-AEE9-41D7-B80E-63058F2CA631}: DhcpNameServer = 5.104.112.68 5.104.112.69
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/20 11:40:56 | 000,000,151 | ---- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{1a72ee99-2300-11e2-92a0-8c89a5c2a07b}\Shell - "" = AutoRun
O33 - MountPoints2\{1a72ee99-2300-11e2-92a0-8c89a5c2a07b}\Shell\AutoRun\command - "" = G:\SISetup.exe
O33 - MountPoints2\{5e7c6cb5-bb3e-11e1-9cf2-8c89a5c2a07b}\Shell - "" = AutoRun
O33 - MountPoints2\{5e7c6cb5-bb3e-11e1-9cf2-8c89a5c2a07b}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{70238de9-bac4-11e1-8458-8c89a5c2a07b}\Shell - "" = AutoRun
O33 - MountPoints2\{70238de9-bac4-11e1-8458-8c89a5c2a07b}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/10/02 00:36:48 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2013/10/02 00:36:48 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2013/10/02 00:36:48 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
[2013/10/02 00:36:48 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2013/10/02 00:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win 32. Trojan . Start Page Removal Tool
[2013/10/02 00:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Win 32. Trojan . Start Page Removal Tool
[2013/10/02 00:15:26 | 000,000,000 | ---D | C] -- C:\Users\Jeroen\AppData\Roaming\Anvisoft
[2013/10/02 00:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2013/10/02 00:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2013/10/02 00:14:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2013/10/01 23:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/10/01 23:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/01 23:03:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/01 23:03:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/01 22:54:29 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/01 22:40:21 | 000,000,000 | ---D | C] -- C:\Users\Jeroen\Desktop\Remove Trojan.StartPage virus (Removal Guide)_files
[2013/10/01 20:10:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jeroen\Desktop\OTL.exe
[2013/10/01 02:33:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/30 15:54:37 | 000,000,000 | -HSD | C] -- C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN
[2013/09/28 18:43:55 | 000,000,000 | ---D | C] -- C:\Users\Jeroen\Documents\Temp
[2013/09/28 18:43:55 | 000,000,000 | ---D | C] -- C:\Users\Jeroen\AppData\Roaming\AnvSoft
[2013/09/09 23:37:30 | 000,000,000 | ---D | C] -- C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\qBittorrent

========== Files - Modified Within 30 Days ==========

[2013/10/02 00:36:48 | 000,001,562 | ---- | M] () -- C:\Users\Jeroen\Desktop\Win 32. Trojan . Start Page Removal Tool.lnk
[2013/10/02 00:35:41 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/10/02 00:35:41 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/10/02 00:35:12 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/10/02 00:02:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1373606181-4020985590-2128576585-1000UA.job
[2013/10/01 23:52:17 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/01 23:52:12 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/01 23:32:45 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/01 23:32:45 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/01 23:30:22 | 000,793,234 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/01 23:30:22 | 000,669,432 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/01 23:30:22 | 000,125,514 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/01 23:24:31 | 000,032,512 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/10/01 23:24:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/01 23:24:24 | 3206,160,384 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/01 23:23:04 | 000,000,019 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/10/01 23:22:49 | 000,001,322 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013/10/01 23:18:40 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/10/01 22:40:21 | 000,058,345 | ---- | M] () -- C:\Users\Jeroen\Desktop\Remove Trojan.StartPage virus (Removal Guide).htm
[2013/10/01 22:38:20 | 001,045,226 | ---- | M] () -- C:\Users\Jeroen\Desktop\adwcleaner.exe
[2013/10/01 21:02:02 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1373606181-4020985590-2128576585-1000Core.job
[2013/10/01 20:10:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeroen\Desktop\OTL.exe
[2013/10/01 03:12:56 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.hitmanpro
[2013/09/29 18:46:41 | 002,311,548 | --S- | M] () -- C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jeroen.exe
[2013/09/28 18:51:23 | 002,063,673 | ---- | M] () -- C:\Users\Jeroen\Desktop\White Lies - Death (Official Video).mp3
[2013/09/28 18:50:22 | 001,883,115 | ---- | M] () -- C:\Users\Jeroen\Desktop\Editors - Papillon.mp3
[2013/09/28 18:49:56 | 001,928,672 | ---- | M] () -- C:\Users\Jeroen\Desktop\Placebo - Taste In Men.mp3
[2013/09/28 18:48:48 | 002,159,804 | ---- | M] () -- C:\Users\Jeroen\Desktop\The Sound - Total Recall.mp3
[2013/09/11 22:45:30 | 005,107,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/10/02 00:36:48 | 000,001,562 | ---- | C] () -- C:\Users\Jeroen\Desktop\Win 32. Trojan . Start Page Removal Tool.lnk
[2013/10/01 23:24:31 | 000,032,512 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/10/01 23:22:49 | 000,001,322 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013/10/01 23:09:56 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/10/01 22:40:20 | 000,058,345 | ---- | C] () -- C:\Users\Jeroen\Desktop\Remove Trojan.StartPage virus (Removal Guide).htm
[2013/10/01 22:37:56 | 001,045,226 | ---- | C] () -- C:\Users\Jeroen\Desktop\adwcleaner.exe
[2013/09/30 03:07:00 | 002,311,548 | --S- | C] () -- C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jeroen.exe
[2013/09/28 18:48:29 | 002,063,673 | ---- | C] () -- C:\Users\Jeroen\Desktop\White Lies - Death (Official Video).mp3
[2013/09/28 18:47:46 | 001,883,115 | ---- | C] () -- C:\Users\Jeroen\Desktop\Editors - Papillon.mp3
[2013/09/28 18:47:14 | 001,928,672 | ---- | C] () -- C:\Users\Jeroen\Desktop\Placebo - Taste In Men.mp3
[2013/09/28 18:45:44 | 002,159,804 | ---- | C] () -- C:\Users\Jeroen\Desktop\The Sound - Total Recall.mp3
[2013/08/27 01:28:54 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2013/08/19 14:39:01 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/07/22 19:51:20 | 000,000,132 | ---- | C] () -- C:\Users\Jeroen\AppData\Roaming\Adobe Targa Format CS6 Prefs
[2013/07/20 20:01:29 | 000,007,962 | ---- | C] () -- C:\Users\Jeroen\bla_transfert_av.png
[2013/06/28 03:54:15 | 000,920,247 | ---- | C] () -- C:\Users\Jeroen\AppData\Local\census.cache
[2013/06/28 03:52:35 | 000,123,343 | ---- | C] () -- C:\Users\Jeroen\AppData\Local\ars.cache
[2013/06/28 03:35:12 | 000,000,036 | ---- | C] () -- C:\Users\Jeroen\AppData\Local\housecall.guid.cache
[2013/06/24 21:19:07 | 000,000,350 | ---- | C] () -- C:\Users\Jeroen\openvpn-connect.json
[2013/05/27 19:24:59 | 000,004,974 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2013/05/08 20:57:45 | 013,545,472 | ---- | C] () -- C:\Windows\SysWow64\SSL X-Verb Stereo.dll
[2013/05/08 20:57:45 | 006,569,984 | ---- | C] () -- C:\Windows\SysWow64\SSL X-Eq Stereo.dll
[2013/05/08 20:57:45 | 006,569,984 | ---- | C] () -- C:\Windows\SysWow64\SSL X-Eq Mono.dll
[2013/05/08 20:57:44 | 006,217,728 | ---- | C] () -- C:\Windows\SysWow64\SSL X-Comp Stereo.dll
[2013/05/08 20:57:44 | 006,217,728 | ---- | C] () -- C:\Windows\SysWow64\SSL X-Comp Mono.dll
[2013/05/08 20:57:44 | 005,787,648 | ---- | C] () -- C:\Windows\SysWow64\SSL Drumstrip Stereo.dll
[2013/05/08 20:57:44 | 005,783,552 | ---- | C] () -- C:\Windows\SysWow64\SSL Drumstrip Mono.dll
[2013/05/08 20:57:44 | 005,079,040 | ---- | C] () -- C:\Windows\SysWow64\SSL Vocalstrip Stereo.dll
[2013/05/08 20:57:44 | 005,074,944 | ---- | C] () -- C:\Windows\SysWow64\SSL Vocalstrip Mono.dll
[2013/05/08 20:57:43 | 015,695,872 | ---- | C] () -- C:\Windows\SysWow64\SSL Channel Stereo.dll
[2013/05/08 20:57:43 | 015,687,680 | ---- | C] () -- C:\Windows\SysWow64\SSL Channel Mono.dll
[2013/05/08 20:57:42 | 007,122,944 | ---- | C] () -- C:\Windows\SysWow64\SSL Bus Compressor Stereo.dll
[2013/05/08 20:57:42 | 007,122,944 | ---- | C] () -- C:\Windows\SysWow64\SSL Bus Compressor Mono.dll
[2013/05/08 20:57:42 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\FxShared.dll
[2013/05/08 20:57:42 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\com.fxpansion.fxshared.dll
[2013/05/08 18:42:30 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ArtFfct.dll
[2013/05/08 18:26:35 | 005,204,992 | ---- | C] () -- C:\Windows\SysWow64\PSP MicroComp.dll
[2013/05/08 18:26:34 | 004,583,424 | ---- | C] () -- C:\Windows\SysWow64\PSP MasterComp.dll
[2013/04/01 23:43:52 | 000,004,104 | ---- | C] () -- C:\ProgramData\ojobkspa.ako
[2013/02/21 03:45:22 | 000,000,132 | ---- | C] () -- C:\Users\Jeroen\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/11/08 16:40:42 | 000,000,032 | ---- | C] () -- C:\Windows\GearBox.ini
[2012/10/31 21:06:34 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2012/10/31 21:05:26 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2012/10/31 21:05:26 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2012/10/17 16:11:38 | 000,000,132 | ---- | C] () -- C:\Users\Jeroen\AppData\Roaming\Adobe GIF Format CS6 Prefs
[2012/07/03 16:06:43 | 000,011,264 | ---- | C] () -- C:\Users\Jeroen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/01 19:36:35 | 000,786,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/21 18:49:42 | 002,580,552 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/06/21 14:26:08 | 000,290,184 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/06/21 14:26:07 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/06/19 11:42:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/07 16:22:00 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2012/01/07 16:21:50 | 006,366,094 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-53.dll
[2012/01/07 16:21:50 | 001,007,151 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-53.dll
[2012/01/07 16:21:50 | 000,354,979 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2012/01/07 16:21:50 | 000,203,306 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll
[2012/01/07 16:21:50 | 000,138,727 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-2.dll
[2011/12/19 08:29:40 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/19 08:27:16 | 000,236,544 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/28 19:22:08 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\.ACEStream
[2013/05/02 20:25:38 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\.Torrent Stream
[2013/08/17 17:00:55 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\ACEStream
[2013/10/02 00:40:14 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Anvisoft
[2013/09/28 18:44:24 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\AnvSoft
[2013/05/08 19:05:35 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Arturia
[2013/08/27 01:24:36 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Atari
[2013/05/27 14:43:10 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Carambis
[2013/07/23 15:22:09 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/05/30 03:42:37 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\CorsixTH
[2012/06/20 13:19:53 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\DAEMON Tools Pro
[2012/10/07 17:46:54 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Downloaded Installations
[2013/10/01 23:25:01 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Dropbox
[2013/02/19 21:29:59 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Electronic Arts
[2012/09/21 16:44:42 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Evaer
[2013/08/21 17:59:57 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\FileZilla
[2012/10/31 02:59:35 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\IMCapture for Skype
[2013/09/30 15:54:41 | 000,000,000 | -HSD | M] -- C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN
[2013/08/27 01:28:55 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Leadertech
[2012/11/08 18:17:45 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Line 6
[2012/11/02 21:39:01 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\MOVAVI
[2013/08/02 23:57:22 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Origin
[2012/11/10 19:15:46 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\PowerISO
[2013/08/08 01:49:51 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Pro Cycling Manager 2013
[2012/06/21 14:26:06 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\PunkBuster
[2013/02/02 20:05:04 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\qBittorrent
[2013/01/07 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Sports Interactive
[2013/09/28 18:54:22 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Spotify
[2013/08/12 22:40:53 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/11/10 20:07:48 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Steinberg
[2012/06/29 21:15:07 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\SWiSH Max4
[2013/06/12 21:35:46 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\TomTom
[2013/09/16 04:00:51 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\TS3Client
[2012/12/12 17:30:41 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\uTorrent
[2012/11/13 21:55:03 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\VST3 Presets
[2013/05/08 19:06:23 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Waldorf

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/14 03:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 07:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 03:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/21 05:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/21 05:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 03:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 03:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/05 00:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 07:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/21 05:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/21 05:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 05:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 08:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 03:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 03:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 03:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/21 05:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/14 03:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 03:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 03:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 03:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 03:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 19:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 03:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 13:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 08:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 03:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/21 05:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/21 05:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/21 05:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/14 03:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/21 05:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/21 05:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/21 05:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/21 05:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/21 05:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/21 05:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 07:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/21 05:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/21 05:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/21 05:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/21 05:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/21 05:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/21 05:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/21 05:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/21 05:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/21 05:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 03:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/03 00:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/21 05:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 03:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/21 05:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 23:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CNF >
[2013/08/19 14:41:14 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\Jeroen\Documents\My Web Sites\_vti_pvt\services.cnf

< MD5 for: SERVICES.DAT >
[2013/09/27 09:26:22 | 000,002,876 | ---- | M] () MD5=9B75D345C253663B133A4EE3169B9FEA -- C:\Users\Jeroen\AppData\Local\Temp\jrt\services.dat

< MD5 for: SERVICES.EXE >
[2013/06/23 18:17:55 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2011/04/12 10:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2011/04/12 10:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2011/04/12 10:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2011/04/12 10:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2011/04/12 10:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2011/04/12 10:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< End of report >


Extras

OTL logfile created on: 10/2/2013 00:42:02 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jeroen\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.98 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 42.77% Memory free
7.96 Gb Paging File | 5.11 Gb Available in Paging File | 64.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1014.47 Gb Free Space | 54.46% Space Free | Partition Type: NTFS
Drive E: | 3.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 7.64 Gb Total Space | 4.26 Gb Free Space | 55.75% Space Free | Partition Type: FAT32

Computer Name: JRNGRNDLMN | User Name: Jeroen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/01 20:10:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeroen\Desktop\OTL.exe
PRC - [2013/10/01 01:42:49 | 003,551,576 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2013/09/30 15:54:43 | 001,209,832 | -HS- | M] () -- C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\Jeroen.exe
PRC - [2013/09/28 18:49:08 | 001,140,736 | ---- | M] (Spotify Ltd) -- C:\Users\Jeroen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/09/20 10:57:08 | 000,064,008 | ---- | M] (Google) -- C:\Users\Jeroen\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/07/15 15:30:44 | 005,582,776 | ---- | M] (Security Stronghold) -- C:\Program Files (x86)\Win 32. Trojan . Start Page Removal Tool\Win32.Trojan.StartPageRemovalTool.exe
PRC - [2013/07/12 23:47:20 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/05/25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jeroen\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/07 01:17:21 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/06/28 17:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2012/01/03 13:34:20 | 000,138,768 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
PRC - [2012/01/03 13:34:16 | 000,502,288 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
PRC - [2011/08/17 09:28:14 | 003,120,448 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2011/07/06 07:15:26 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/07/06 07:15:20 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/06/24 11:57:04 | 000,136,704 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2007/06/18 16:10:00 | 000,061,440 | ---- | M] (Philips) -- C:\Windows\VPro620.exe
PRC - [2004/12/14 02:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/01 01:42:52 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Origin\tufao.dll
MOD - [2013/09/30 15:54:43 | 001,209,832 | -HS- | M] () -- C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\Jeroen.exe
MOD - [2013/09/30 15:54:37 | 000,279,955 | -HS- | M] () -- C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\libidn-11.dll
MOD - [2013/09/30 15:54:37 | 000,148,760 | -HS- | M] () -- C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\libpdcurses.dll
MOD - [2013/09/30 15:54:37 | 000,084,992 | -HS- | M] () -- C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\zlib1.dll
MOD - [2013/09/25 16:44:32 | 000,283,032 | ---- | M] () -- C:\Program Files (x86)\Battlelog Web Plugins\launcher-119.dll
MOD - [2013/09/17 05:21:27 | 000,410,576 | ---- | M] () -- C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppgooglenaclpluginchrome.dll
MOD - [2013/09/17 05:21:25 | 004,053,456 | ---- | M] () -- C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll
MOD - [2013/09/17 05:20:34 | 000,709,584 | ---- | M] () -- C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\29.0.1547.76\libglesv2.dll
MOD - [2013/09/17 05:20:33 | 000,099,792 | ---- | M] () -- C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\29.0.1547.76\libegl.dll
MOD - [2013/09/17 05:20:31 | 001,604,560 | ---- | M] () -- C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll
MOD - [2013/03/13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Jeroen\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/11/29 23:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2012/11/14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Jeroen\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/09/28 03:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/11/11 12:08:32 | 000,126,520 | R--- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/07 01:17:21 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/01/03 13:34:20 | 000,138,768 | ---- | M] (MSI) [Auto | Running] -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe -- (MSI_SuperCharger)
SRV - [2011/07/06 07:15:26 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/07/06 07:15:20 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/24 11:57:04 | 000,136,704 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/01 23:24:31 | 000,032,512 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/31 11:50:58 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/26 13:05:52 | 000,121,224 | ---- | M] (e2eSoft) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VCam_WDM.sys -- (VCam_WDM)
DRV:64bit: - [2012/11/15 03:38:20 | 000,040,712 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/10/11 05:08:38 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/09/28 04:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/28 03:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/09/25 11:52:10 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/20 13:08:21 | 000,271,424 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/05/14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/26 22:00:16 | 000,772,224 | ---- | M] (Line 6) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L6TPortA64.sys -- (L6TPortA)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/29 11:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/19 00:46:06 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2011/05/19 17:29:28 | 000,334,400 | ---- | M] (ShiningMorning Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdevice.sys -- (mcdevice)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 16:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/03/04 16:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/03/02 17:58:58 | 000,036,448 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2010/11/21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/10/20 17:20:36 | 000,114,608 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\phaudlwr.sys -- (phaudlwr)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/09/28 16:12:04 | 000,008,192 | ---- | M] (Philips ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC620m.sys -- (SPC620m)
DRV:64bit: - [2007/09/28 16:12:02 | 000,581,120 | ---- | M] (Philips ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC620.sys -- (SPC620)
DRV:64bit: - [2005/09/23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2011/12/12 13:45:08 | 000,017,936 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys -- (ipadtst)
DRV - [2010/01/18 10:36:44 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys -- (NTIOLib_1_0_3)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?r...cid=iehp&tc=120
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0B 00 D7 75 31 2A CE 01 [binary data]
IE - HKCU\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: {7bf3f322-c1a4-4654-b9b0-e0ddf67d86c2}:0.8
FF - prefs.js..extensions.enabledAddons: {f8d46537-88fa-41cd-9f4f-a47ba0346190}:1.5
FF - prefs.js..extensions.enabledAddons: gmailwatcher@sonthakit:1.56
FF - prefs.js..network.proxy.type:
FF - prefs.js..browser.startup.homepage: "http://startpage.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://startpage.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://startpage.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://startpage.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://startpage.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://startpage.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://startpage.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://startpage.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://startpage.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=2.1.5.3: C:\Users\Jeroen\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jeroen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Jeroen\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Jeroen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jeroen\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jeroen\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Jeroen\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]

[2013/06/12 21:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeroen\AppData\Roaming\Mozilla\Extensions
[2013/06/12 21:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeroen\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/02/02 20:28:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\9i3vucai.default\extensions
[2012/07/29 13:52:27 | 000,000,000 | ---D | M] (Facebook Touch Panel) -- C:\Users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\9i3vucai.default\extensions\{7bf3f322-c1a4-4654-b9b0-e0ddf67d86c2}
[2012/07/18 03:30:51 | 000,000,000 | ---D | M] (Youtube Just The Video) -- C:\Users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\9i3vucai.default\extensions\{f8d46537-88fa-41cd-9f4f-a47ba0346190}
[2012/09/07 23:47:14 | 000,221,699 | ---- | M] () (No name found) -- C:\Users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\9i3vucai.default\extensions\[email protected]
[2012/08/30 19:39:23 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\9i3vucai.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/10/01 23:24:59 | 000,001,907 | ---- | M] () -- C:\Users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\9i3vucai.default\searchplugins\google.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Downloader Detector (Enabled) = C:\Program Files (x86)\Downloader\npdd.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jeroen\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Ace Stream P2P Multimedia Plug-in (Enabled) = C:\Users\Jeroen\AppData\Roaming\ACEStream\player\npace_plugin.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Jeroen\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Jeroen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Jeroen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Jeroen\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Chrome In-App Payments service = C:\Users\Jeroen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Jeroen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2013/10/01 23:23:04 | 000,000,019 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (MSI)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Google Update] File not found
O4 - HKCU..\Run: [JRNGRNDLMN] C:\Users\Jeroen\AppData\Roaming\drive.exe File not found
O4 - HKCU..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O4 - HKCU..\Run: [Spotify Web Helper] File not found
O4 - HKLM..\RunOnce\Setup: [Registering MS MPEG4 ActiveX filter...] C:\Windows\SysWOW64\MPG4ds32.ax (Microcrap Corporation)
O4 - Startup: C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jeroen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jeroen.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 5.104.112.68 5.104.112.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B27B7D5B-AEE9-41D7-B80E-63058F2CA631}: DhcpNameServer = 5.104.112.68 5.104.112.69
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/20 11:40:56 | 000,000,151 | ---- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{1a72ee99-2300-11e2-92a0-8c89a5c2a07b}\Shell - "" = AutoRun
O33 - MountPoints2\{1a72ee99-2300-11e2-92a0-8c89a5c2a07b}\Shell\AutoRun\command - "" = G:\SISetup.exe
O33 - MountPoints2\{5e7c6cb5-bb3e-11e1-9cf2-8c89a5c2a07b}\Shell - "" = AutoRun
O33 - MountPoints2\{5e7c6cb5-bb3e-11e1-9cf2-8c89a5c2a07b}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{70238de9-bac4-11e1-8458-8c89a5c2a07b}\Shell - "" = AutoRun
O33 - MountPoints2\{70238de9-bac4-11e1-8458-8c89a5c2a07b}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/10/02 00:36:48 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2013/10/02 00:36:48 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2013/10/02 00:36:48 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
[2013/10/02 00:36:48 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2013/10/02 00:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win 32. Trojan . Start Page Removal Tool
[2013/10/02 00:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Win 32. Trojan . Start Page Removal Tool
[2013/10/02 00:15:26 | 000,000,000 | ---D | C] -- C:\Users\Jeroen\AppData\Roaming\Anvisoft
[2013/10/02 00:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2013/10/02 00:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2013/10/02 00:14:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2013/10/01 23:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/10/01 23:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/01 23:03:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/01 23:03:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/01 22:54:29 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/01 22:40:21 | 000,000,000 | ---D | C] -- C:\Users\Jeroen\Desktop\Remove Trojan.StartPage virus (Removal Guide)_files
[2013/10/01 20:10:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jeroen\Desktop\OTL.exe
[2013/10/01 02:33:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/30 15:54:37 | 000,000,000 | -HSD | C] -- C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN
[2013/09/28 18:43:55 | 000,000,000 | ---D | C] -- C:\Users\Jeroen\Documents\Temp
[2013/09/28 18:43:55 | 000,000,000 | ---D | C] -- C:\Users\Jeroen\AppData\Roaming\AnvSoft
[2013/09/09 23:37:30 | 000,000,000 | ---D | C] -- C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\qBittorrent

========== Files - Modified Within 30 Days ==========

[2013/10/02 00:36:48 | 000,001,562 | ---- | M] () -- C:\Users\Jeroen\Desktop\Win 32. Trojan . Start Page Removal Tool.lnk
[2013/10/02 00:35:41 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/10/02 00:35:41 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/10/02 00:35:12 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/10/02 00:02:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1373606181-4020985590-2128576585-1000UA.job
[2013/10/01 23:52:17 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/01 23:52:12 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/01 23:32:45 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/01 23:32:45 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/01 23:30:22 | 000,793,234 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/01 23:30:22 | 000,669,432 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/01 23:30:22 | 000,125,514 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/01 23:24:31 | 000,032,512 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/10/01 23:24:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/01 23:24:24 | 3206,160,384 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/01 23:23:04 | 000,000,019 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/10/01 23:22:49 | 000,001,322 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013/10/01 23:18:40 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/10/01 22:40:21 | 000,058,345 | ---- | M] () -- C:\Users\Jeroen\Desktop\Remove Trojan.StartPage virus (Removal Guide).htm
[2013/10/01 22:38:20 | 001,045,226 | ---- | M] () -- C:\Users\Jeroen\Desktop\adwcleaner.exe
[2013/10/01 21:02:02 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1373606181-4020985590-2128576585-1000Core.job
[2013/10/01 20:10:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeroen\Desktop\OTL.exe
[2013/10/01 03:12:56 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.hitmanpro
[2013/09/29 18:46:41 | 002,311,548 | --S- | M] () -- C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jeroen.exe
[2013/09/28 18:51:23 | 002,063,673 | ---- | M] () -- C:\Users\Jeroen\Desktop\White Lies - Death (Official Video).mp3
[2013/09/28 18:50:22 | 001,883,115 | ---- | M] () -- C:\Users\Jeroen\Desktop\Editors - Papillon.mp3
[2013/09/28 18:49:56 | 001,928,672 | ---- | M] () -- C:\Users\Jeroen\Desktop\Placebo - Taste In Men.mp3
[2013/09/28 18:48:48 | 002,159,804 | ---- | M] () -- C:\Users\Jeroen\Desktop\The Sound - Total Recall.mp3
[2013/09/11 22:45:30 | 005,107,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/10/02 00:36:48 | 000,001,562 | ---- | C] () -- C:\Users\Jeroen\Desktop\Win 32. Trojan . Start Page Removal Tool.lnk
[2013/10/01 23:24:31 | 000,032,512 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/10/01 23:22:49 | 000,001,322 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013/10/01 23:09:56 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/10/01 22:40:20 | 000,058,345 | ---- | C] () -- C:\Users\Jeroen\Desktop\Remove Trojan.StartPage virus (Removal Guide).htm
[2013/10/01 22:37:56 | 001,045,226 | ---- | C] () -- C:\Users\Jeroen\Desktop\adwcleaner.exe
[2013/09/30 03:07:00 | 002,311,548 | --S- | C] () -- C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jeroen.exe
[2013/09/28 18:48:29 | 002,063,673 | ---- | C] () -- C:\Users\Jeroen\Desktop\White Lies - Death (Official Video).mp3
[2013/09/28 18:47:46 | 001,883,115 | ---- | C] () -- C:\Users\Jeroen\Desktop\Editors - Papillon.mp3
[2013/09/28 18:47:14 | 001,928,672 | ---- | C] () -- C:\Users\Jeroen\Desktop\Placebo - Taste In Men.mp3
[2013/09/28 18:45:44 | 002,159,804 | ---- | C] () -- C:\Users\Jeroen\Desktop\The Sound - Total Recall.mp3
[2013/08/27 01:28:54 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2013/08/19 14:39:01 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/07/22 19:51:20 | 000,000,132 | ---- | C] () -- C:\Users\Jeroen\AppData\Roaming\Adobe Targa Format CS6 Prefs
[2013/07/20 20:01:29 | 000,007,962 | ---- | C] () -- C:\Users\Jeroen\bla_transfert_av.png
[2013/06/28 03:54:15 | 000,920,247 | ---- | C] () -- C:\Users\Jeroen\AppData\Local\census.cache
[2013/06/28 03:52:35 | 000,123,343 | ---- | C] () -- C:\Users\Jeroen\AppData\Local\ars.cache
[2013/06/28 03:35:12 | 000,000,036 | ---- | C] () -- C:\Users\Jeroen\AppData\Local\housecall.guid.cache
[2013/06/24 21:19:07 | 000,000,350 | ---- | C] () -- C:\Users\Jeroen\openvpn-connect.json
[2013/05/27 19:24:59 | 000,004,974 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2013/05/08 20:57:45 | 013,545,472 | ---- | C] () -- C:\Windows\SysWow64\SSL X-Verb Stereo.dll
[2013/05/08 20:57:45 | 006,569,984 | ---- | C] () -- C:\Windows\SysWow64\SSL X-Eq Stereo.dll
[2013/05/08 20:57:45 | 006,569,984 | ---- | C] () -- C:\Windows\SysWow64\SSL X-Eq Mono.dll
[2013/05/08 20:57:44 | 006,217,728 | ---- | C] () -- C:\Windows\SysWow64\SSL X-Comp Stereo.dll
[2013/05/08 20:57:44 | 006,217,728 | ---- | C] () -- C:\Windows\SysWow64\SSL X-Comp Mono.dll
[2013/05/08 20:57:44 | 005,787,648 | ---- | C] () -- C:\Windows\SysWow64\SSL Drumstrip Stereo.dll
[2013/05/08 20:57:44 | 005,783,552 | ---- | C] () -- C:\Windows\SysWow64\SSL Drumstrip Mono.dll
[2013/05/08 20:57:44 | 005,079,040 | ---- | C] () -- C:\Windows\SysWow64\SSL Vocalstrip Stereo.dll
[2013/05/08 20:57:44 | 005,074,944 | ---- | C] () -- C:\Windows\SysWow64\SSL Vocalstrip Mono.dll
[2013/05/08 20:57:43 | 015,695,872 | ---- | C] () -- C:\Windows\SysWow64\SSL Channel Stereo.dll
[2013/05/08 20:57:43 | 015,687,680 | ---- | C] () -- C:\Windows\SysWow64\SSL Channel Mono.dll
[2013/05/08 20:57:42 | 007,122,944 | ---- | C] () -- C:\Windows\SysWow64\SSL Bus Compressor Stereo.dll
[2013/05/08 20:57:42 | 007,122,944 | ---- | C] () -- C:\Windows\SysWow64\SSL Bus Compressor Mono.dll
[2013/05/08 20:57:42 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\FxShared.dll
[2013/05/08 20:57:42 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\com.fxpansion.fxshared.dll
[2013/05/08 18:42:30 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ArtFfct.dll
[2013/05/08 18:26:35 | 005,204,992 | ---- | C] () -- C:\Windows\SysWow64\PSP MicroComp.dll
[2013/05/08 18:26:34 | 004,583,424 | ---- | C] () -- C:\Windows\SysWow64\PSP MasterComp.dll
[2013/04/01 23:43:52 | 000,004,104 | ---- | C] () -- C:\ProgramData\ojobkspa.ako
[2013/02/21 03:45:22 | 000,000,132 | ---- | C] () -- C:\Users\Jeroen\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/11/08 16:40:42 | 000,000,032 | ---- | C] () -- C:\Windows\GearBox.ini
[2012/10/31 21:06:34 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2012/10/31 21:05:26 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2012/10/31 21:05:26 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2012/10/17 16:11:38 | 000,000,132 | ---- | C] () -- C:\Users\Jeroen\AppData\Roaming\Adobe GIF Format CS6 Prefs
[2012/07/03 16:06:43 | 000,011,264 | ---- | C] () -- C:\Users\Jeroen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/01 19:36:35 | 000,786,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/21 18:49:42 | 002,580,552 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/06/21 14:26:08 | 000,290,184 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/06/21 14:26:07 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/06/19 11:42:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/07 16:22:00 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2012/01/07 16:21:50 | 006,366,094 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-53.dll
[2012/01/07 16:21:50 | 001,007,151 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-53.dll
[2012/01/07 16:21:50 | 000,354,979 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2012/01/07 16:21:50 | 000,203,306 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll
[2012/01/07 16:21:50 | 000,138,727 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-2.dll
[2011/12/19 08:29:40 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/19 08:27:16 | 000,236,544 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/28 19:22:08 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\.ACEStream
[2013/05/02 20:25:38 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\.Torrent Stream
[2013/08/17 17:00:55 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\ACEStream
[2013/10/02 00:40:14 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Anvisoft
[2013/09/28 18:44:24 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\AnvSoft
[2013/05/08 19:05:35 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Arturia
[2013/08/27 01:24:36 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Atari
[2013/05/27 14:43:10 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Carambis
[2013/07/23 15:22:09 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/05/30 03:42:37 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\CorsixTH
[2012/06/20 13:19:53 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\DAEMON Tools Pro
[2012/10/07 17:46:54 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Downloaded Installations
[2013/10/01 23:25:01 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Dropbox
[2013/02/19 21:29:59 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Electronic Arts
[2012/09/21 16:44:42 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Evaer
[2013/08/21 17:59:57 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\FileZilla
[2012/10/31 02:59:35 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\IMCapture for Skype
[2013/09/30 15:54:41 | 000,000,000 | -HSD | M] -- C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN
[2013/08/27 01:28:55 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Leadertech
[2012/11/08 18:17:45 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Line 6
[2012/11/02 21:39:01 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\MOVAVI
[2013/08/02 23:57:22 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Origin
[2012/11/10 19:15:46 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\PowerISO
[2013/08/08 01:49:51 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Pro Cycling Manager 2013
[2012/06/21 14:26:06 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\PunkBuster
[2013/02/02 20:05:04 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\qBittorrent
[2013/01/07 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Sports Interactive
[2013/09/28 18:54:22 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Spotify
[2013/08/12 22:40:53 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/11/10 20:07:48 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Steinberg
[2012/06/29 21:15:07 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\SWiSH Max4
[2013/06/12 21:35:46 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\TomTom
[2013/09/16 04:00:51 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\TS3Client
[2012/12/12 17:30:41 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\uTorrent
[2012/11/13 21:55:03 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\VST3 Presets
[2013/05/08 19:06:23 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Waldorf

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/14 03:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 07:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 03:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/21 05:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/21 05:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 03:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 03:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/05 00:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 07:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/21 05:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/21 05:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 05:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 08:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 03:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 03:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 03:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/21 05:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/14 03:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 03:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 03:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 03:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 03:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 19:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 03:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 13:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 08:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 03:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/21 05:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/21 05:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/21 05:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/14 03:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/21 05:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/21 05:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/21 05:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/21 05:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/21 05:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/21 05:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 07:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/21 05:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/21 05:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/21 05:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/21 05:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/21 05:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/21 05:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/21 05:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/21 05:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/21 05:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 03:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/03 00:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/21 05:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 03:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/21 05:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 23:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CNF >
[2013/08/19 14:41:14 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\Jeroen\Documents\My Web Sites\_vti_pvt\services.cnf

< MD5 for: SERVICES.DAT >
[2013/09/27 09:26:22 | 000,002,876 | ---- | M] () MD5=9B75D345C253663B133A4EE3169B9FEA -- C:\Users\Jeroen\AppData\Local\Temp\jrt\services.dat

< MD5 for: SERVICES.EXE >
[2013/06/23 18:17:55 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2011/04/12 10:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2011/04/12 10:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2011/04/12 10:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2011/04/12 10:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2011/04/12 10:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2011/04/12 10:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< End of report >


  • 0

#7
Valinorum
Posted 02 October 2013 - 07:15 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
HI, :)

Hope you are doing okay.

You posted the OTL.txt again instead of Extras.txt in the extras part. Please post the Extras.txt log too for my viewing pleasure. Also please post them without the 'quote'/'code' boxes. Post them as a normal reply. I will instruct you a necessary fix soon.

Regards,
Valinorum
  • 0

#8
Valinorum
Posted 02 October 2013 - 07:17 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
I forgot to ask. The log shows that you have run the OTL four times. Was there any reason behind that?
  • 0

#9
jrngrndlmn
Posted 02 October 2013 - 11:41 AM

jrngrndlmn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi,

Thanks. Yes I ran it a couple of times because at first i didn't get an Extras-log. So I guessed I made a mistake and tried again.

Here are both logs :)

OTL LOG
OTL logfile created on: 10/2/2013 00:42:02 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jeroen\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.98 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 42.77% Memory free
7.96 Gb Paging File | 5.11 Gb Available in Paging File | 64.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1014.47 Gb Free Space | 54.46% Space Free | Partition Type: NTFS
Drive E: | 3.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 7.64 Gb Total Space | 4.26 Gb Free Space | 55.75% Space Free | Partition Type: FAT32

Computer Name: JRNGRNDLMN | User Name: Jeroen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/01 20:10:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeroen\Desktop\OTL.exe
PRC - [2013/10/01 01:42:49 | 003,551,576 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2013/09/30 15:54:43 | 001,209,832 | -HS- | M] () -- C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\Jeroen.exe
PRC - [2013/09/28 18:49:08 | 001,140,736 | ---- | M] (Spotify Ltd) -- C:\Users\Jeroen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/09/20 10:57:08 | 000,064,008 | ---- | M] (Google) -- C:\Users\Jeroen\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/07/15 15:30:44 | 005,582,776 | ---- | M] (Security Stronghold) -- C:\Program Files (x86)\Win 32. Trojan . Start Page Removal Tool\Win32.Trojan.StartPageRemovalTool.exe
PRC - [2013/07/12 23:47:20 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/05/25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jeroen\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/07 01:17:21 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/06/28 17:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2012/01/03 13:34:20 | 000,138,768 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
PRC - [2012/01/03 13:34:16 | 000,502,288 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
PRC - [2011/08/17 09:28:14 | 003,120,448 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2011/07/06 07:15:26 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/07/06 07:15:20 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/06/24 11:57:04 | 000,136,704 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2007/06/18 16:10:00 | 000,061,440 | ---- | M] (Philips) -- C:\Windows\VPro620.exe
PRC - [2004/12/14 02:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/01 01:42:52 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Origin\tufao.dll
MOD - [2013/09/30 15:54:43 | 001,209,832 | -HS- | M] () -- C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\Jeroen.exe
MOD - [2013/09/30 15:54:37 | 000,279,955 | -HS- | M] () -- C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\libidn-11.dll
MOD - [2013/09/30 15:54:37 | 000,148,760 | -HS- | M] () -- C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\libpdcurses.dll
MOD - [2013/09/30 15:54:37 | 000,084,992 | -HS- | M] () -- C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\zlib1.dll
MOD - [2013/09/25 16:44:32 | 000,283,032 | ---- | M] () -- C:\Program Files (x86)\Battlelog Web Plugins\launcher-119.dll
MOD - [2013/09/17 05:21:27 | 000,410,576 | ---- | M] () -- C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppgooglenaclpluginchrome.dll
MOD - [2013/09/17 05:21:25 | 004,053,456 | ---- | M] () -- C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll
MOD - [2013/09/17 05:20:34 | 000,709,584 | ---- | M] () -- C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\29.0.1547.76\libglesv2.dll
MOD - [2013/09/17 05:20:33 | 000,099,792 | ---- | M] () -- C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\29.0.1547.76\libegl.dll
MOD - [2013/09/17 05:20:31 | 001,604,560 | ---- | M] () -- C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll
MOD - [2013/03/13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Jeroen\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/11/29 23:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2012/11/14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Jeroen\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/09/28 03:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/11/11 12:08:32 | 000,126,520 | R--- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/07 01:17:21 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/01/03 13:34:20 | 000,138,768 | ---- | M] (MSI) [Auto | Running] -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe -- (MSI_SuperCharger)
SRV - [2011/07/06 07:15:26 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/07/06 07:15:20 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/24 11:57:04 | 000,136,704 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/01 23:24:31 | 000,032,512 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/31 11:50:58 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/26 13:05:52 | 000,121,224 | ---- | M] (e2eSoft) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VCam_WDM.sys -- (VCam_WDM)
DRV:64bit: - [2012/11/15 03:38:20 | 000,040,712 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/10/11 05:08:38 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/09/28 04:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/28 03:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/09/25 11:52:10 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/20 13:08:21 | 000,271,424 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/05/14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/26 22:00:16 | 000,772,224 | ---- | M] (Line 6) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L6TPortA64.sys -- (L6TPortA)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/29 11:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/19 00:46:06 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2011/05/19 17:29:28 | 000,334,400 | ---- | M] (ShiningMorning Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdevice.sys -- (mcdevice)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 16:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/03/04 16:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/03/02 17:58:58 | 000,036,448 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2010/11/21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/10/20 17:20:36 | 000,114,608 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\phaudlwr.sys -- (phaudlwr)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/09/28 16:12:04 | 000,008,192 | ---- | M] (Philips ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC620m.sys -- (SPC620m)
DRV:64bit: - [2007/09/28 16:12:02 | 000,581,120 | ---- | M] (Philips ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC620.sys -- (SPC620)
DRV:64bit: - [2005/09/23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2011/12/12 13:45:08 | 000,017,936 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys -- (ipadtst)
DRV - [2010/01/18 10:36:44 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys -- (NTIOLib_1_0_3)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?r...cid=iehp&tc=120
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0B 00 D7 75 31 2A CE 01 [binary data]
IE - HKCU\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: {7bf3f322-c1a4-4654-b9b0-e0ddf67d86c2}:0.8
FF - prefs.js..extensions.enabledAddons: {f8d46537-88fa-41cd-9f4f-a47ba0346190}:1.5
FF - prefs.js..extensions.enabledAddons: gmailwatcher@sonthakit:1.56
FF - prefs.js..network.proxy.type:
FF - prefs.js..browser.startup.homepage: "http://startpage.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://startpage.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://startpage.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://startpage.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://startpage.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://startpage.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://startpage.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://startpage.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://startpage.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=2.1.5.3: C:\Users\Jeroen\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jeroen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Jeroen\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Jeroen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jeroen\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jeroen\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Jeroen\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]

[2013/06/12 21:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeroen\AppData\Roaming\Mozilla\Extensions
[2013/06/12 21:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeroen\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/02/02 20:28:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\9i3vucai.default\extensions
[2012/07/29 13:52:27 | 000,000,000 | ---D | M] (Facebook Touch Panel) -- C:\Users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\9i3vucai.default\extensions\{7bf3f322-c1a4-4654-b9b0-e0ddf67d86c2}
[2012/07/18 03:30:51 | 000,000,000 | ---D | M] (Youtube Just The Video) -- C:\Users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\9i3vucai.default\extensions\{f8d46537-88fa-41cd-9f4f-a47ba0346190}
[2012/09/07 23:47:14 | 000,221,699 | ---- | M] () (No name found) -- C:\Users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\9i3vucai.default\extensions\[email protected]
[2012/08/30 19:39:23 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\9i3vucai.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/10/01 23:24:59 | 000,001,907 | ---- | M] () -- C:\Users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\9i3vucai.default\searchplugins\google.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Downloader Detector (Enabled) = C:\Program Files (x86)\Downloader\npdd.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jeroen\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Ace Stream P2P Multimedia Plug-in (Enabled) = C:\Users\Jeroen\AppData\Roaming\ACEStream\player\npace_plugin.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Jeroen\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Jeroen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Jeroen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Jeroen\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Chrome In-App Payments service = C:\Users\Jeroen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Jeroen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2013/10/01 23:23:04 | 000,000,019 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (MSI)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Google Update] File not found
O4 - HKCU..\Run: [JRNGRNDLMN] C:\Users\Jeroen\AppData\Roaming\drive.exe File not found
O4 - HKCU..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O4 - HKCU..\Run: [Spotify Web Helper] File not found
O4 - HKLM..\RunOnce\Setup: [Registering MS MPEG4 ActiveX filter...] C:\Windows\SysWOW64\MPG4ds32.ax (Microcrap Corporation)
O4 - Startup: C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jeroen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jeroen.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 5.104.112.68 5.104.112.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B27B7D5B-AEE9-41D7-B80E-63058F2CA631}: DhcpNameServer = 5.104.112.68 5.104.112.69
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/20 11:40:56 | 000,000,151 | ---- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{1a72ee99-2300-11e2-92a0-8c89a5c2a07b}\Shell - "" = AutoRun
O33 - MountPoints2\{1a72ee99-2300-11e2-92a0-8c89a5c2a07b}\Shell\AutoRun\command - "" = G:\SISetup.exe
O33 - MountPoints2\{5e7c6cb5-bb3e-11e1-9cf2-8c89a5c2a07b}\Shell - "" = AutoRun
O33 - MountPoints2\{5e7c6cb5-bb3e-11e1-9cf2-8c89a5c2a07b}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{70238de9-bac4-11e1-8458-8c89a5c2a07b}\Shell - "" = AutoRun
O33 - MountPoints2\{70238de9-bac4-11e1-8458-8c89a5c2a07b}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/10/02 00:36:48 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2013/10/02 00:36:48 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2013/10/02 00:36:48 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
[2013/10/02 00:36:48 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2013/10/02 00:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win 32. Trojan . Start Page Removal Tool
[2013/10/02 00:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Win 32. Trojan . Start Page Removal Tool
[2013/10/02 00:15:26 | 000,000,000 | ---D | C] -- C:\Users\Jeroen\AppData\Roaming\Anvisoft
[2013/10/02 00:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2013/10/02 00:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2013/10/02 00:14:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2013/10/01 23:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/10/01 23:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/01 23:03:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/01 23:03:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/01 22:54:29 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/01 22:40:21 | 000,000,000 | ---D | C] -- C:\Users\Jeroen\Desktop\Remove Trojan.StartPage virus (Removal Guide)_files
[2013/10/01 20:10:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jeroen\Desktop\OTL.exe
[2013/10/01 02:33:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/30 15:54:37 | 000,000,000 | -HSD | C] -- C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN
[2013/09/28 18:43:55 | 000,000,000 | ---D | C] -- C:\Users\Jeroen\Documents\Temp
[2013/09/28 18:43:55 | 000,000,000 | ---D | C] -- C:\Users\Jeroen\AppData\Roaming\AnvSoft
[2013/09/09 23:37:30 | 000,000,000 | ---D | C] -- C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\qBittorrent

========== Files - Modified Within 30 Days ==========

[2013/10/02 00:36:48 | 000,001,562 | ---- | M] () -- C:\Users\Jeroen\Desktop\Win 32. Trojan . Start Page Removal Tool.lnk
[2013/10/02 00:35:41 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/10/02 00:35:41 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/10/02 00:35:12 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/10/02 00:02:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1373606181-4020985590-2128576585-1000UA.job
[2013/10/01 23:52:17 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/01 23:52:12 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/01 23:32:45 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/01 23:32:45 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/01 23:30:22 | 000,793,234 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/01 23:30:22 | 000,669,432 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/01 23:30:22 | 000,125,514 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/01 23:24:31 | 000,032,512 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/10/01 23:24:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/01 23:24:24 | 3206,160,384 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/01 23:23:04 | 000,000,019 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/10/01 23:22:49 | 000,001,322 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013/10/01 23:18:40 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/10/01 22:40:21 | 000,058,345 | ---- | M] () -- C:\Users\Jeroen\Desktop\Remove Trojan.StartPage virus (Removal Guide).htm
[2013/10/01 22:38:20 | 001,045,226 | ---- | M] () -- C:\Users\Jeroen\Desktop\adwcleaner.exe
[2013/10/01 21:02:02 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1373606181-4020985590-2128576585-1000Core.job
[2013/10/01 20:10:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeroen\Desktop\OTL.exe
[2013/10/01 03:12:56 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.hitmanpro
[2013/09/29 18:46:41 | 002,311,548 | --S- | M] () -- C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jeroen.exe
[2013/09/28 18:51:23 | 002,063,673 | ---- | M] () -- C:\Users\Jeroen\Desktop\White Lies - Death (Official Video).mp3
[2013/09/28 18:50:22 | 001,883,115 | ---- | M] () -- C:\Users\Jeroen\Desktop\Editors - Papillon.mp3
[2013/09/28 18:49:56 | 001,928,672 | ---- | M] () -- C:\Users\Jeroen\Desktop\Placebo - Taste In Men.mp3
[2013/09/28 18:48:48 | 002,159,804 | ---- | M] () -- C:\Users\Jeroen\Desktop\The Sound - Total Recall.mp3
[2013/09/11 22:45:30 | 005,107,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/10/02 00:36:48 | 000,001,562 | ---- | C] () -- C:\Users\Jeroen\Desktop\Win 32. Trojan . Start Page Removal Tool.lnk
[2013/10/01 23:24:31 | 000,032,512 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/10/01 23:22:49 | 000,001,322 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013/10/01 23:09:56 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/10/01 22:40:20 | 000,058,345 | ---- | C] () -- C:\Users\Jeroen\Desktop\Remove Trojan.StartPage virus (Removal Guide).htm
[2013/10/01 22:37:56 | 001,045,226 | ---- | C] () -- C:\Users\Jeroen\Desktop\adwcleaner.exe
[2013/09/30 03:07:00 | 002,311,548 | --S- | C] () -- C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jeroen.exe
[2013/09/28 18:48:29 | 002,063,673 | ---- | C] () -- C:\Users\Jeroen\Desktop\White Lies - Death (Official Video).mp3
[2013/09/28 18:47:46 | 001,883,115 | ---- | C] () -- C:\Users\Jeroen\Desktop\Editors - Papillon.mp3
[2013/09/28 18:47:14 | 001,928,672 | ---- | C] () -- C:\Users\Jeroen\Desktop\Placebo - Taste In Men.mp3
[2013/09/28 18:45:44 | 002,159,804 | ---- | C] () -- C:\Users\Jeroen\Desktop\The Sound - Total Recall.mp3
[2013/08/27 01:28:54 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2013/08/19 14:39:01 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/07/22 19:51:20 | 000,000,132 | ---- | C] () -- C:\Users\Jeroen\AppData\Roaming\Adobe Targa Format CS6 Prefs
[2013/07/20 20:01:29 | 000,007,962 | ---- | C] () -- C:\Users\Jeroen\bla_transfert_av.png
[2013/06/28 03:54:15 | 000,920,247 | ---- | C] () -- C:\Users\Jeroen\AppData\Local\census.cache
[2013/06/28 03:52:35 | 000,123,343 | ---- | C] () -- C:\Users\Jeroen\AppData\Local\ars.cache
[2013/06/28 03:35:12 | 000,000,036 | ---- | C] () -- C:\Users\Jeroen\AppData\Local\housecall.guid.cache
[2013/06/24 21:19:07 | 000,000,350 | ---- | C] () -- C:\Users\Jeroen\openvpn-connect.json
[2013/05/27 19:24:59 | 000,004,974 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2013/05/08 20:57:45 | 013,545,472 | ---- | C] () -- C:\Windows\SysWow64\SSL X-Verb Stereo.dll
[2013/05/08 20:57:45 | 006,569,984 | ---- | C] () -- C:\Windows\SysWow64\SSL X-Eq Stereo.dll
[2013/05/08 20:57:45 | 006,569,984 | ---- | C] () -- C:\Windows\SysWow64\SSL X-Eq Mono.dll
[2013/05/08 20:57:44 | 006,217,728 | ---- | C] () -- C:\Windows\SysWow64\SSL X-Comp Stereo.dll
[2013/05/08 20:57:44 | 006,217,728 | ---- | C] () -- C:\Windows\SysWow64\SSL X-Comp Mono.dll
[2013/05/08 20:57:44 | 005,787,648 | ---- | C] () -- C:\Windows\SysWow64\SSL Drumstrip Stereo.dll
[2013/05/08 20:57:44 | 005,783,552 | ---- | C] () -- C:\Windows\SysWow64\SSL Drumstrip Mono.dll
[2013/05/08 20:57:44 | 005,079,040 | ---- | C] () -- C:\Windows\SysWow64\SSL Vocalstrip Stereo.dll
[2013/05/08 20:57:44 | 005,074,944 | ---- | C] () -- C:\Windows\SysWow64\SSL Vocalstrip Mono.dll
[2013/05/08 20:57:43 | 015,695,872 | ---- | C] () -- C:\Windows\SysWow64\SSL Channel Stereo.dll
[2013/05/08 20:57:43 | 015,687,680 | ---- | C] () -- C:\Windows\SysWow64\SSL Channel Mono.dll
[2013/05/08 20:57:42 | 007,122,944 | ---- | C] () -- C:\Windows\SysWow64\SSL Bus Compressor Stereo.dll
[2013/05/08 20:57:42 | 007,122,944 | ---- | C] () -- C:\Windows\SysWow64\SSL Bus Compressor Mono.dll
[2013/05/08 20:57:42 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\FxShared.dll
[2013/05/08 20:57:42 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\com.fxpansion.fxshared.dll
[2013/05/08 18:42:30 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ArtFfct.dll
[2013/05/08 18:26:35 | 005,204,992 | ---- | C] () -- C:\Windows\SysWow64\PSP MicroComp.dll
[2013/05/08 18:26:34 | 004,583,424 | ---- | C] () -- C:\Windows\SysWow64\PSP MasterComp.dll
[2013/04/01 23:43:52 | 000,004,104 | ---- | C] () -- C:\ProgramData\ojobkspa.ako
[2013/02/21 03:45:22 | 000,000,132 | ---- | C] () -- C:\Users\Jeroen\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/11/08 16:40:42 | 000,000,032 | ---- | C] () -- C:\Windows\GearBox.ini
[2012/10/31 21:06:34 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2012/10/31 21:05:26 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2012/10/31 21:05:26 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2012/10/17 16:11:38 | 000,000,132 | ---- | C] () -- C:\Users\Jeroen\AppData\Roaming\Adobe GIF Format CS6 Prefs
[2012/07/03 16:06:43 | 000,011,264 | ---- | C] () -- C:\Users\Jeroen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/01 19:36:35 | 000,786,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/21 18:49:42 | 002,580,552 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/06/21 14:26:08 | 000,290,184 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/06/21 14:26:07 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/06/19 11:42:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/07 16:22:00 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2012/01/07 16:21:50 | 006,366,094 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-53.dll
[2012/01/07 16:21:50 | 001,007,151 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-53.dll
[2012/01/07 16:21:50 | 000,354,979 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2012/01/07 16:21:50 | 000,203,306 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll
[2012/01/07 16:21:50 | 000,138,727 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-2.dll
[2011/12/19 08:29:40 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/19 08:27:16 | 000,236,544 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/28 19:22:08 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\.ACEStream
[2013/05/02 20:25:38 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\.Torrent Stream
[2013/08/17 17:00:55 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\ACEStream
[2013/10/02 00:40:14 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Anvisoft
[2013/09/28 18:44:24 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\AnvSoft
[2013/05/08 19:05:35 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Arturia
[2013/08/27 01:24:36 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Atari
[2013/05/27 14:43:10 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Carambis
[2013/07/23 15:22:09 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/05/30 03:42:37 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\CorsixTH
[2012/06/20 13:19:53 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\DAEMON Tools Pro
[2012/10/07 17:46:54 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Downloaded Installations
[2013/10/01 23:25:01 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Dropbox
[2013/02/19 21:29:59 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Electronic Arts
[2012/09/21 16:44:42 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Evaer
[2013/08/21 17:59:57 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\FileZilla
[2012/10/31 02:59:35 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\IMCapture for Skype
[2013/09/30 15:54:41 | 000,000,000 | -HSD | M] -- C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN
[2013/08/27 01:28:55 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Leadertech
[2012/11/08 18:17:45 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Line 6
[2012/11/02 21:39:01 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\MOVAVI
[2013/08/02 23:57:22 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Origin
[2012/11/10 19:15:46 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\PowerISO
[2013/08/08 01:49:51 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Pro Cycling Manager 2013
[2012/06/21 14:26:06 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\PunkBuster
[2013/02/02 20:05:04 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\qBittorrent
[2013/01/07 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Sports Interactive
[2013/09/28 18:54:22 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Spotify
[2013/08/12 22:40:53 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/11/10 20:07:48 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Steinberg
[2012/06/29 21:15:07 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\SWiSH Max4
[2013/06/12 21:35:46 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\TomTom
[2013/09/16 04:00:51 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\TS3Client
[2012/12/12 17:30:41 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\uTorrent
[2012/11/13 21:55:03 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\VST3 Presets
[2013/05/08 19:06:23 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Waldorf

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/14 03:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 07:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 03:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/21 05:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/21 05:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 03:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 03:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/05 00:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 07:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/21 05:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/21 05:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 05:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 08:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 03:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 03:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 03:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/21 05:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/14 03:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 03:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 03:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 03:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 03:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 19:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 03:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 13:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 08:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 03:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/21 05:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/21 05:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/21 05:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/14 03:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/21 05:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/21 05:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/21 05:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/21 05:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/21 05:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/21 05:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 07:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/21 05:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/21 05:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/21 05:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/21 05:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/21 05:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/21 05:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/21 05:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/21 05:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/21 05:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 03:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/03 00:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/21 05:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 03:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/21 05:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 23:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CNF >
[2013/08/19 14:41:14 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\Jeroen\Documents\My Web Sites\_vti_pvt\services.cnf

< MD5 for: SERVICES.DAT >
[2013/09/27 09:26:22 | 000,002,876 | ---- | M] () MD5=9B75D345C253663B133A4EE3169B9FEA -- C:\Users\Jeroen\AppData\Local\Temp\jrt\services.dat

< MD5 for: SERVICES.EXE >
[2013/06/23 18:17:55 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2011/04/12 10:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2011/04/12 10:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2011/04/12 10:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2011/04/12 10:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2011/04/12 10:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2011/04/12 10:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< End of report >


EXTRAS
OTL Extras logfile created on: 10/1/2013 20:13:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jeroen\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.98 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 53.25% Memory free
7.96 Gb Paging File | 5.46 Gb Available in Paging File | 68.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1015.38 Gb Free Space | 54.50% Space Free | Partition Type: NTFS
Drive E: | 3.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 7.64 Gb Total Space | 4.26 Gb Free Space | 55.75% Space Free | Partition Type: FAT32

Computer Name: JRNGRNDLMN | User Name: Jeroen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{0DCAB5DD-CC69-271A-CF03-F2BD6B60BD8A}" = AMD Media Foundation Decoders
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{504184A2-1B0E-5D93-603A-517E93E7EDB3}" = AMD Accelerated Video Transcoding
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle videodriver
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{A71060CF-81D0-EC17-2252-78CA0E96CCCF}" = AMD Drag and Drop Transcoding
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"5FEE3C222325A264A4ADFAFE92FBE33C1BC7586F" = Windows Driver Package - Philips USB (09/28/2007 1.61.1.5790)
"E282DC1D6894F97E03EDDD547CB2781C096540CD" = Windows Driver Package - Philips (SPC620) Image (09/28/2007 1.61.1.5790)
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"RolandRDID0124" = SPD-SX Driver
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppP1100P1560P1600SeriesLaserJetService
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{1362E602-9625-42D3-B57F-CDA9D26F9DA8}" = Pinnacle Studio 15
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3F966873-BD1C-414A-A50F-AD9F2AD89949}" = SPD-SX Wave Manager
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{47BE6EC4-32A5-43BC-B6CD-839101374334}" = Philips SPC620NC Webcam
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = Super-Charger
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853F464A-B2B8-404E-BA3E-B98FF6862C41}" = hppusgP1100P1560P1600Series
"{86095E92-1959-8364-920E-82E81F64F8FB}" = Catalyst Control Center
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{DDB824DA-C431-3A3E-B997-F4B5539838FC}" = Google Talk Plugin
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E2B188E8-1DEE-495C-B675-9C2B7A891BFA}" = SnelStart v8.11
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFF19AB-1C8D-42BA-A18A-396F06B4F488}" = PCStreams
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Allok RM RMVB to AVI MPEG DVD Converter_is1" = Allok RM RMVB to AVI MPEG DVD Converter 1.3.4
"Analog Factory_is1" = Analog Factory 2.5
"ARP2600 V2_is1" = ARP2600 V2 2.0
"Battlelog Web Plugins" = Battlelog Web Plugins
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"CS-80V2_is1" = CS-80V2 2.0
"DAEMON Tools Pro" = DAEMON Tools Pro
"Downloader" = Downloader
"Driver Updater" = Carambis Driver Updater
"eLicenser Control" = eLicenser Control
"ESN Sonar-0.70.4" = ESN Sonar
"FileZilla Client" = FileZilla Client 3.6.0.2
"Jupiter-8V2_is1" = Jupiter-8V2 2.0
"Line 6 Uninstaller" = Line 6 Uninstaller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"minimoog V2_is1" = minimoog V2 2.0
"Moog Modular V 2_is1" = Moog Modular V 2.5
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"Pro Cycling Manager 2013_is1" = Pro Cycling Manager - Season 2013 version 1.0.3.0
"Prophet-V2_is1" = Prophet-V2 2.0
"PSP MasterComp 1.7.1 64bit" = PSP MasterComp 1.7.1 64bit
"PunkBusterSvc" = PunkBuster Services
"qbittorrent" = qBittorrent 3.0.11
"SopCast" = SopCast 3.5.0
"SSL Duende Native_is1" = SSL Duende Native (32-bit) v3.6.6
"SWiSH Max4" = SWiSH Max4
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"tixati" = Tixati
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.2
"Waldorf Largo" = Waldorf Largo
"Winamp" = Winamp
"xvid" = Xvid MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AceStream" = Ace Stream Media 2.1.5.3
"Dropbox" = Dropbox
"EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.8.0.0
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"Winamp Detect" = Winamp Applicatie Detect

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/30/2013 21:00:21 | Computer Name = JRNGRNDLMN | Source = Application Error | ID = 1000
Description = Faulting application name: Jeroen.exe, version: 0.0.0.0, time stamp:
0x5224aa91 Faulting module name: Jeroen.exe, version: 0.0.0.0, time stamp: 0x5224aa91
Exception
code: 0xc0000005 Fault offset: 0x0000c53e Faulting process id: 0x550 Faulting application
start time: 0x01cebe4196e195b8 Faulting application path: C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\Jeroen.exe
Faulting
module path: C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\Jeroen.exe Report Id: d8588ce7-2a34-11e3-8ab6-8c89a5c2a07b

Error - 9/30/2013 22:01:20 | Computer Name = JRNGRNDLMN | Source = WinMgmt | ID = 10
Description =

Error - 10/1/2013 10:20:41 | Computer Name = JRNGRNDLMN | Source = WinMgmt | ID = 10
Description =

Error - 10/1/2013 12:06:20 | Computer Name = JRNGRNDLMN | Source = Application Error | ID = 1000
Description = Faulting application name: Jeroen.exe, version: 0.0.0.0, time stamp:
0x5224aa91 Faulting module name: Jeroen.exe, version: 0.0.0.0, time stamp: 0x5224aa91
Exception
code: 0xc0000005 Fault offset: 0x0000c53e Faulting process id: 0xd44 Faulting application
start time: 0x01cebec026de13c8 Faulting application path: C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\Jeroen.exe
Faulting
module path: C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\Jeroen.exe Report Id: 68731ab7-2ab3-11e3-a138-8c89a5c2a07b

Error - 10/1/2013 12:58:04 | Computer Name = JRNGRNDLMN | Source = WinMgmt | ID = 10
Description =

Error - 10/1/2013 12:59:17 | Computer Name = JRNGRNDLMN | Source = Application Error | ID = 1000
Description = Faulting application name: Jeroen.exe, version: 0.0.0.0, time stamp:
0x5224aa91 Faulting module name: Jeroen.exe, version: 0.0.0.0, time stamp: 0x5224aa91
Exception
code: 0xc0000005 Fault offset: 0x0000c53e Faulting process id: 0x728 Faulting application
start time: 0x01cebec78d5c478e Faulting application path: C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\Jeroen.exe
Faulting
module path: C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\Jeroen.exe Report Id: ce133468-2aba-11e3-8d78-8c89a5c2a07b

Error - 10/1/2013 13:14:24 | Computer Name = JRNGRNDLMN | Source = Application Error | ID = 1000
Description = Faulting application name: Jeroen.exe, version: 0.0.0.0, time stamp:
0x5224aa91 Faulting module name: Jeroen.exe, version: 0.0.0.0, time stamp: 0x5224aa91
Exception
code: 0xc0000005 Fault offset: 0x0000c53e Faulting process id: 0x1248 Faulting application
start time: 0x01cebec9a98c7490 Faulting application path: C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\Jeroen.exe
Faulting
module path: C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\Jeroen.exe Report Id: eb2322c3-2abc-11e3-8d78-8c89a5c2a07b

Error - 10/1/2013 13:20:32 | Computer Name = JRNGRNDLMN | Source = Application Error | ID = 1000
Description = Faulting application name: Jeroen.exe, version: 0.0.0.0, time stamp:
0x5224aa91 Faulting module name: Jeroen.exe, version: 0.0.0.0, time stamp: 0x5224aa91
Exception
code: 0xc0000005 Fault offset: 0x0000c53e Faulting process id: 0x12c4 Faulting application
start time: 0x01cebeca851c41b6 Faulting application path: C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\Jeroen.exe
Faulting
module path: C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\Jeroen.exe Report Id: c679cee3-2abd-11e3-8d78-8c89a5c2a07b

Error - 10/1/2013 13:44:22 | Computer Name = JRNGRNDLMN | Source = Application Error | ID = 1000
Description = Faulting application name: Jeroen.exe, version: 0.0.0.0, time stamp:
0x5224aa91 Faulting module name: Jeroen.exe, version: 0.0.0.0, time stamp: 0x5224aa91
Exception
code: 0xc0000005 Fault offset: 0x0000c53e Faulting process id: 0x12a0 Faulting application
start time: 0x01cebecdd9978ccc Faulting application path: C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\Jeroen.exe
Faulting
module path: C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\Jeroen.exe Report Id: 1ad809de-2ac1-11e3-8d78-8c89a5c2a07b

Error - 10/1/2013 13:47:50 | Computer Name = JRNGRNDLMN | Source = Application Error | ID = 1000
Description = Faulting application name: Jeroen.exe, version: 0.0.0.0, time stamp:
0x5224aa91 Faulting module name: Jeroen.exe, version: 0.0.0.0, time stamp: 0x5224aa91
Exception
code: 0xc0000005 Fault offset: 0x0000c53e Faulting process id: 0xd88 Faulting application
start time: 0x01cebece55b29f09 Faulting application path: C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\Jeroen.exe
Faulting
module path: C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\Jeroen.exe Report Id: 96d385b5-2ac1-11e3-8d78-8c89a5c2a07b

[ System Events ]
Error - 9/10/2013 16:34:46 | Computer Name = JRNGRNDLMN | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 9/10/2013 16:34:46 | Computer Name = JRNGRNDLMN | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 9/10/2013 16:34:46 | Computer Name = JRNGRNDLMN | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 9/10/2013 16:34:50 | Computer Name = JRNGRNDLMN | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 9/10/2013 16:34:50 | Computer Name = JRNGRNDLMN | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 9/10/2013 16:34:50 | Computer Name = JRNGRNDLMN | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 9/10/2013 16:34:50 | Computer Name = JRNGRNDLMN | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 9/10/2013 20:44:54 | Computer Name = JRNGRNDLMN | Source = DCOM | ID = 10010
Description =

Error - 9/11/2013 16:43:05 | Computer Name = JRNGRNDLMN | Source = Service Control Manager | ID = 7023
Description = The Superfetch service terminated with the following error: %%1747

Error - 9/30/2013 21:12:55 | Computer Name = JRNGRNDLMN | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.


< End of report >
  • 0

#10
Valinorum
Posted 02 October 2013 - 01:46 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi jrngrndlmn, :)

  • Step #1 P2P Warning
    **IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
  • µTorrent
  • qBittorrent 3.0.11
  • Ace Stream Media 2.1.5.3
I shall provide you with a few reference links, please read them up to know the risks of having a P2P program.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

My recommendation is that you uninstall the programs listed above.

If you choose not to remove them, please do not use them until this computer is clean.

 

  • Step #2 Uninstall Programs
    I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
  • PunkBuster Services

 

  • Step #3 Fix with OTL
  • Re-run OTL by right clicking and choosing Run as administrator;
  • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

    :Commands
    [createrestorepoint]
    :OTL
    DRV:64bit: - [2013/10/01 23:24:31 | 000,032,512 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
    IE - HKCU\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
    FF - prefs.js..browser.startup.homepage: "http://startpage.com"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.startup.homepage: "http://startpage.com"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.startup.homepage: "http://startpage.com"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.startup.homepage: "http://startpage.com"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.startup.homepage: "http://startpage.com"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.startup.homepage: "http://startpage.com"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.startup.homepage: "http://startpage.com"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.startup.homepage: "http://startpage.com"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.startup.homepage: "http://startpage.com"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.suggest.enabled: false
    CHR - plugin: Ace Stream P2P Multimedia Plug-in (Enabled) = C:\Users\Jeroen\AppData\Roaming\ACEStream\player\npace_plugin.dll
    O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
    [2013/10/02 00:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win 32. Trojan . Start Page Removal Tool
    [2013/10/02 00:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Win 32. Trojan . Start Page Removal Tool
    [2013/10/02 00:15:26 | 000,000,000 | ---D | C] -- C:\Users\Jeroen\AppData\Roaming\Anvisoft
    [2013/10/02 00:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
    [2013/10/02 00:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
    [2013/10/02 00:14:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
    [2013/10/01 23:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
    [2013/10/01 22:40:21 | 000,000,000 | ---D | C] -- C:\Users\Jeroen\Desktop\Remove Trojan.StartPage virus (Removal Guide)_files
    [2013/10/02 00:36:48 | 000,001,562 | ---- | M] () -- C:\Users\Jeroen\Desktop\Win 32. Trojan . Start Page Removal Tool.lnk
    [2013/10/01 22:40:21 | 000,058,345 | ---- | M] () -- C:\Users\Jeroen\Desktop\Remove Trojan.StartPage virus (Removal Guide).htm
    [2013/10/01 03:12:56 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.hitmanpro
    [2013/10/02 00:40:14 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Anvisoft
    [2012/06/21 14:26:06 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\PunkBuster
    [2013/02/02 20:05:04 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\qBittorrent
    [2012/12/12 17:30:41 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\uTorrent
    [2013/05/02 20:25:38 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\.Torrent Stream

    :Commands
    [createrestorepoint]
    [emptytemp]

  • Click on "Run Fix" and let the program run unhindered;
  • Your PC will reboot automatically and a log will be opened;
  • Please post it in your next reply;
  • Re-run OTL and click Quick Scan;
  • A log will be opened after the scan;
  • Post that log too in your next reply.

 

  • Step #4 Scan with Security Check
    • Download Security Check by screen317 to your Desktop from any of the following location;
    • Link 1
    • Link 2
  • Right click on the program and choose Run as Administrator;
  • After the checking a log will appear;
  • Copy and Paste the content of the log in your next reply.

 

  • Step #5 Scan file in VirusTotal

    C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\Jeroen.exe
    C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jeroen.exe

    Do you recognize the files quoted above? If they were created by you then you can skip this step else --I want you to upload two suspicious file(s) to an online virus-scanner to scan.
  • Please go to www.virustotal.com
  • Click on Choose File;
  • Go to C:\Users\Jeroen\AppData\Roaming\JRNGRNDLMN\Jeroen.exe;
  • Click on Open;
  • Click on Scan it;
  • Copy and Paste the link of the result page;

Follow the procedure for the following file too:
C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jeroen.exe
 

  • Required Log(s):
  • OTL fix log;
  • OTL.txt;
  • Security Check log;
  • Virus Total links (if done).

Regards,
Valinorum
  • 0

#11
jrngrndlmn
Posted 02 October 2013 - 09:16 PM

jrngrndlmn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi Valinorum,

First of all: thank you for your clear and very elaborate reply.
I was already planning to install a new C-drive. So I installed a new SSD-drive and reinstalled windows 7.
Then I copied my most important files from the old drive to the new system drive (the SSD) and formatted it.
It's now running very fast and I have no traces of this very annoying virus left.
I know it isn't the 'common' way to remove the virus but since I was already planning to install a new SSD-drive I just figured this was the time to do so.
I had a friend come over and help me with the install of the new drive and Windows 7.
I want to thank you for giving me all these tips and taking your time to help me! I really appreciate it!

Thanks again, I guess this issue is solved then :-)
I guess I could use a good advice regarding a good virus protector.

Great website, keep up the great work!
  • 0

#12
Valinorum
Posted 03 October 2013 - 07:15 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi jrngrndlmn, :)

Great to see that the issue is resolved. Glad we could help. :)

I guess I could use a good advice regarding a good virus protector.

I think this thread will be helpful. :)

Before you go here are few tips, :)
  • Keep Windows up-to-date.
    • It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.
  • Keep your web browser plugins and other programs updated also.This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.

    A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.
  • And last of all, surf smart.It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article, How Did I Get Infected in the First Place?

Regards,
Valinorum
  • 0

#13
Essexboy
Posted 09 October 2013 - 08:42 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP