Jump to content

htems

Members
 View Profile  See their activity

  • Posts

    12

  • Joined

  • Last visited

 Content Type 

Everything posted by htems

  1. htems
    Thx for the help. MS Word works fine again. 😀
  2. htems
    log.txt
  3. htems
    All of a sudden Word does not function anymore giving the code in title. How to amend?
  4. htems
    I whitelisted the program and I don't experience any harm. So problem solved for now. Thx
  5. htems
    Malwarebytes www.malwarebytes.com -Logboekdetails- Datum beveiligingsgebeurtenis: 02-08-2020 Tijd beveiligingsgebeurtenis: 17:48 Logbestand: 8bd17080-d4d7-11ea-aa0c-005056c00001.json -Software-informatie- Versie: 4.1.2.73 Versie componenten: 1.0.990 Update pakketversie: 1.0.27827 Licentie: Premium -Systeeminformatie- Besturingssysteem: Windows 10 (Build 18362.959) Processor: x64 Bestandssysteem: NTFS Gebruiker: System -Details ransomware- Bestand: 1 Malware.Ransom.Agent.Generic, C:\Program Files\Java\jre1.8.0_261\bin\javaw.exe, Geblokkeerd, 0, 392685, 0.0.0 (end)
  6. htems
    I use the tool "Find and replace" made by https://sourceforge.net/u/olivierwehner/ and available on sourforge. I successfully used the program several times and now all of a sudden Malwarebytes flags the program as ransomware. Can I safely autorise this program?
  7. htems
    Hello Thanx for the great help My pc performs again as before
  8. htems
    Hello. I ran yesterday a full scan with MBAM. Nothing was found. Today I ran a full system scan with Microsoft Security Essentials and found 1 item, which I think is not very harmful, but I've removed it to be sure. Adware:Win32/OpenCandy containerfile:C:\Download\Utilities\Tweak programs\SIW\siw-setup.exe file:C:\Download\Utilities\Tweak programs\SIW\siw-setup.exe->(inno#000007) The flash scan with MBAM today was also ok. I presume my pc is ok again. Many thanx
  9. htems
    After running your fix I've ran the flash scan with 0 infections as result. I presume the trojan has gone now. All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-3593445478-578016552-3228295415-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found. Registry key HKEY_USERS\S-1-5-21-3593445478-578016552-3228295415-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found. Registry key HKEY_USERS\S-1-5-21-3593445478-578016552-3228295415-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6DA38389-9A26-45F5-A879-72607AAF7E81}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DA38389-9A26-45F5-A879-72607AAF7E81}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\40964 deleted successfully. C:\Users\Hugo-2010\AppData\Roaming\Azureus\torrents folder moved successfully. C:\Users\Hugo-2010\AppData\Roaming\Azureus\tmp folder moved successfully. C:\Users\Hugo-2010\AppData\Roaming\Azureus\subs folder moved successfully. C:\Users\Hugo-2010\AppData\Roaming\Azureus\shares folder moved successfully. C:\Users\Hugo-2010\AppData\Roaming\Azureus\rss folder moved successfully. C:\Users\Hugo-2010\AppData\Roaming\Azureus\plugins\mlab folder moved successfully. C:\Users\Hugo-2010\AppData\Roaming\Azureus\plugins\azutp\x64 folder moved successfully. C:\Users\Hugo-2010\AppData\Roaming\Azureus\plugins\azutp\win32 folder moved successfully. C:\Users\Hugo-2010\AppData\Roaming\Azureus\plugins\azutp folder moved successfully. C:\Users\Hugo-2010\AppData\Roaming\Azureus\plugins\azupnpav folder moved successfully. C:\Users\Hugo-2010\AppData\Roaming\Azureus\plugins\aefeatman_v folder moved successfully. C:\Users\Hugo-2010\AppData\Roaming\Azureus\plugins folder moved successfully. C:\Users\Hugo-2010\AppData\Roaming\Azureus\net folder moved successfully. C:\Users\Hugo-2010\AppData\Roaming\Azureus\logs folder moved successfully. C:\Users\Hugo-2010\AppData\Roaming\Azureus\dht folder moved successfully. C:\Users\Hugo-2010\AppData\Roaming\Azureus\devices folder moved successfully. C:\Users\Hugo-2010\AppData\Roaming\Azureus\cache folder moved successfully. C:\Users\Hugo-2010\AppData\Roaming\Azureus\active folder moved successfully. C:\Users\Hugo-2010\AppData\Roaming\Azureus folder moved successfully. ADS C:\ProgramData\TEMP:9A870F8B deleted successfully. ADS C:\ProgramData\TEMP:0CE7F3C9 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Hugo-2010 ->Temp folder emptied: 87979625 bytes ->Temporary Internet Files folder emptied: 63014240 bytes ->Java cache emptied: 216870 bytes ->Flash cache emptied: 57591 bytes User: Mijn back-ups User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 51672 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 3659235 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 148,00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.39.2 log created on 04172012_194115 Files\Folders moved on Reboot... C:\Users\Hugo-2010\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\Hugo-2010\AppData\Local\Temp\~DF129EB4F1AF9530A3.TMP not found! File\Folder C:\Users\Hugo-2010\AppData\Local\Temp\~DF30102E73528E358D.TMP not found! File\Folder C:\Users\Hugo-2010\AppData\Local\Temp\~DF57AEBCEFE51F78B8.TMP not found! File\Folder C:\Users\Hugo-2010\AppData\Local\Temp\~DF95ECA35964255F30.TMP not found! C:\Users\Hugo-2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully. C:\Users\Hugo-2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully. C:\Users\Hugo-2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMUR4BBQ\fastbutton[2].htm moved successfully. C:\Users\Hugo-2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMUR4BBQ\plusone_gadget[1].htm moved successfully. C:\Users\Hugo-2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMUR4BBQ\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully. C:\Users\Hugo-2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\36R4V358\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully. C:\Users\Hugo-2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\36R4V358\index[6].htm moved successfully. File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot. C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2560.log moved successfully. Registry entries deleted on Reboot...
  10. htems
    OTL Extras logfile created on: 17/04/2012 1:15:36 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Hugo-2010\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy 4,00 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 32,72% Memory free 7,99 Gb Paging File | 4,50 Gb Available in Paging File | 56,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 342,18 Gb Free Space | 73,48% Space Free | Partition Type: NTFS Drive F: | 2794,39 Gb Total Space | 2640,42 Gb Free Space | 94,49% Space Free | Partition Type: NTFS Drive G: | 149,05 Gb Total Space | 129,77 Gb Free Space | 87,07% Space Free | Partition Type: NTFS Drive U: | 149,05 Gb Total Space | 96,48 Gb Free Space | 64,73% Space Free | Partition Type: NTFS Drive V: | 2794,39 Gb Total Space | 1341,51 Gb Free Space | 48,01% Space Free | Partition Type: NTFS Computer Name: HUGO-2010-PC | User Name: Hugo-2010 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- Reg Error: Value error. Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Fotoshow] -- "C:\Program Files (x86)\Fotoservice\Kruidvat fotoservice\Fotoshow.exe" -d "%1" () Directory [Kruidvat fotoservice] -- "C:\Program Files (x86)\Fotoservice\Kruidvat fotoservice\Kruidvat fotoservice.exe" "%1" () Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /ADD "%1" (Ventis Media Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- Reg Error: Value error. Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Fotoshow] -- "C:\Program Files (x86)\Fotoservice\Kruidvat fotoservice\Fotoshow.exe" -d "%1" () Directory [Kruidvat fotoservice] -- "C:\Program Files (x86)\Fotoservice\Kruidvat fotoservice\Kruidvat fotoservice.exe" "%1" () Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /ADD "%1" (Ventis Media Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java 6 Update 24 (64-bit) "{2C304CEF-37C3-424E-9DD7-C56C45658290}" = Microsoft Image Composite Editor "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}" = AMD Catalyst Install Manager "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client "{4567EA14-6BCA-3EF9-859B-92CE48B1D704}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack "{47E5588F-C3A0-11DE-9857-005056C00008}" = Paragon Partition Manager™ 2010 Free Edition "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4EED336D-C202-43AD-8834-7D8212F3CB5E}" = HD View Utilities "{4FF5C7C9-86CC-41ED-B93B-0B51AB4FED24}" = VmciSockets "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{51FD1644-F4A7-44C6-B0B3-2C3787B918D8}" = BOINC "{54FFD5AC-7350-52B9-FB8F-1A8A6CF1FB5B}" = AMD Media Foundation Decoders "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{C9378F0F-B547-5506-165D-98F235F11514}" = ATI AVIVO64 Codecs "{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety "{CF1EB598-B424-436A-B15F-B763846BA970}" = Dassault Systemes Software Prerequisites x86-x64 "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}" = ccc-utility64 "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client NL-NL Language Pack "{E2A59F15-F731-4062-9BB7-3C99D8F15756}" = HP Scanjet G3010 "{E6456858-8C0C-35CE-96B8-AFFCD205C9FC}" = AMD Drag and Drop Transcoding "{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}" = Microsoft IntelliType Pro 7.1 "{F11009B0-F4DB-463B-B717-5266E47498AA}" = Windows Live Family Safety "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F8EDC0F8-15BC-4411-8762-77105C8AAEEC}" = Microsoft Antimalware Service NL-NL Language Pack "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "lvdrivers_12.10" = Logitech Webcam Software-stuurprogrammapakket "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD "Microsoft Security Client" = Microsoft Security Essentials "Primatte PS" = Primatte "Recuva" = Recuva "Speccy" = Speccy [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd "{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9 "{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish "{037045B1-21D7-4F32-8F9C-90606D780C73}" = MAGIX Video deluxe 17 Premium (proDAD Heroglyph 2.6) "{03AE842F-9204-4FBD-8FD9-0C27AF1533E3}" = MAGIX Video deluxe 17 Premium (Menusjablonen 2) "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{09ACF160-EFA8-4154-BB47-5171C9DB04E2}" = MAGIX Video deluxe 17 Premium (XXL-geluidenarchief 2) "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0DC66F25-C58F-40d3-86BC-CA29C6D99BF8}" = Windows 7 Upgrade Advisor "{0ED24503-D0D5-40EB-BC52-2C32C4E44C41}" = MAGIX Video deluxe 17 Premium (Overgangseffecten) "{0EE31180-F347-4954-8AE6-C64306559775}" = MAGIX Speed burnR (MSI) "{103FA994-406C-4643-9EA3-C0E841D836E0}" = MAGIX Video deluxe MX Premium Download-versie (Fotoshow Maker-stijlen 1) "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{17C4A35A-2041-42C0-8D10-DEF55B47BE56}" = Adobe Premiere Elements 8.0 Templates "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware "{1B5F9286-538A-4CA0-8729-2648F29C70F3}" = MAGIX Audio Cleaning Lab 16 deluxe Download-versie "{1E4DCB05-1BBF-494A-B304-AE0FE7FB6FE0}" = MAGIX Video deluxe 17 Premium (inleidende video) "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 24 "{27E3BC84-8151-4F76-9D53-A810394CADAC}" = hpg3010 "{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2F43A69E-6BB1-4030-B754-331B287B9656}" = MAGIX Video deluxe 17 Premium (titeleffecten) "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34682103-4986-4A41-B9D2-AC1068E77169}" = MAGIX Speed 2 (MSI) "{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German "{39FF0964-98B2-4DC2-8153-B853DF1740FD}" = MAGIX Video deluxe MX Premium Download-versie (Overgangseffecten) "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver "{3AAFE6E0-3DED-40AA-AD19-F758112C9D72}" = CCExtractor "{3B19CE3D-C4D3-A873-C5DB-11349E0B62DF}" = HydraVision "{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish "{3E553ED2-8212-4DD3-8992-1A5B878CD91D}" = MAGIX Video deluxe 17 Premium (XXL-geluidenarchief 1) "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0 "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service "{4CC5BA76-4F22-4010-834D-E40DE027F3FB}" = MAGIX Video deluxe MX Premium Download-versie (filmsjablonen) "{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek "{56984DD4-9196-4891-BB2C-8339A5AD5DF1}" = MAGIX Video deluxe 17 Premium (proDAD Adorage 11) "{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian "{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7 "{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech "{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional "{62963D16-D25A-4CCA-AC3B-9484AFFC4D04}" = MAGIX Video deluxe MX Premium Download-versie (Fotoshow Maker-stijlen 2) "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B20EE79-2049-49BC-BC46-17A040EE3C2E}" = PS-Wizard "{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition "{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai "{6D84AE16-DA77-47CA-B1A0-D035F7BF78AD}" = MAGIX Video deluxe MX Premium Download-versie (Demoproject) "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72E13122-5B72-4626-99D1-735AAFCAF65B}" = MAGIX Video deluxe MX Premium Download-versie (titeleffecten) "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78F90836-E409-496B-AE20-1B1197C4C06C}" = MAGIX Video deluxe MX Premium Download-versie "{79403E3A-7BF3-437F-A178-00AE4685FA71}" = MAGIX Video deluxe 17 Premium (Klanggenerator) "{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean "{7AD379E0-746F-427E-8468-41D782708D21}" = MAGIX Video deluxe MX Premium Download-versie (inleidende video) "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{806E9D55-58A9-4BA5-8007-A0111C7D1339}" = MAGIX Video deluxe 17 Premium (Demoproject) "{824563DE-75AD-4166-9DC0-B6482F206193}" = Belgium e-ID middleware 3.5.3 (build 6193) "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{859E2F1F-53A9-431E-9395-6D41BBCBC007}" = MAGIX Video deluxe MX Premium Download-versie (Individuele menusjablonen) "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later "{88512121-C9BE-4109-B92D-2EEF8A342B49}" = MAGIX Video deluxe 17 Premium (Fotoshow Maker-stijlen 2) "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8AB45D63-43A7-4CB8-A566-435B5EC59B81}" = mufin player 2.5 "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8B788DF8-3753-4BC9-92DE-C46CCE093801}" = MAGIX Video deluxe 17 Premium (Fotoshow Maker-stijlen 1) "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E53C906-574C-4AFC-BF53-23E3AFB9B290}" = MAGIX Video deluxe 17 Premium (Designelementen) "{8E7F86F8-D107-46C4-AFA6-4C649915C207}" = MAGIX Video deluxe 17 Premium (proDAD Mercalli 2) "{8F3B3E0F-4D21-444B-995C-A10CA48A95A5}" = MAGIX Video deluxe 17 Premium (Menusjablonen 1) "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool "{91EBCCB9-A539-4306-AC5A-F372E0D6092B}" = OpenOffice.org 3.3 "{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish "{966CA8ED-5A5D-47F8-A478-794206AB1B3E}" = Microsoft WorldWide Telescope "{984C51B3-2D77-4085-A392-3550413928DC}" = MAGIX Video deluxe MX Premium Download-versie (proDAD VitaScene 2 MAGIX Edition) "{9876AE1C-C31E-4C52-9F80-D192A688DF10}" = MAGIX Video deluxe MX Premium (Red Giant Magic Bullet Quick Looks) "{98EDB4FD-292B-4AA0-B702-3BD7A68397A4}" = MAGIX Screenshare "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0 "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris "{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.04.28 "{AC76BA86-7AD7-1043-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Nederlands "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k "{B2CF1869-8727-4F9C-BA7D-807CA9F7C528}" = Magic Bullet Quick Looks (for MAGIX) "{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian "{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = Catalyst Control Center "{B61EB6FF-572D-4326-970C-87B6C77F973D}" = MAGIX 3D Maker (embedded MSI) "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B80A66EB-ED49-489D-A6A6-D6B566C5C0E8}" = MAGIX Video Sound Cleaning Lab Download-versie "{B8CB4CBE-FD0E-4061-BEE2-24333A28C9CA}" = MAGIX Video deluxe MX Premium (Video Plugins) "{BA94B525-1469-4E00-AFE4-50ADEB8B3993}_is1" = LaCie Network Assistant 1.4.2.40 "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BE06114F-559D-11E0-B5A1-001D0926B1BF}" = Google Earth "{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish "{C158843E-B183-4A50-B368-608B94BA185A}" = MAGIX Video deluxe 17 Premium Video Plugins "{C17BF36D-E3C4-42FF-98C1-51BACA39FDC9}" = MAGIX Video deluxe 17 Premium (Soundtrack Maker-Stijlen) "{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home "{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C6B01AEA-4FB0-4DA1-B037-12BCD372B253}" = MAGIX Video deluxe MX Premium Download-versie (Designelementen) "{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CD916DAB-2D43-49DE-AFB0-470A1D705621}" = MAGIX Video deluxe MX Premium Download-versie (proDAD Adorage startpakket) "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8 "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech-webcamsoftware "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}" = D-Link RangeBooster N DWA-140 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DAF650C8-AFE5-3460-E1C4-B9716D2DA5D2}" = Catalyst Control Center InstallProxy "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365 "{DF79A36B-62DE-460A-8307-DBC6EC44716A}" = MAGIX Video deluxe MX Premium Download-versie (Menusjablonen 2) "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English "{E14D6A39-96CA-44DF-9FC7-EB17BC9E2F73}" = Photosynth 2.0110.0317.1042 "{E19CB40D-3BD6-496D-A752-690EC4DEC280}" = MAGIX Video deluxe MX Premium Download-versie (Menusjablonen 1) "{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch "{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer "{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E5720A0A-7951-48CC-BBE5-3A9333AC25F2}" = MAGIX Video deluxe MX Premium Download-versie (NewBlueFX Light Blends) "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common "{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1" = FotoSketcher 2.20 "{E869CE2F-A5D5-44D1-8D71-B2560129F310}" = MAGIX Video deluxe 17 Premium (Individuele menusjablonen) "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EC637522-73A5-4428-8B46-65A621529CC7}" = Microsoft Location Finder "{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese "{EE531675-A09C-51DD-F356-ECA9D6857039}" = Adobe Community Help "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40B0B58-23AB-49A9-9477-6BF3FF99CC5C}" = MAGIX Video deluxe MX Premium Download-versie (Soundtrack Maker-Stijlen) "{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel "{FBD23F24-A1F9-47C4-8703-7B3237E0A1F2}" = MAGIX Video deluxe 17 Premium Download-versie "{FC19BA02-E1E3-40E0-9FA9-6CEAA62C60C6}" = ResizeMyPhotos "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FEE83A6D-7E16-ECAB-D10F-0B5813D2799E}" = Application Profiles "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "3D Shadow by Lokas Software" = 3D Shadow by Lokas Software "7-Zip" = 7-Zip 9.10 beta "Adobe AIR" = Adobe AIR "Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9 "aignesamdeadlink_is1" = AM-DeadLink 4.3 "Album Art Downloader XUI" = Album Art Downloader XUI 0.40.1 "AMF CD and DVD Label Maker" = AMF CD and DVD Label Maker "ASRock IES_is1" = ASRock IES v2.0.28 "ASRock InstantBoot_is1" = ASRock InstantBoot v1.23 "Asynx Planetarium v2.61_is1" = Asynx Planetarium Version 2.61 "aTube Catcher" = aTube Catcher "Audacity_is1" = Audacity 1.2.6 "Avidemux 2.5 (64-bit)" = Avidemux 2.5 "BurnAware Free_is1" = BurnAware Free 4.7 "CameraWindowDC8" = Canon Utilities CameraWindow DC 8 "CameraWindowLauncher" = Canon Utilities CameraWindow Launcher "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "Celestia_is1" = Celestia 1.6.0 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "CodeStuff Starter" = CodeStuff Starter "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Core FTP LE 2.1" = Core FTP LE 2.1 "CoreFTP" = Core FTP LE "CRW Fixer" = CRW Fixer "DPP" = Canon Utilities Digital Photo Professional 3.9 "eIMAGE Recovery" = eIMAGE Recovery "FileHippo.com" = FileHippo.com Update Checker "FileZilla Server" = FileZilla Server "FMCODEC" = FM Screen Capture Codec (Remove Only) "FormatFactory" = FormatFactory 2.80 "Foto.com's Editor_is1" = Foto.com's Editor 1.0 "FreeCommander_is1" = FreeCommander 2009.02a "FreeFileSync" = FreeFileSync v5.2 "FXhome PhotoKey 4" = FXhome PhotoKey 4 (remove only) "HD Tune_is1" = HD Tune 2.55 "InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0 "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "IsoBuster_is1" = IsoBuster 3.0 "Kruidvat fotoservice" = Kruidvat fotoservice "Look@LAN_1.0" = Look@LAN 2.50 Build 35 "MAGIX Screenshare NL" = MAGIX Screenshare "MAGIX Speed burnR NL" = MAGIX Speed burnR "MAGIX_MSI_mufin_player_2_5" = mufin player 2.5 "MAGIX_MSI_Videodeluxe17_premium" = MAGIX Video deluxe 17 Premium Download-versie "MAGIX_MSI_Videodeluxe18_premium" = MAGIX Video deluxe MX Premium Download-versie "MAGIX_MSI_Videoton_Cleaning_Lab" = MAGIX Video Sound Cleaning Lab Download-versie "MainApp.exe_is1" = CloneDVD 5.0.1.6 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.61.0.1400 "mclab_16dlx" = MAGIX Audio Cleaning Lab 16 deluxe Download-versie "MediaMonkey_is1" = MediaMonkey 4.0 "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube "MP3MyMP3_is1" = MP3MyMP3 3.1 "mufin player US" = mufin player "MyCamera" = Canon Utilities MyCamera "MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin "NASA World Wind 1.4" = NASA World Wind 1.4 "NewBlue 3D Explosions for Windows" = NewBlue 3D Explosions for Windows "NewBlue 3D Transformations for Windows" = NewBlue 3D Transformations for Windows "NewBlue Art Blends for Windows" = NewBlue Art Blends for Windows "NewBlue Art Effects for Windows" = NewBlue Art Effects for Windows "NewBlue Film Effects for Windows" = NewBlue Film Effects for Windows "NewBlue Free Effects for Windows" = NewBlue Free Effects for Windows "NewBlue Motion Blends for Windows" = NewBlue Motion Blends for Windows "NewBlue Motion Effects for Windows" = NewBlue Motion Effects for Windows "NewBlue Paint Blends for Windows" = NewBlue Paint Blends for Windows "NewBlue Paint Effects for Windows" = NewBlue Paint Effects for Windows "NewBlue Video Essentials for Windows" = NewBlue Video Essentials for Windows "NewBlue Video Essentials II for Windows" = NewBlue Video Essentials II for Windows "NewBlue Video Essentials III for Windows" = NewBlue Video Essentials III for Windows "NewBlueFX Light Blends" = NewBlueFX Light Blends "NoIPDUC" = No-IP DUC "PhotoStitch" = Canon Utilities PhotoStitch "PremElem80" = Adobe Premiere Elements 8.0 "PremElem80Templates" = Adobe Premiere Elements 8.0 Templates "proDAD-Adorage-3.0" = proDAD Adorage 3.0 "proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5 "proDAD-Mercalli-2.0" = proDAD Mercalli 2.0 "proDAD-Vitascene-1.0" = proDAD Vitascene StarterKit 1.0 "proDAD-Vitascene-2.0" = proDAD Vitascene 2.0 "Recover My Files_is1" = Recover My Files "Revo Uninstaller" = Revo Uninstaller 1.92 "Simple Port Forwarding" = Simple Port Forwarding "Stellarium_is1" = Stellarium 0.9.1 "SubMagic_is1" = SubMagic V0.71 "SubtitleEdit_is1" = Subtitle Edit v3.2.2 "SubtitleWorkshop" = Subtitle Workshop 2.51 "System Explorer_is1" = System Explorer 2.7.1 "TreeSize Free_is1" = TreeSize Free V2.5 "TrueCrypt" = TrueCrypt "TweakNow PowerPack 2010_is1" = TweakNow PowerPack 2010 "Ulead Particle.Plugin 1.0" = Ulead Particle.Plugin 1.0 "VLC media player" = VLC media player 2.0.1 "VMware_Player" = VMware Player "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite" = Windows Live Essentials "Wise Registry Cleaner_is1" = Wise Registry Cleaner Professional V5.31 "WMV9_VCM" = Microsoft Windows Media Video 9 VCM "XnFoto_is1" = XnFoto www.foto.com "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3593445478-578016552-3228295415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Aldfaer" = Aldfaer ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >
  11. htems
    OTL logfile created on: 17/04/2012 1:15:36 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Hugo-2010\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy 4,00 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 32,72% Memory free 7,99 Gb Paging File | 4,50 Gb Available in Paging File | 56,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 342,18 Gb Free Space | 73,48% Space Free | Partition Type: NTFS Drive F: | 2794,39 Gb Total Space | 2640,42 Gb Free Space | 94,49% Space Free | Partition Type: NTFS Drive G: | 149,05 Gb Total Space | 129,77 Gb Free Space | 87,07% Space Free | Partition Type: NTFS Drive U: | 149,05 Gb Total Space | 96,48 Gb Free Space | 64,73% Space Free | Partition Type: NTFS Drive V: | 2794,39 Gb Total Space | 1341,51 Gb Free Space | 48,01% Space Free | Partition Type: NTFS Computer Name: HUGO-2010-PC | User Name: Hugo-2010 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/17 01:14:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Hugo-2010\Desktop\OTL.exe PRC - [2012/04/14 01:01:56 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe PRC - [2012/04/06 19:36:52 | 019,985,920 | ---- | M] () -- C:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_3.26_windows_x86_64.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/02/25 18:07:21 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2012/01/18 16:11:40 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2012/01/18 16:11:32 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2012/01/18 13:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe PRC - [2012/01/05 01:39:38 | 000,843,264 | ---- | M] () -- C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcg_gfam_vina_6.11_windows_intelx86 PRC - [2012/01/05 01:39:37 | 000,502,784 | ---- | M] () -- C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcg_gfam_6.11_windows_intelx86 PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/11/07 17:23:59 | 002,741,031 | ---- | M] () -- C:\ProgramData\BOINC\projects\boinc.fzk.de_poem\poempp_0.8_windows_intelx86 PRC - [2011/10/23 22:07:34 | 000,630,784 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe PRC - [2011/09/02 18:14:34 | 008,948,719 | ---- | M] () -- C:\ProgramData\BOINC\projects\einstein.phys.uwm.edu\hsgamma_FGRP1_0.23_windows_intelx86.exe PRC - [2011/08/19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe PRC - [2011/08/12 13:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011/08/12 13:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe PRC - [2011/05/24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2011/04/03 22:04:53 | 000,784,384 | ---- | M] () -- C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_eu_6.09_windows_intelx86.exe PRC - [2011/02/24 16:01:00 | 004,220,416 | ---- | M] () -- C:\ProgramData\BOINC\projects\climateprediction.net\hadrm3p_eu_um_6.09_windows_intelx86.exe PRC - [2011/02/24 16:00:59 | 004,398,592 | ---- | M] () -- C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_eu_um_6.09_windows_intelx86.exe PRC - [2010/09/30 04:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe PRC - [2010/06/18 23:02:20 | 001,423,520 | ---- | M] () -- C:\Program Files (x86)\No-IP\DUC30.exe PRC - [2010/05/06 19:24:09 | 000,406,016 | ---- | M] (Space Sciences Laboratory) -- C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe PRC - [2010/04/30 22:20:12 | 002,475,952 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2010/04/29 09:22:00 | 007,221,248 | ---- | M] (LaCie SA) -- C:\Program Files (x86)\LaCie\Ethernet Agent\LaCie Network Assistant.exe PRC - [2009/11/13 18:53:26 | 000,357,304 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2009/11/13 18:52:10 | 005,075,776 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2009/10/21 12:12:50 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2007/08/20 14:05:24 | 001,671,168 | ---- | M] (D-Link) -- C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe PRC - [2007/01/19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe PRC - [2006/11/14 13:22:10 | 000,121,640 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Location Finder\LocationFinder.exe ========== Modules (No Company Name) ========== MOD - [2012/04/06 19:36:52 | 019,985,920 | ---- | M] () -- C:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_3.26_windows_x86_64.exe MOD - [2012/01/05 01:39:38 | 000,843,264 | ---- | M] () -- C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcg_gfam_vina_6.11_windows_intelx86 MOD - [2012/01/05 01:39:37 | 000,502,784 | ---- | M] () -- C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcg_gfam_6.11_windows_intelx86 MOD - [2011/11/07 17:23:59 | 002,741,031 | ---- | M] () -- C:\ProgramData\BOINC\projects\boinc.fzk.de_poem\poempp_0.8_windows_intelx86 MOD - [2011/09/02 18:14:34 | 008,948,719 | ---- | M] () -- C:\ProgramData\BOINC\projects\einstein.phys.uwm.edu\hsgamma_FGRP1_0.23_windows_intelx86.exe MOD - [2011/08/22 16:47:44 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe MOD - [2011/08/12 13:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/04/03 22:04:53 | 000,784,384 | ---- | M] () -- C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_eu_6.09_windows_intelx86.exe MOD - [2011/02/24 16:01:00 | 004,220,416 | ---- | M] () -- C:\ProgramData\BOINC\projects\climateprediction.net\hadrm3p_eu_um_6.09_windows_intelx86.exe MOD - [2011/02/24 16:00:59 | 004,398,592 | ---- | M] () -- C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_eu_um_6.09_windows_intelx86.exe MOD - [2010/06/18 23:02:20 | 001,423,520 | ---- | M] () -- C:\Program Files (x86)\No-IP\DUC30.exe MOD - [2010/05/07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll MOD - [2010/05/07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll MOD - [2010/05/07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll MOD - [2010/05/07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll MOD - [2010/05/07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll MOD - [2010/05/06 19:24:10 | 000,448,600 | ---- | M] () -- C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\libfftw3f-3-1-1a_upx.dll MOD - [2009/02/17 12:19:22 | 000,194,048 | ---- | M] () -- C:\Program Files (x86)\LaCie\Ethernet Agent\curllib.dll MOD - [2007/08/20 17:41:12 | 000,233,472 | ---- | M] () -- C:\Windows\SysWOW64\WlanApp.dll MOD - [2003/10/24 01:27:46 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\LaCie\Ethernet Agent\openldap.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/02/15 05:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2012/04/14 13:01:30 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/01/18 16:11:40 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2012/01/18 16:11:32 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2012/01/18 13:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/10/23 22:07:34 | 000,630,784 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe -- (FileZilla Server) SRV - [2011/08/29 22:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService) SRV - [2011/08/19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011/05/24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2011/04/26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2010/09/30 04:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0) SRV - [2010/05/01 12:30:27 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/04/30 22:20:12 | 002,475,952 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/11/13 18:55:02 | 000,891,344 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2009/09/18 04:54:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x64\Sandra.sys -- (SANDRA) DRV:64bit: - [2012/04/14 22:41:14 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/02/15 04:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/01/18 16:11:56 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2012/01/18 16:11:08 | 000,032,880 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2012/01/18 16:10:38 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2012/01/18 13:06:00 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2012/01/18 13:06:00 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam Pro 9000(UVC) DRV:64bit: - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011/12/05 21:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011/08/29 22:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2011/08/29 22:01:10 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb) DRV:64bit: - [2011/08/08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010/09/15 08:46:14 | 000,060,288 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MHIKEY10x64.sys -- (MHIKEY10) DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2010/05/01 13:52:36 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin) DRV:64bit: - [2010/04/30 22:20:14 | 000,250,464 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2010/04/30 22:20:09 | 001,477,152 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm255.sys -- (tdrpman255) Acronis Try&Decide and Restore Points filter (build 255) DRV:64bit: - [2010/04/30 22:20:08 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2010/04/30 22:20:02 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010/03/09 12:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009/11/11 18:19:54 | 000,027,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2009/11/11 18:19:54 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:64bit: - [2009/10/29 10:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009/10/26 23:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009/10/26 23:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009/08/20 18:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 02:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883) DRV:64bit: - [2009/07/14 02:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc) DRV:64bit: - [2009/07/14 02:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV) DRV:64bit: - [2009/06/10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2007/07/24 03:53:04 | 000,125,992 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PnP680r.sys -- (Pnp680r) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://be.msn.com/default.aspx IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-BE IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 CA 78 7C 31 6A CB 01 [binary data] IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_nl IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://be.msn.com/default.aspx IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-BE IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 CA 78 7C 31 6A CB 01 [binary data] IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_nl IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Download\Utilities\CD-DVD branden\Burnaware IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ig IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://be.msn.com/default.aspx IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-be IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 2F A1 82 DE E7 CA 01 [binary data] IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\..\SearchScopes,DefaultScope = {E7EFE7B4-CF76-4EDD-AD5A-14D80C36529A} IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\..\SearchScopes\{6DA38389-9A26-45F5-A879-72607AAF7E81}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=nl_EU&apn_ptnrs=FV&apn_dtid=YYYYYYYYBE&apn_uid=cf096f9b-a3a5-4275-8808-b9d349e4b0f1&apn_sauid=9FF96F89-ACFF-4475-A2DA-BE96F1116E4F IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\..\SearchScopes\{E7EFE7B4-CF76-4EDD-AD5A-14D80C36529A}: "URL" = http://www.google.be/search?hl=en&q={searchTerms}&meta=&rlz=1I7GGLL_nlBE377 IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/06/10 21:15:18 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/06/10 21:15:18 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2012/01/01 21:48:52 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acronis Scheduler2Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [beid] C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe (Belgian Government) O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory) O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory) O4 - HKLM..\Run: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe (D-Link) O4 - HKLM..\Run: [FileZilla Server Interface] C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Premium_Download-versie\Trayserver_NL.exe (MAGIX AG) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3593445478-578016552-3228295415-1000..\Run: [LaCie Ethernet Agent Startup] C:\Program Files (x86)\LaCie\Ethernet Agent\LaCie Network Assistant.exe (LaCie SA) O4 - HKU\S-1-5-21-3593445478-578016552-3228295415-1000..\Run: [Microsoft Location Finder] C:\Program Files (x86)\Microsoft Location Finder\LocationFinder.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Hugo-2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\No-IP DUC.lnk = C:\Program Files (x86)\No-IP\DUC30.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 40964 = C:\PROGRA~3\LOCALS~1\Temp\msazujo.com O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\..Trusted Ranges: Range1979 ([http] in Trusted sites) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab (Reg Error: Key error.) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility) O16 - DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} http://ua.foto.com/ImageUploader6.cab (Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42846E5C-B61B-442A-A5C3-CD01953184B2}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97CF2B03-C29E-4E3F-AD0B-9E181F18604D}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\belarc - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/04/17 01:14:48 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Hugo-2010\Desktop\OTL.exe [2012/04/17 01:10:50 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{B8C6423E-5EA9-4066-998F-BA1CF924925A} [2012/04/16 22:54:14 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{1FFC7504-008A-47B5-A775-3C28A0C2CE3B} [2012/04/16 22:53:51 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{3EE836B9-9BE0-4131-B479-F883607097DB} [2012/04/16 22:35:44 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{DA32A2B5-AB12-4D54-9875-F35D6E2DE733} [2012/04/16 22:35:22 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{8D007362-8370-4718-B94C-2F5F15F1A005} [2012/04/16 22:32:21 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{1F416AB4-5ACA-4B22-8793-78F2A561096C} [2012/04/16 20:40:29 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{2B62D506-961D-4160-9E60-5F3B67827FFB} [2012/04/16 20:40:18 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{787AF0AB-655C-48B0-83F4-85A2F23D0F4A} [2012/04/16 20:37:08 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{41E838CE-5BFF-428E-A28E-91CBF352665B} [2012/04/16 20:36:52 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{C30C3717-6B83-4FFB-82D6-927F9BB202E9} [2012/04/16 20:33:33 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{06469FD8-192F-4D60-A6CA-6695B95B1AD1} [2012/04/16 20:07:22 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{2C24A87F-7176-491C-8869-E13322DE89E3} [2012/04/16 20:07:05 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{34E015FF-0B74-40A0-8845-D9BFE36FCF89} [2012/04/16 20:01:47 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{98913718-E9B8-45C1-B7BF-1C93B5C8279C} [2012/04/16 20:01:28 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{7C9240E3-214F-42D0-9875-40E94887392B} [2012/04/15 23:20:14 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{F04B55AA-CCAE-4F7C-AE75-27661325DF77} [2012/04/15 23:19:53 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{5C11D4D8-8771-415E-A6D1-DD16A540AB65} [2012/04/15 22:54:16 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{0B94BF89-5682-4192-83F7-60FBD7CD432B} [2012/04/15 22:43:57 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{30C4AD49-B5EB-44C4-8FDC-9F8FB465656F} [2012/04/15 22:12:28 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{843E519B-4953-444B-BA2A-B307885E4649} [2012/04/15 21:57:58 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{0177C792-8AAD-41FA-8560-08DB29982117} [2012/04/15 21:52:57 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{B94E0A54-2BAE-4273-8DD2-06B219ED7F29} [2012/04/15 14:34:06 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{3E334EB8-749E-44E8-8B02-E882FC2E2722} [2012/04/15 14:33:44 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{E7027750-DEB4-45D8-9FA1-B2591AC743B3} [2012/04/15 14:19:09 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{A556EDB0-6CA8-4050-A531-BB256F50A420} [2012/04/15 13:48:01 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{EA9A9F99-5BD5-4B84-B180-A392E9CBE7F4} [2012/04/15 12:09:39 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW [2012/04/14 22:38:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster [2012/04/14 22:33:11 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{248F572A-528F-4A57-BD7B-20045C45AACB} [2012/04/14 12:47:01 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{7D1C9996-3D81-456D-BF14-D8904A6A953A} [2012/04/13 22:49:00 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{800FF905-9ED3-46B3-8949-2ED8249FA36C} [2012/04/12 19:54:50 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{23843A14-262A-4376-B924-BA1AAFAEC182} [2012/04/11 19:54:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/04/11 19:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/04/11 19:54:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012/04/11 19:50:54 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{FEBF4F75-CFCC-4E1A-971A-3BE94A126274} [2012/04/10 19:24:33 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{6D179046-7A1E-43B1-925D-7CE3A2FB92F0} [2012/04/09 22:17:16 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{4EFE79A7-03ED-433D-BBFC-80EDADEDAB5D} [2012/04/09 00:54:28 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{D5316C05-1EE2-44B2-97C5-4E60B4996582} [2012/04/08 00:52:25 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{56610D69-A2B9-4D65-A760-2E53D56F0E29} [2012/04/08 00:46:12 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{D7F95174-E24B-4937-8BD2-A19C3C3CAD11} [2012/04/07 11:19:54 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{6E4C6B2F-6FB1-44AC-862F-16466F47C1E5} [2012/04/06 19:38:17 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{90E20DD1-DF3E-4C51-A4EB-EC1F2383EFAA} [2012/04/05 19:35:25 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{00930944-BEFE-47C3-8609-F7F9C77A38C3} [2012/04/04 19:46:45 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{986A7BED-ECFB-45CD-A90E-2DB0506A0EFF} [2012/04/03 19:21:50 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{89725327-A0AF-4ECC-85C9-809F31B2FE91} [2012/04/02 20:09:12 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{01F2AC68-6B7F-4818-8581-257985216FBD} [2012/04/02 01:19:43 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{22348CA7-052B-4AE6-9142-24786DE1F9B4} [2012/04/01 12:03:03 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{6E2B1CDF-AD4B-4D01-99CA-114D0255431D} [2012/03/31 10:56:25 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{BBE58B25-1B27-4E5C-A754-14B3923ABF63} [2012/03/31 09:58:03 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{D7CD9887-856F-4F79-9222-71999C3560B8} [2012/03/30 23:15:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP3 My MP3 3.1 [2012/03/30 19:37:47 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{70233815-6091-4C20-896C-7B6E869873A4} [2012/03/29 19:47:59 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{2B6687A7-2280-4525-9894-5217312462B9} [2012/03/29 01:20:31 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{39657706-DC0C-4965-BF70-24634BDA51AD} [2012/03/29 01:20:09 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{FEC4EB8C-D4F4-41AB-BC98-9C972B8348B2} [2012/03/27 19:56:04 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{EB3E23CA-2CC4-40FC-9416-A6764B90FDB3} [2012/03/27 19:55:44 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{CA463D1E-C063-4EA7-81B6-B0855A54AC99} [2012/03/27 01:17:47 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{068EA4EA-7489-46F9-86F2-2CC31DD7DF73} [2012/03/27 01:17:28 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{7DB97B9C-5067-4321-8FE9-849232FC1E09} [2012/03/26 12:48:10 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{EBFE29C5-CF5B-493C-B1CB-2D407F1741A1} [2012/03/26 12:47:59 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{EA430D28-CA68-49B5-AC4E-088358361119} [2012/03/26 11:17:17 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{AED8925A-AD04-4ED6-B125-4C5DEFF642E5} [2012/03/25 21:14:11 | 000,063,088 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys [2012/03/25 21:13:40 | 000,354,416 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe [2012/03/25 21:13:38 | 000,433,264 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe [2012/03/25 21:13:32 | 000,030,320 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys [2012/03/25 21:13:23 | 000,942,192 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll [2012/03/25 21:13:14 | 000,032,880 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys [2012/03/25 21:13:10 | 000,039,024 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys [2012/03/25 21:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware [2012/03/25 21:12:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware [2012/03/25 21:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware [2012/03/25 21:00:44 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{86305E9D-6759-4F9E-874E-6B8F10082985} [2012/03/25 21:00:30 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{A5801A4C-73C3-496B-AEBC-D4753B7558F3} [2012/03/24 13:12:24 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{1F8DAFD5-96D3-46E9-B735-AF7CC57DEA3F} [2012/03/24 13:12:01 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{ED35EE70-664D-4C1F-A193-736F90BDBFD4} [2012/03/23 23:24:35 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{039CE32D-539F-41EA-9913-F355ED20FEE7} [2012/03/23 23:24:23 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{42F32CE1-E936-469D-B52E-28756AB0B396} [2012/03/22 20:21:23 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{545D05A6-A854-4591-A7D4-C991CC5C6D56} [2012/03/22 20:20:55 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{35E39AC6-6503-4452-80F2-E8E8F8162AD9} [2012/03/21 20:38:37 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{411164FF-99BC-404E-9DB4-48277CEA9FB2} [2012/03/21 20:38:24 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{F124CC7B-F28F-43A0-B1D2-B26B6E1300E5} [2012/03/20 20:27:01 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{B04E9371-C37B-4431-BD8B-724E92CB2A02} [2012/03/20 20:26:44 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{760442AE-2740-48BC-BAEA-B98F2B2DF19C} [2012/03/19 20:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Windows OneCare Live [2012/03/19 20:37:46 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{4A6E9BED-67D6-4197-883F-DE4FC265F036} [2012/03/19 20:37:30 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{6F80A696-74B0-483F-918C-35D79C71666C} [2012/03/19 01:52:40 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{4CBB8269-80B4-4D76-A280-31F50AD1E9F0} [2012/03/18 12:41:49 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{6AF8DB76-54CE-48FC-AA00-CD6E3BCAC474} [2012/03/18 12:41:27 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{8FD4F172-7FB9-4BC7-B2EC-24A0F32A5848} [2012/03/18 01:20:32 | 000,000,000 | ---D | C] -- C:\Windows\Simple Port Forwarding [2012/03/18 01:20:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Simple Port Forwarding [2010/05/01 13:52:36 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Hugo-2010\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2012/04/17 01:14:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Hugo-2010\Desktop\OTL.exe [2012/04/17 01:11:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/17 01:01:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/16 20:23:50 | 000,023,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/16 20:23:50 | 000,023,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/16 20:15:58 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/16 20:15:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/16 20:15:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2012/04/16 20:15:30 | 3219,763,200 | -HS- | M] () -- C:\hiberfil.sys [2012/04/15 22:22:22 | 000,001,502 | ---- | M] () -- C:\Users\Hugo-2010\.recently-used.xbel [2012/04/15 18:00:01 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job [2012/04/15 13:04:40 | 000,934,473 | ---- | M] () -- C:\Users\Hugo-2010\AppData\Local\census.cache [2012/04/15 13:03:50 | 000,154,181 | ---- | M] () -- C:\Users\Hugo-2010\AppData\Local\ars.cache [2012/04/14 23:09:19 | 000,000,790 | ---- | M] () -- C:\Users\Hugo-2010\AppData\Roaming\burnaware.ini [2012/04/14 22:44:20 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2012/04/14 22:41:14 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys [2012/04/14 22:36:22 | 000,001,980 | ---- | M] () -- C:\Users\Hugo-2010\Desktop\Update Checker.lnk [2012/04/14 22:34:51 | 001,564,368 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/04/14 22:34:51 | 000,706,370 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2012/04/14 22:34:51 | 000,620,854 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/04/14 22:34:51 | 000,135,828 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2012/04/14 22:34:51 | 000,108,660 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/04/13 01:22:22 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\FreeFileSync.lnk [2012/04/11 19:55:24 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/04/11 00:09:13 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job [2012/04/10 19:12:33 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/03/31 13:59:54 | 000,002,112 | ---- | M] () -- C:\Users\Hugo-2010\Documents\SyncSettings.ffs_gui [2012/03/31 10:12:38 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/03/30 23:17:33 | 000,087,552 | ---- | M] () -- C:\Users\Hugo-2010\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/03/30 23:15:23 | 000,001,990 | ---- | M] () -- C:\Users\Hugo-2010\Desktop\MP3MyMP3 3.1.lnk [2012/03/26 12:05:30 | 000,007,640 | ---- | M] () -- C:\Users\Hugo-2010\AppData\Local\Resmon.ResmonCfg [2012/03/25 21:14:15 | 000,001,026 | ---- | M] () -- C:\Users\Hugo-2010\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk [2012/03/25 21:12:55 | 001,584,524 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/03/25 21:12:53 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\VMware Player.lnk [2012/03/24 02:57:33 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk ========== Files Created - No Company Name ========== [2012/04/15 22:22:22 | 000,001,502 | ---- | C] () -- C:\Users\Hugo-2010\.recently-used.xbel [2012/04/15 13:04:40 | 000,934,473 | ---- | C] () -- C:\Users\Hugo-2010\AppData\Local\census.cache [2012/04/15 13:03:50 | 000,154,181 | ---- | C] () -- C:\Users\Hugo-2010\AppData\Local\ars.cache [2012/04/11 19:55:24 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/04/04 19:41:13 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/03/31 13:59:54 | 000,002,112 | ---- | C] () -- C:\Users\Hugo-2010\Documents\SyncSettings.ffs_gui [2012/03/30 23:15:23 | 000,001,990 | ---- | C] () -- C:\Users\Hugo-2010\Desktop\MP3MyMP3 3.1.lnk [2012/03/26 13:06:22 | 000,000,831 | ---- | C] () -- C:\Users\Public\Desktop\FreeFileSync.lnk [2012/03/25 21:14:15 | 000,001,026 | ---- | C] () -- C:\Users\Hugo-2010\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk [2012/03/25 21:12:53 | 000,002,143 | ---- | C] () -- C:\Users\Public\Desktop\VMware Player.lnk [2012/03/24 02:57:33 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012/02/20 02:06:26 | 000,001,057 | ---- | C] () -- C:\Users\Hugo-2010\AppData\Roaming\vso_ts_preview.xml [2012/02/15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/02/15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/01/28 03:10:10 | 000,000,636 | ---- | C] () -- C:\Users\Hugo-2010\AppData\Roaming\AutoGK.ini [2012/01/18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012/01/18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012/01/18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011/12/05 23:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011/12/05 23:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011/11/06 03:03:50 | 000,035,328 | ---- | C] () -- C:\Windows\INETWH32.DLL [2011/11/06 03:03:50 | 000,009,136 | ---- | C] () -- C:\Windows\INETWH16.DLL [2011/11/06 03:03:50 | 000,004,528 | ---- | C] () -- C:\Windows\SETBROWS.EXE [2011/11/06 02:54:49 | 000,000,089 | ---- | C] () -- C:\Windows\ULead32.ini [2011/09/13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/08/03 13:21:58 | 004,077,568 | ---- | C] () -- C:\Windows\QLMGXRenderer.dll [2011/03/14 20:11:06 | 000,000,011 | ---- | C] () -- C:\Windows\3DShadow.INI [2011/03/12 16:27:06 | 000,044,544 | ---- | C] () -- C:\Windows\AWuninstall.exe [2011/03/12 16:26:49 | 000,000,550 | ---- | C] () -- C:\Windows\PluginSwitch.ini [2011/03/12 16:26:14 | 000,000,279 | ---- | C] () -- C:\Windows\ImageInc.ini [2011/03/09 01:27:08 | 000,000,016 | ---- | C] () -- C:\Windows\Wininit.ini [2011/01/15 15:40:57 | 001,584,524 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/01/02 02:24:38 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010/08/02 22:06:05 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2010/07/12 21:48:10 | 000,327,168 | ---- | C] () -- C:\Windows\SysWow64\cutil32.dll [2010/07/12 21:38:20 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb [2010/05/28 21:07:14 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo3.dll [2010/05/07 22:10:02 | 000,000,036 | ---- | C] () -- C:\Users\Hugo-2010\AppData\Local\housecall.guid.cache [2010/05/06 22:00:42 | 000,087,552 | ---- | C] () -- C:\Users\Hugo-2010\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/05/02 20:27:13 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\OctaneARM.dll [2010/05/02 12:00:30 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2010/05/01 13:52:36 | 000,099,384 | ---- | C] () -- C:\Users\Hugo-2010\AppData\Roaming\inst.exe [2010/05/01 13:52:36 | 000,007,859 | ---- | C] () -- C:\Users\Hugo-2010\AppData\Roaming\pcouffin.cat [2010/05/01 13:52:36 | 000,001,167 | ---- | C] () -- C:\Users\Hugo-2010\AppData\Roaming\pcouffin.inf [2010/05/01 13:21:40 | 000,000,019 | ---- | C] () -- C:\Users\Hugo-2010\AppData\Roaming\mdbu.bin [2010/05/01 12:30:50 | 000,007,640 | ---- | C] () -- C:\Users\Hugo-2010\AppData\Local\Resmon.ResmonCfg [2010/04/30 22:44:13 | 000,000,790 | ---- | C] () -- C:\Users\Hugo-2010\AppData\Roaming\burnaware.ini [2010/04/30 20:51:37 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\afasrv64.exe [2010/04/29 22:52:43 | 000,233,472 | ---- | C] () -- C:\Windows\SysWow64\WlanApp.dll [2010/04/29 22:52:43 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\JJAKEn.dll [2010/04/29 22:31:20 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010/04/29 22:31:20 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2010/04/28 23:20:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2010/07/12 19:52:55 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\Acronis [2010/04/30 22:57:25 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\aignes [2011/12/10 00:21:00 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\avidemux [2011/12/04 19:50:44 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\Azureus [2010/04/30 22:47:32 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\Canneverbe Limited [2011/06/04 12:16:54 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\Canon [2011/03/15 23:19:30 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011/11/07 20:45:00 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\CoreFTP [2010/06/10 21:18:53 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\DassaultSystemes [2010/10/25 20:25:24 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\DeviceDoctorSoftware [2011/05/19 21:25:00 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\DriverCure [2012/03/21 00:29:36 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\FreeCommander [2010/10/14 00:30:19 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\FreeFileSync [2012/04/15 22:23:48 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\gtk-2.0 [2010/04/30 22:41:07 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\JAM Software [2011/11/23 22:53:17 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\kompozer.net [2011/01/04 20:49:11 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\Leadertech [2011/09/28 18:47:31 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\MAGIX [2012/03/30 22:31:25 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\MediaMonkey [2010/05/01 18:25:25 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\NASA [2010/07/17 20:54:10 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\No Company Name [2010/05/07 00:27:23 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\No Company Name weg [2010/04/30 23:28:27 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\OpenOffice.org [2011/05/19 21:24:59 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\ParetoLogic [2011/09/11 20:55:49 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\proDAD [2011/11/27 13:07:19 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\Raptr [2010/05/01 17:31:01 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\ResizeMe_ [2010/05/01 18:29:29 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\Stellarium [2012/01/12 01:50:50 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\Subtitle Edit [2011/12/04 16:34:00 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\Totusoft [2012/04/14 22:41:17 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\TrueCrypt [2010/05/01 15:04:50 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\TuneUp Software [2010/05/01 15:22:47 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\TweakNow PowerPack 2010 [2012/03/08 20:59:32 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\Vso [2010/10/26 20:38:54 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\Windows Live Writer [2011/11/03 12:16:53 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\xVideoServiceThief [2012/04/15 18:00:01 | 000,000,476 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job [2012/04/11 00:09:13 | 000,000,450 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job [2012/03/04 13:11:50 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 252 bytes -> C:\ProgramData\TEMP:9A870F8B @Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:0CE7F3C9 < End of report >
  12. htems
    Hello MBAM found a Trojan.Agent but after removal and reboot of the pc the Trojan comes back. In the MBAM logfile following logrecord is found HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|40964 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\msazujo.com -> Will be removed after reboot of the computer. Can't find a solution for it. DDS.txt Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.