Jump to content

AnonOfHolland

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Yo, it's been a while now and I've had absolutely 0 troubles, so I guess it was that crappy software after all. Never expected it to be that bad. Thank you very much for your help!
  2. You're right, actually the whole setup for that program was riddled with "Click next if you agree to install this toolbar and change your home page" and "Donate to our sponsors" crap. The thing with the popups is that it doesn't happen often, so I won't be able to tell if it worked for a while. I backed up my profile and will see what happens. Will post here after a while. Thanks for your patience!
  3. Well, I could, do you think it could be the culprit? The only reason I installed it was because I couldn't get visual styles working by patching my .dll.
  4. Alright, I manually deleted them and rebooted. I guess they were just the .exes that came with CustoPack, which didn't actually install them because I declined it.
  5. Well, I ran it anyway and it did come up with a few results. Luckily I didn't choose to delete them automatically though since it also thought MSNPlus! and winamp were malware. The other two are clearly trouble though. Should I manually delete them or scan again with my NOD32 and let that delete them? Here's the report: C:\Program Files (x86)\CustoPackTools\utils\ask\AskInstallChecker.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Program Files (x86)\CustoPackTools\utils\ask\askToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Users\Most Exalted One\Documents\Software\Setup-PlusForSkype-2.0_FF.exe a variant of Win32/MessengerPlus.A application C:\Users\Most Exalted One\Documents\Software\winamp564_full_emusic-7plus_en-us.exe Win32/OpenCandy application
  6. I've got ESET NOD32 running on this laptop though, is it still necessary to run the online scan?
  7. (Sorry, but part of it appears to be in Dutch) Here we are: ComboFix 13-09-06.01 - Most Exalted One 07-09-2013 20:10:24.1.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.8081.5958 [GMT 2:00] Gestart vanuit: Z:\ComboFix.exe AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\users\Most Exalted One\AppData\Roaming\Microsoft\Windows\Start Menu\Internet Explorer.lnk c:\windows\SysWow64\frapsvid.dll c:\windows\SysWow64\systeminfo.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2013-08-07 to 2013-09-07 )))))))))))))))))))))))))))))) . . 2013-09-07 18:13 . 2013-09-07 18:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-09-07 18:13 . 2013-09-07 18:13 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-06 11:03 . 2013-09-06 11:03 -------- d-----w- c:\windows\ERUNT 2013-09-04 15:35 . 2013-09-04 15:35 -------- d-----w- c:\users\Most Exalted One\AppData\Roaming\Malwarebytes 2013-09-04 15:35 . 2013-09-04 15:35 -------- d-----w- c:\programdata\Malwarebytes 2013-09-04 15:35 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-08-30 23:06 . 2013-08-30 23:06 -------- d-----w- c:\program files (x86)\Daum 2013-08-30 21:03 . 2013-08-30 21:03 -------- d-----w- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP 2013-08-30 21:03 . 2013-08-30 21:06 -------- d-----w- c:\users\Most Exalted One\AppData\Local\Divinity 2 2013-08-30 21:02 . 2013-08-30 21:02 -------- d-----w- c:\programdata\Divinity 2 2013-08-29 21:33 . 2013-08-29 21:33 -------- d-----w- c:\program files (x86)\Electronic Arts 2013-08-28 22:40 . 2013-08-28 22:40 -------- d-----w- c:\windows\system32\W7TIC 2013-08-28 22:40 . 2010-11-21 03:24 780800 ----a-w- c:\windows\system32\ActionCenter.dll.bak 2013-08-28 22:40 . 2010-11-21 03:23 1808384 ----a-w- c:\windows\system32\pnidui.dll.bak 2013-08-28 22:40 . 2010-11-21 03:23 225280 ----a-w- c:\windows\system32\SndVolSSO.dll.bak 2013-08-28 22:11 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer - Copy.exe 2013-08-28 21:24 . 2013-08-28 22:19 -------- d-----w- c:\programdata\CustoPackTools 2013-08-28 21:23 . 2013-09-02 18:13 -------- d-----w- c:\program files (x86)\CustoPackTools 2013-08-28 18:41 . 2013-08-28 18:41 -------- d-----w- c:\windows\SysWow64\FxsTmp 2013-08-28 18:41 . 2013-08-28 18:41 -------- d-----w- c:\windows\system32\FxsTmp 2013-08-28 18:41 . 2013-08-28 18:41 -------- d-----w- c:\windows\addins 2013-08-28 15:52 . 2009-07-14 01:41 44544 ----a-w- c:\windows\system32\themeservice.dll.backup 2013-08-28 15:52 . 2010-11-21 03:23 2851840 ----a-w- c:\windows\system32\themeui.dll.backup 2013-08-28 15:52 . 2009-07-14 01:41 332288 ----a-w- c:\windows\system32\uxtheme.dll.backup 2013-08-27 21:07 . 2013-08-27 21:07 -------- d-----w- c:\users\Most Exalted One\AppData\Roaming\Rainmeter 2013-08-27 21:07 . 2013-08-27 21:07 -------- d-----w- c:\program files\Rainmeter 2013-08-27 08:50 . 2013-08-27 08:50 -------- d-----w- c:\program files (x86)\Citrix 2013-08-27 08:50 . 2013-08-27 08:50 -------- d-----w- c:\users\Most Exalted One\AppData\Local\Citrix 2013-08-26 12:24 . 2013-08-29 21:40 -------- d-----w- c:\users\Most Exalted One\AppData\Roaming\SPORE 2013-08-22 15:08 . 2013-08-20 09:21 117024 ----a-w- c:\windows\system32\BootDefrag.exe 2013-08-22 15:08 . 2013-08-22 15:08 -------- d-----w- c:\users\Most Exalted One\AppData\Roaming\GlarySoft 2013-08-21 17:11 . 2013-08-21 17:11 17139080 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-08-18 11:58 . 2013-08-18 11:58 -------- d-----w- c:\users\User 2013-08-18 11:36 . 2013-08-18 11:36 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2013-08-16 22:12 . 2013-08-16 22:12 -------- d-----w- c:\users\Most Exalted One\AppData\Roaming\Greenshot 2013-08-16 22:12 . 2013-08-16 22:12 -------- d-----w- c:\users\Most Exalted One\AppData\Local\Greenshot 2013-08-16 15:21 . 2013-08-16 15:21 -------- d-----w- c:\users\Most Exalted One\AppData\Roaming\Mael 2013-08-16 15:18 . 2013-08-16 15:18 -------- d-----w- c:\program files (x86)\HxD 2013-08-16 00:23 . 2013-07-15 02:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{423701D6-6F5C-4339-B5E6-34C0B9FBCF1E}\mpengine.dll 2013-08-15 20:18 . 2009-03-09 13:27 5425496 ----a-w- c:\windows\system32\D3DX9_41.dll 2013-08-15 20:17 . 2006-03-31 10:41 3927248 ----a-w- c:\windows\system32\d3dx9_30.dll 2013-08-15 20:17 . 2006-02-03 06:43 3830992 ----a-w- c:\windows\system32\d3dx9_29.dll 2013-08-15 20:17 . 2006-02-03 06:42 355536 ----a-w- c:\windows\system32\xactengine2_0.dll 2013-08-15 20:17 . 2006-02-03 06:41 16592 ----a-w- c:\windows\system32\x3daudio1_0.dll 2013-08-15 20:17 . 2005-12-05 16:09 3815120 ----a-w- c:\windows\system32\d3dx9_28.dll 2013-08-15 20:17 . 2005-07-22 17:59 3807440 ----a-w- c:\windows\system32\d3dx9_27.dll 2013-08-15 20:17 . 2005-05-26 13:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll 2013-08-15 20:17 . 2005-03-18 15:19 3823312 ----a-w- c:\windows\system32\d3dx9_25.dll 2013-08-15 20:17 . 2005-02-05 17:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll 2013-08-15 18:07 . 2012-10-17 02:31 741480 ------w- c:\windows\system32\HPDiscoPMa211.dll 2013-08-15 18:07 . 2013-08-15 18:07 -------- d-----w- c:\programdata\HP 2013-08-15 18:07 . 2013-08-15 18:07 -------- d-----w- c:\program files (x86)\HP 2013-08-15 18:07 . 2013-08-15 18:07 -------- d-----w- c:\program files\HP 2013-08-15 18:06 . 2013-08-15 18:06 -------- d-----w- c:\users\Most Exalted One\AppData\Local\HP 2013-08-15 15:09 . 2013-08-15 15:09 -------- d-----w- c:\windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP 2013-08-15 00:13 . 2013-08-15 00:13 -------- d-----w- c:\users\Most Exalted One\AppData\Roaming\Nero 2013-08-14 22:29 . 2013-08-14 22:29 -------- d--h--r- c:\users\Most Exalted One\AppData\Roaming\SecuROM 2013-08-14 22:29 . 2013-08-14 22:29 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll 2013-08-14 18:20 . 2013-08-14 18:20 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP 2013-08-14 18:20 . 2013-08-30 21:03 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2013-08-14 18:05 . 2013-09-06 21:55 -------- d-----w- c:\program files (x86)\Common Files\BioWare 2013-08-14 18:05 . 2013-09-06 21:54 -------- d-----w- c:\programdata\Media Center Programs 2013-08-13 15:18 . 2013-08-13 15:18 -------- d-----w- c:\program files\CCleaner 2013-08-12 15:22 . 2013-08-12 15:22 -------- d-----w- c:\users\Most Exalted One\AppData\Roaming\iView 2013-08-12 15:22 . 2013-08-12 15:22 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2013-08-12 15:22 . 2013-08-12 15:22 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2013-08-12 15:22 . 2013-08-12 15:22 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2013-08-12 15:22 . 2013-08-12 15:22 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2013-08-12 15:22 . 2013-08-12 15:22 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2013-08-12 15:21 . 2013-08-12 15:22 -------- d-----w- c:\program files (x86)\QuickTime 2013-08-12 15:18 . 2013-08-12 15:18 -------- d-----w- c:\program files (x86)\Common Files\Nikon 2013-08-12 14:47 . 2013-08-12 14:47 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2013-08-09 17:52 . 2013-08-09 17:55 -------- d-----w- c:\users\Most Exalted One\AppData\Roaming\Origin 2013-08-09 17:52 . 2013-08-09 22:03 -------- d-----w- c:\programdata\Origin . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-07 18:13 . 2013-09-07 18:13 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{423701D6-6F5C-4339-B5E6-34C0B9FBCF1E}\offreg.dll 2013-08-21 17:11 . 2012-07-10 18:40 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-21 17:11 . 2012-07-10 18:40 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-08-04 20:13 . 2013-08-04 20:13 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll 2013-07-20 16:36 . 2013-07-20 16:36 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-07-20 16:36 . 2013-07-20 16:36 312232 ----a-w- c:\windows\system32\javaws.exe 2013-07-20 16:36 . 2013-07-20 16:36 189352 ----a-w- c:\windows\system32\javaw.exe 2013-07-20 16:36 . 2013-07-20 16:36 188840 ----a-w- c:\windows\system32\java.exe 2013-07-20 16:36 . 2012-07-10 18:42 972712 ----a-w- c:\windows\system32\deployJava1.dll 2013-07-20 16:36 . 2012-07-10 18:42 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-07-20 00:41 . 2013-07-20 00:41 31344 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys 2013-07-20 00:24 . 2013-07-20 00:24 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2013-07-19 21:34 . 2013-07-19 21:34 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-07-19 21:34 . 2013-07-19 21:34 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-07-19 21:34 . 2013-07-19 21:34 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-07-19 21:34 . 2013-07-19 21:34 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-07-19 21:34 . 2013-07-19 21:34 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-07-19 21:34 . 2013-07-19 21:34 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-07-19 21:34 . 2013-07-19 21:34 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-07-19 21:34 . 2013-07-19 21:34 81408 ----a-w- c:\windows\system32\icardie.dll 2013-07-19 21:34 . 2013-07-19 21:34 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-07-19 21:34 . 2013-07-19 21:34 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-07-19 21:34 . 2013-07-19 21:34 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-07-19 21:34 . 2013-07-19 21:34 67072 ----a-w- c:\windows\system32\iesetup.dll 2013-07-19 21:34 . 2013-07-19 21:34 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-07-19 21:34 . 2013-07-19 21:34 61440 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-07-19 21:34 . 2013-07-19 21:34 53248 ----a-w- c:\windows\system32\jsproxy.dll 2013-07-19 21:34 . 2013-07-19 21:34 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-07-19 21:34 . 2013-07-19 21:34 51712 ----a-w- c:\windows\system32\ie4uinit.exe 2013-07-19 21:34 . 2013-07-19 21:34 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-07-19 21:34 . 2013-07-19 21:34 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-07-19 21:34 . 2013-07-19 21:34 441856 ----a-w- c:\windows\system32\html.iec 2013-07-19 21:34 . 2013-07-19 21:34 39936 ----a-w- c:\windows\system32\iernonce.dll 2013-07-19 21:34 . 2013-07-19 21:34 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-07-19 21:34 . 2013-07-19 21:34 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-07-19 21:34 . 2013-07-19 21:34 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-07-19 21:34 . 2013-07-19 21:34 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-07-19 21:34 . 2013-07-19 21:34 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-07-19 21:34 . 2013-07-19 21:34 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-07-19 21:34 . 2013-07-19 21:34 2648576 ----a-w- c:\windows\system32\iertutil.dll 2013-07-19 21:34 . 2013-07-19 21:34 235008 ----a-w- c:\windows\system32\url.dll 2013-07-19 21:34 . 2013-07-19 21:34 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-07-19 21:34 . 2013-07-19 21:34 2241024 ----a-w- c:\windows\system32\wininet.dll 2013-07-19 21:34 . 2013-07-19 21:34 216064 ----a-w- c:\windows\system32\msls31.dll 2013-07-19 21:34 . 2013-07-19 21:34 197120 ----a-w- c:\windows\system32\msrating.dll 2013-07-19 21:34 . 2013-07-19 21:34 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-07-19 21:34 . 2013-07-19 21:34 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-07-19 21:34 . 2013-07-19 21:34 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-07-19 21:34 . 2013-07-19 21:34 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-07-19 21:34 . 2013-07-19 21:34 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-07-19 21:34 . 2013-07-19 21:34 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-07-19 21:34 . 2013-07-19 21:34 1365504 ----a-w- c:\windows\system32\urlmon.dll 2013-07-19 21:34 . 2013-07-19 21:34 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-07-19 21:34 . 2013-07-19 21:34 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-07-19 21:34 . 2013-07-19 21:34 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-07-19 21:34 . 2013-07-19 21:34 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-07-19 21:34 . 2013-07-19 21:34 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-07-19 21:34 . 2013-07-19 21:34 855552 ----a-w- c:\windows\system32\jscript.dll 2013-07-19 21:34 . 2013-07-19 21:34 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-07-19 21:34 . 2013-07-19 21:34 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-07-19 21:34 . 2013-07-19 21:34 603136 ----a-w- c:\windows\system32\msfeeds.dll 2013-07-19 21:34 . 2013-07-19 21:34 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-07-19 21:34 . 2013-07-19 21:34 526336 ----a-w- c:\windows\system32\ieui.dll 2013-07-19 21:34 . 2013-07-19 21:34 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-07-19 21:34 . 2013-07-19 21:34 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-07-19 21:34 . 2013-07-19 21:34 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-07-19 21:34 . 2013-07-19 21:34 3958784 ----a-w- c:\windows\system32\jscript9.dll 2013-07-19 21:34 . 2013-07-19 21:34 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-07-19 21:34 . 2013-07-19 21:34 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-07-19 21:34 . 2013-07-19 21:34 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-07-19 21:34 . 2013-07-19 21:34 19238912 ----a-w- c:\windows\system32\mshtml.dll 2013-07-19 21:34 . 2013-07-19 21:34 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-07-19 21:34 . 2013-07-19 21:34 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-07-19 21:34 . 2013-07-19 21:34 15404032 ----a-w- c:\windows\system32\ieframe.dll 2013-07-19 21:34 . 2013-07-19 21:34 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-07-19 21:34 . 2013-07-19 21:34 149504 ----a-w- c:\windows\system32\occache.dll 2013-07-19 21:34 . 2013-07-19 21:34 144896 ----a-w- c:\windows\system32\wextract.exe 2013-07-19 21:34 . 2013-07-19 21:34 13824 ----a-w- c:\windows\system32\mshta.exe 2013-07-19 21:34 . 2013-07-19 21:34 136704 ----a-w- c:\windows\system32\iesysprep.dll 2013-07-19 21:34 . 2013-07-19 21:34 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-07-19 21:34 . 2013-07-19 21:34 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-07-19 21:34 . 2013-07-19 21:34 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-07-19 21:34 . 2013-07-19 21:34 102912 ----a-w- c:\windows\system32\inseng.dll 2013-07-19 21:32 . 2013-07-19 21:32 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-07-19 21:32 . 2013-07-19 21:32 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-07-19 21:32 . 2013-07-19 21:32 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-07-19 21:32 . 2013-07-19 21:32 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-07-19 21:32 . 2013-07-19 21:32 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-07-19 21:32 . 2013-07-19 21:32 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-07-19 21:32 . 2013-07-19 21:32 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-07-19 21:32 . 2013-07-19 21:32 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-07-19 21:32 . 2013-07-19 21:32 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-07-19 21:32 . 2013-07-19 21:32 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-07-19 21:32 . 2013-07-19 21:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-07-19 21:32 . 2013-07-19 21:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-07-19 21:32 . 2013-07-19 21:32 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-07-19 21:32 . 2013-07-19 21:32 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-07-19 21:32 . 2013-07-19 21:32 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-07-19 21:32 . 2013-07-19 21:32 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-07-19 21:32 . 2013-07-19 21:32 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GamingMouseEditor"="c:\program files (x86)\GamingMouseEditor\GamingMouseEditor\GamingMouseEditor.exe" [2012-08-17 3333120] "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "THX Audio Control Panel"="c:\program files (x86)\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2011-08-29 1517056] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ De Killer Network Manager van Qualcomm Atheros.lnk - c:\program files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe -minimized [2013-2-19 553984] sbar_hide.exe [2012-1-15 8192] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ RUN.CMD [2012-1-8 306] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe;c:\program files (x86)\Connectify\ConnectifyService.exe [x] R2 MBAMScheduler;MBAMScheduler;z:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe;z:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;z:\program files\Malwarebytes' Anti-Malware\mbamservice.exe;z:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x] R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiaga.sys;c:\windows\SYSNATIVE\drivers\bxdiaga.sys [x] R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys;c:\windows\SYSNATIVE\drivers\bxfcoe.sys [x] R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys;c:\windows\SYSNATIVE\drivers\bxois.sys [x] R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 IAMTVE;Stuurprogramma voor Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTVE.sys;c:\windows\SYSNATIVE\drivers\IAMTVE.sys [x] R3 IAMTXPE;Stuurprogramma voor Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXPE.sys;c:\windows\SYSNATIVE\drivers\IAMTXPE.sys [x] R3 IFCoEMP;IFCoEMP;c:\windows\system32\drivers\ifM60x64.sys;c:\windows\SYSNATIVE\drivers\ifM60x64.sys [x] R3 IFCoEVB;IFCoEVB;c:\windows\system32\drivers\ifP60X64.sys;c:\windows\SYSNATIVE\drivers\ifP60X64.sys [x] R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys;c:\windows\SYSNATIVE\Drivers\qd162x64.sys [x] R3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys;c:\windows\SYSNATIVE\Drivers\qd262x64.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] S0 iusb3hcs;Intel® USB 3.0 hostcontrollerswitch-stuurprogramma;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S1 BfLwf;Qualcomm Atheros Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x] S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys;c:\windows\SYSNATIVE\DRIVERS\cnnctfy2.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x] S2 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x] S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\S-Bar\MSIService.exe;c:\program files (x86)\S-Bar\MSIService.exe [x] S2 MsgPlusService;Messenger Plus! Service;c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe;c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [x] S2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [x] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe;c:\windows\UnsignedThemesSvc.exe [x] S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys;c:\windows\SYSNATIVE\drivers\uxpatch.sys [x] S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtuele adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x] S3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x] S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iusb3hub;Intel® USB 3.0 hub-stuurprogramma;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel® USB 3.0 uitbreidbare hostcontroller-stuurprogramma;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 Ke2200;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x] . . Inhoud van de 'Gedeelde Taken' map . 2013-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-10 17:11] . 2013-09-07 c:\windows\Tasks\GlaryInitialize 3.job - z:\program files\Glary Utilities 3\Initialize.exe [2013-08-20 09:19] . 2013-08-23 c:\windows\Tasks\GlaryUpdate 3.job - z:\program files\Glary Utilities 3\CheckUpdate.exe [2013-08-20 09:18] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008] "BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-05-31 184112] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-06-18 11586944] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-06-05 165872] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-06-05 407536] "Persistence"="c:\windows\system32\igfxpers.exe" [2013-06-05 444400] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2013-06-29 151552] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-07-09 13632216] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - z:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Send to Bluetooth - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm IE: Verzenden naar Bluetooth - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm LSP: %SYSTEMROOT%\system32\BfLLR.dll TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 FF - ProfilePath - c:\users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\ FF - prefs.js: browser.search.selectedEngine - Google.com (in English) FF - prefs.js: browser.startup.homepage - Google.com/ncr FF - ExtSQL: 2013-07-20 21:03; nosquint@urandom.ca; c:\users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\nosquint@urandom.ca.xpi FF - ExtSQL: 2013-07-20 23:50; {F0B24ABB-A42D-4c82-AF2C-3FA6FF27E2C0}; c:\users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\{F0B24ABB-A42D-4c82-AF2C-3FA6FF27E2C0}.xpi FF - ExtSQL: 2013-08-22 18:08; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi FF - ExtSQL: 2013-08-22 19:23; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi FF - ExtSQL: 2013-08-22 20:31; {5C655500-E712-41e7-9349-CE462F844B19}; c:\users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi FF - ExtSQL: 2013-08-28 20:31; {fe272bd1-5f76-4ea4-8501-a05d35d823fc}; c:\users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi FF - ExtSQL: 2013-08-29 00:26; {f69e22c7-bc50-414a-9269-0f5c344cd94c}; c:\users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c} FF - ExtSQL: 2013-09-06 22:46; {9bc51d13-3849-4541-a69c-da418934ca05}; c:\users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\{9bc51d13-3849-4541-a69c-da418934ca05}.xpi . - - - - ORPHANS VERWIJDERD - - - - . Wow6432Node-HKCU-Run-AdobeBridge - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-3113198049-2749692753-1754522176-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (S-1-5-21-3113198049-2749692753-1754522176-1000) @Denied: (2) (LocalSystem) "Progid"="Microsoft Internet Mail Message WLMail" . [HKEY_USERS\S-1-5-21-3113198049-2749692753-1754522176-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (S-1-5-21-3113198049-2749692753-1754522176-1000) @Denied: (2) (LocalSystem) "Progid"="Microsoft Internet Mail VCard WLMail" . [HKEY_USERS\S-1-5-21-3113198049-2749692753-1754522176-1000\Software\SecuROM\License information*] "datasecu"=hex:1c,2b,67,c8,15,f6,31,ac,89,cb,c0,37,98,03,4d,b1,fb,9b,30,92,0d, e2,e4,cb,37,9e,70,af,7d,cd,c4,bf,dc,0d,1e,59,23,0a,9b,28,88,93,27,c7,93,45,\ "rkeysecu"=hex:5c,98,2c,0b,4c,df,53,e4,1a,ae,7e,d9,17,5e,b2,ab . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2013-09-07 20:15:16 ComboFix-quarantined-files.txt 2013-09-07 18:15 . Pre-Run: 9.452.752.896 bytes free Post-Run: 9.442.197.504 bytes free . - - End Of File - - 32569EA73D437B04303A65B797CA3683 A36C5E4F47E84449FF07ED3517B43A31
  8. Extras.txt: OTL Extras logfile created on: 7-9-2013 14:03:30 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = Z:\ 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 7,89 Gb Total Physical Memory | 5,87 Gb Available Physical Memory | 74,43% Memory free 15,78 Gb Paging File | 13,61 Gb Available in Paging File | 86,28% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,62 Gb Total Space | 8,92 Gb Free Space | 14,96% Space Free | Partition Type: NTFS Drive Z: | 698,54 Gb Total Space | 287,47 Gb Free Space | 41,15% Space Free | Partition Type: NTFS Computer Name: MSIGE70 | User Name: Most Exalted One | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3113198049-2749692753-1754522176-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "Z:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "Z:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Hwp.Print] -- Z:\Program Files\Haansoft Hangul 2007\Hwp70\HwpPrnMng.exe /p "%1" () Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "Z:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "Z:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Hwp.Print] -- Z:\Program Files\Haansoft Hangul 2007\Hwp70\HwpPrnMng.exe /p "%1" () Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{166AE546-ECDE-4022-A9F1-4A69711CD149}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1A6715BD-525D-4783-97E1-22AE75C56F67}" = lport=2869 | protocol=6 | dir=in | app=system | "{1BFD8F8E-3BCB-4947-87EC-3E798079CD0E}" = lport=1317 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe | "{1CD7C57C-CF19-44E9-A08C-22474A3654F2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{276B7309-A38A-410D-9C85-5E9E9413DF28}" = rport=1900 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe | "{348C2275-785B-40A9-B854-BCC1A7832E5A}" = rport=137 | protocol=17 | dir=out | app=system | "{39127D91-9893-404E-AEAA-84F7A4AF8A18}" = rport=138 | protocol=17 | dir=out | app=system | "{51CF8E2E-D62E-465B-9AF0-568E7FBF7EC5}" = lport=67 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe | "{68201E41-1058-4C82-9482-5FDF8C87AD47}" = lport=139 | protocol=6 | dir=in | app=system | "{7CEE52F6-B5D2-4D2C-A03C-3A556CBA8186}" = lport=53 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe | "{7E16B186-51AA-48EC-8D35-77D3ADB1F021}" = rport=139 | protocol=6 | dir=out | app=system | "{80A262C4-DA3D-4AEA-8898-596BFB564AEE}" = rport=2869 | protocol=6 | dir=out | app=system | "{8FB3AC3A-B0D9-4F7E-BF67-2AF427445B86}" = lport=137 | protocol=17 | dir=in | app=system | "{9F3CA28F-F30E-4D56-A69D-1834C5C1DD9E}" = lport=1303 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe | "{A89584DF-85D3-41B4-B5EE-7A5A5412CE06}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A89A67EE-3020-44AF-9159-3DFA749F0DA6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B9D59F37-6470-43E4-B9EA-913E8D773446}" = lport=2987 | protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe | "{BD218580-8193-4370-8B87-E6CA4243E706}" = lport=547 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe | "{C253C58E-424D-4F0E-8143-50226BCCA789}" = lport=1900 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe | "{C9F87B42-D1E5-4343-9D08-F118B3676500}" = rport=445 | protocol=6 | dir=out | app=system | "{CCF2A35B-9D44-46DD-8392-970D0DB59497}" = lport=68 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe | "{D1AFA4E2-009A-4470-8BAC-E548117B2D08}" = lport=138 | protocol=17 | dir=in | app=system | "{D4A17444-BA03-4D56-9197-A1EC5CE282B0}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07A8BAE7-968D-43EE-BF64-7E9E50D6F35D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | "{0D65FBC3-104A-4A64-A39F-95BEFE16AACB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{13E65329-294C-47AD-9A37-BA06670A5AE0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2254F824-A9EE-443B-82B3-6F84C86088FD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{335EBDE1-80BB-4BC5-8721-63C12DE6D5B9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{513C0941-DC1A-4E54-A779-5B39F8986CBF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | "{5B80921B-9FA9-45AB-A488-13D2D410A626}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{6B0EABB0-69EE-44A9-B27D-3CC334F02F04}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{70F6478F-2DEA-4575-BEEE-6EFDA6C2110E}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicatorcom.exe | "{71A2F9BD-285D-4829-BF79-47B13267ACDC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | "{72BAFF8E-E926-43F7-A4B0-5A74FFC3705F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | "{7911BB91-EDEA-4C6D-B911-4D03E542ABED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7B7B3096-26EC-4EE4-8826-87A631BF025C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{7EAC1F2F-90D3-403D-A964-79081854B4BE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{86AD5B2E-7018-41D5-A88C-5F7463892510}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | "{92BE601E-81C9-45D8-B59D-559A1838A564}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{990DE44A-5633-4F4B-87B9-0AFB453283BB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | "{9BB28987-048F-4DE9-AF3A-09088D022514}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{A1247988-5908-4943-BC1E-E6DB44C4ED44}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{A1AACF5E-D600-4092-9B31-C5E32264FC1C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | "{B26F1432-3130-4F5E-8C7A-6521F4257377}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B2B7CA34-E11B-4FAE-B116-A5E64D1F64FA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B6B98500-6C11-41CE-9256-02BD2944EA32}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BDA22CDC-EAFD-47B5-99F8-D96A1A7D2FA7}" = dir=in | app=z:\program files\itunes\itunes.exe | "{BDADEDDE-7274-4758-9DF7-C3D5333C3C1B}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe | "{C48FD4C1-11A9-4432-8DCD-26B8986D1B45}" = dir=out | app=c:\windows\system32\svchost.exe | "{C519CDC2-3FDD-49AC-B045-CDF9402F56D6}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\devicesetup.exe | "{CCEC4D7B-92D9-4BED-B8CF-DF741C20AF02}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D8360AEB-9A70-483D-B60B-0117213AD8AE}" = protocol=58 | dir=in | name=internet connection sharing (router solicitation-in) | "{E078F810-5083-43B6-B60C-78C3FCC2EB50}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E32EE1FB-7098-477E-8033-A82B1CAD1D42}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | "{E98AA397-7C91-44F6-995B-37E708DAD45C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FEFF04D9-9A4B-47A8-980C-B2818891E068}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe | "TCP Query User{070536B6-29B6-4C25-BF99-47444127C789}C:\program files (x86)\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe | "TCP Query User{1D4B5196-4903-4270-B1AF-C44E0334E0F5}Z:\games\shadowrun returns\shadowrun.exe" = protocol=6 | dir=in | app=z:\games\shadowrun returns\shadowrun.exe | "TCP Query User{3A98F826-19CD-4F9F-91BF-5A46CAEE553E}Z:\games\mass effect 3\binaries\win32\masseffect3.exe" = protocol=6 | dir=in | app=z:\games\mass effect 3\binaries\win32\masseffect3.exe | "TCP Query User{3D2418C8-2FDC-4D4C-84B8-3FF55A30A00A}C:\program files (x86)\combined community codec pack\mpc\mpc-hc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\combined community codec pack\mpc\mpc-hc.exe | "TCP Query User{75953F2A-0F16-4868-8711-8B630925FC94}C:\program files (x86)\combined community codec pack\mpc\mpc-hc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\combined community codec pack\mpc\mpc-hc.exe | "TCP Query User{7DAEE230-AC17-44F5-871C-57A49B483BD8}Z:\games\shadowrun returns\shadowrun.exe" = protocol=6 | dir=in | app=z:\games\shadowrun returns\shadowrun.exe | "TCP Query User{B71633AF-A77F-48BE-9B53-EF05AF07F048}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{C9B87AAB-E686-4510-BB0F-0F2594740540}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe | "TCP Query User{CBB80B7F-CCF7-421E-AA13-C712CFE3D8CB}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{E00EAC0D-4601-428D-8819-F90FC0430FF6}Z:\games\divinity dragon commander\shipping\dcapp.exe" = protocol=6 | dir=in | app=z:\games\divinity dragon commander\shipping\dcapp.exe | "UDP Query User{18A4B7E7-8530-40EF-A3CD-A1F9EBF64AFD}Z:\games\divinity dragon commander\shipping\dcapp.exe" = protocol=17 | dir=in | app=z:\games\divinity dragon commander\shipping\dcapp.exe | "UDP Query User{1A92FD37-1163-4629-B77B-6BB2C7048DEB}C:\program files (x86)\combined community codec pack\mpc\mpc-hc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\combined community codec pack\mpc\mpc-hc.exe | "UDP Query User{1FF971D6-7199-4DA0-AEC2-7EE97CABDB5F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{30918061-4417-4BA2-9790-80FE04B71A96}Z:\games\mass effect 3\binaries\win32\masseffect3.exe" = protocol=17 | dir=in | app=z:\games\mass effect 3\binaries\win32\masseffect3.exe | "UDP Query User{3D3BD9E2-80D0-4AA9-8D4D-FA98FCB4DBCF}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe | "UDP Query User{4C325265-38B0-45C1-9A5E-9425C64D9012}Z:\games\shadowrun returns\shadowrun.exe" = protocol=17 | dir=in | app=z:\games\shadowrun returns\shadowrun.exe | "UDP Query User{5265F4E1-53B9-4B16-98C8-729EF1A5535C}C:\program files (x86)\connectify\connectify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectify.exe | "UDP Query User{9F3436DB-6C79-4036-8EE0-145CCA9E1641}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{C5943E46-F013-443F-BF2E-6876289589FD}Z:\games\shadowrun returns\shadowrun.exe" = protocol=17 | dir=in | app=z:\games\shadowrun returns\shadowrun.exe | "UDP Query User{EAA5ABD1-3449-44A3-AAF7-CA3996A87576}C:\program files (x86)\combined community codec pack\mpc\mpc-hc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\combined community codec pack\mpc\mpc-hc.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1EAE3FBF-E39F-4B65-ACEE-560A16CD1F44}" = Intel® PROSet/Wireless WiFi Software Driver "{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit) "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 "{4567EA14-6BCA-3EF9-859B-92CE48B1D704}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5972F3C3-5563-47D2-BEE3-1AFEBDD17DA2}" = ESET NOD32 Antivirus "{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 "{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{64A3A4F4-B792-11D6-A78A-00B0D0170250}" = Java SE Development Kit 7 Update 25 (64-bit) "{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}" = Adobe Photoshop Lightroom 5 64-bit "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation "{A10B1524-63B5-40F2-B272-D841CF671C16}" = Intel® PROSet/Wireless Software for Bluetooth® Technology "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B0169FD6-8590-451E-AEFF-A6253C0A850C}" = Intel® PROSet/Wireless for Bluetooth® + High Speed "{B08ED12B-F101-45D1-B13C-B203EA67AD6B}" = HP Deskjet 3070 B611 series Basic Device Software "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA-configuratiescherm 296.31 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafisch stuurprogramma 296.31 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technologie monitor 2.0 "{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager "{E7EBB2A5-8C76-4C16-95A3-2FC74BEDE270}" = Intel® PROSet/Wireless WiFi Software "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FEA1590B-540A-41FC-A95C-664493C82A21}" = Classic Shell "Bullzip PDF Printer_is1" = Bullzip PDF Printer 8.2.0.1406 "CCleaner" = CCleaner "ComicRack" = ComicRack v0.9.170 "Connectify" = Connectify Hotspot "CustoPackTools" = CustoPackTools "Elantech" = ETDWare PS/2-X64 11.13.1.4_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "RW-Everything_is1" = RW-Everything v1.6.4 "WinRAR archiver" = WinRAR 4.20 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{118F84A7-53AA-4BDB-AC4E-723B7B0D8A4B}" = S-Bar "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX "{3C5F1B30-B10B-4579-86DD-D00F662E1043}" = Nero 8 Ultra Edition HD "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6 "{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}" = THX TruStudio Pro "{53C63F43-B827-42D9-8886-4698D91EA33B}" = System Requirements Lab for Intel "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{619FA785-489B-4D22-911F-82D6EDF5BDB0}" = Battery Calibration "{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galactic Adventures "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-00B0-0413-0000-0000000FF1CE}" = Microsoft-invoegtoepassing Opslaan als PDF voor 2007 Microsoft Office-programma's "{901E0412-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Korean User Interface Pack "{901E0413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Dutch User Interface Pack "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™ "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B2423C36-006E-4270-AEBC-CFC4CAF2C310}" = Haansoft Hangul 2007 "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando "{E1B40232-F73B-4BF9-A819-E352CCC1EDEF}" = Citrix Online Launcher "{e6d17d96-ddaa-476f-bb07-db601024ffb1}" = Intel® PROSet/Wireless Software "{E77DA909-3532-4C95-AFEB-06310E88462A}" = System Requirements Lab CYRI "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "5513-1208-7298-9440" = JDownloader 0.9 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "CDCE6956-DD16-4F82-ACA0-E4C7BAD6B26A_is1" = Divinity II - DKS "ClassicPro" = ClassicPro© v2.01 "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2013-08-01 "DAEMON Tools Lite" = DAEMON Tools Lite "Daum Screensaver High" = Daum ½ºÅ©¸°¼¼À̹ö °íÈ­Áú¹öÀü "dBpoweramp DSP Effects" = dBpoweramp DSP Effects "dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec "dBpoweramp Music Converter" = dBpoweramp Music Converter "Divinity: Dragon Commander_is1" = Divinity: Dragon Commander "DVD X Player 4.0 Professional_is1" = DVD X Player 4.0 Professional "Fraps" = Fraps (remove only) "Glary Utilities 3" = Glary Utilities 3.9 "HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0 "ImgBurn" = ImgBurn "InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager "iView MediaPro3" = iView MediaPro3 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Messenger Plus! for Skype" = Messenger Plus! for Skype "Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.55a "NirSoft ShellExView" = NirSoft ShellExView "Rainmeter" = Rainmeter "ResourceHacker_is1" = Resource Hacker Version 3.6.0 "RocketDock_is1" = RocketDock 1.3.5 "Shadowrun Returns_is1" = Shadowrun Returns "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3113198049-2749692753-1754522176-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GoToMeeting" = GoToMeeting 5.5.0.1132 "Winamp Detect" = Winamp Detector Plug-in ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3113198049-2749692753-1754522176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Detector Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6-9-2013 11:26:29 | Computer Name = MsiGE70 | Source = Application Error | ID = 1000 Description = Faulting application name: ComicRack.exe, version: 0.0.0.0, time stamp: 0x51c73d40 Faulting module name: cYo.Common.ni.dll, version: 1.0.4922.34851, time stamp: 0x51c73cb5 Exception code: 0xc0000005 Fault offset: 0x000000000019792b Faulting process id: 0xd80 Faulting application start time: 0x01ceab1572834a6e Faulting application path: C:\Program Files\ComicRack\ComicRack.exe Faulting module path: C:\Windows\assembly\NativeImages_v4.0.30319_64\cYo.Common\40f32a734f94a2b06b3b20708a5f387f\cYo.Common.ni.dll Report Id: b3554ca2-1708-11e3-920e-8c89a50666d8 Error - 6-9-2013 11:26:38 | Computer Name = MsiGE70 | Source = .NET Runtime | ID = 1026 Description = Error - 6-9-2013 11:26:38 | Computer Name = MsiGE70 | Source = Application Error | ID = 1000 Description = Faulting application name: ComicRack.exe, version: 0.0.0.0, time stamp: 0x51c73d40 Faulting module name: cYo.Common.ni.dll, version: 1.0.4922.34851, time stamp: 0x51c73cb5 Exception code: 0xc0000005 Fault offset: 0x000000000019792b Faulting process id: 0x1bac Faulting application start time: 0x01ceab1577c24b28 Faulting application path: C:\Program Files\ComicRack\ComicRack.exe Faulting module path: C:\Windows\assembly\NativeImages_v4.0.30319_64\cYo.Common\40f32a734f94a2b06b3b20708a5f387f\cYo.Common.ni.dll Report Id: b8755338-1708-11e3-920e-8c89a50666d8 Error - 6-9-2013 11:33:45 | Computer Name = MsiGE70 | Source = .NET Runtime | ID = 1026 Description = Error - 6-9-2013 11:33:45 | Computer Name = MsiGE70 | Source = Application Error | ID = 1000 Description = Faulting application name: ComicRack.exe, version: 0.0.0.0, time stamp: 0x51c73d40 Faulting module name: cYo.Common.ni.dll, version: 1.0.4922.34851, time stamp: 0x51c73cb5 Exception code: 0xc0000005 Fault offset: 0x000000000019792b Faulting process id: 0x344 Faulting application start time: 0x01ceab1675df63f1 Faulting application path: C:\Program Files\ComicRack\ComicRack.exe Faulting module path: C:\Windows\assembly\NativeImages_v4.0.30319_64\cYo.Common\40f32a734f94a2b06b3b20708a5f387f\cYo.Common.ni.dll Report Id: b6e1ecbb-1709-11e3-920e-8c89a50666d8 Error - 6-9-2013 11:33:52 | Computer Name = MsiGE70 | Source = .NET Runtime | ID = 1026 Description = Error - 6-9-2013 11:33:52 | Computer Name = MsiGE70 | Source = Application Error | ID = 1000 Description = Faulting application name: ComicRack.exe, version: 0.0.0.0, time stamp: 0x51c73d40 Faulting module name: cYo.Common.ni.dll, version: 1.0.4922.34851, time stamp: 0x51c73cb5 Exception code: 0xc0000005 Fault offset: 0x000000000019792b Faulting process id: 0x182c Faulting application start time: 0x01ceab167a852fac Faulting application path: C:\Program Files\ComicRack\ComicRack.exe Faulting module path: C:\Windows\assembly\NativeImages_v4.0.30319_64\cYo.Common\40f32a734f94a2b06b3b20708a5f387f\cYo.Common.ni.dll Report Id: bb898d3d-1709-11e3-920e-8c89a50666d8 Error - 7-9-2013 5:49:26 | Computer Name = MsiGE70 | Source = WinMgmt | ID = 10 Description = Error - 7-9-2013 5:49:54 | Computer Name = MsiGE70 | Source = SideBySide | ID = 16842787 Description = Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error - 7-9-2013 6:55:55 | Computer Name = MsiGE70 | Source = SideBySide | ID = 16842787 Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. [ System Events ] Error - 6-9-2013 11:06:08 | Computer Name = MsiGE70 | Source = volsnap | ID = 393252 Description = The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. < End of report >
  9. OTL.txt: OTL logfile created on: 7-9-2013 14:09:28 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = Z:\ 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 7,89 Gb Total Physical Memory | 5,67 Gb Available Physical Memory | 71,83% Memory free 15,78 Gb Paging File | 13,51 Gb Available in Paging File | 85,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,62 Gb Total Space | 8,92 Gb Free Space | 14,96% Space Free | Partition Type: NTFS Drive Z: | 698,54 Gb Total Space | 287,47 Gb Free Space | 41,15% Space Free | Partition Type: NTFS Computer Name: MSIGE70 | User Name: Most Exalted One | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013-09-07 14:02:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- Z:\OTL.exe PRC - [2013-06-27 11:02:13 | 000,128,000 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe PRC - [2012-11-09 21:30:26 | 000,287,592 | ---- | M] (Connectify) -- C:\Program Files (x86)\Connectify\Connectifyd.exe PRC - [2012-11-09 21:30:12 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Connectify\ConnectifyService.exe PRC - [2012-08-17 11:23:07 | 003,333,120 | ---- | M] () -- C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\GamingMouseEditor.exe PRC - [2012-06-18 15:32:00 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2012-06-18 15:31:58 | 001,333,184 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2012-06-18 15:31:48 | 001,095,616 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2012-06-18 15:31:42 | 000,956,352 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe PRC - [2012-04-27 15:27:10 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\S-Bar\MSIService.exe PRC - [2012-04-24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe PRC - [2012-03-19 04:53:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012-03-07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe PRC - [2012-02-27 05:01:58 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011-08-29 17:37:02 | 001,517,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\THX TruStudio Pro\THXAudioCP\THXAudio.exe PRC - [2007-09-02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe ========== Modules (No Company Name) ========== MOD - [2013-07-21 18:12:11 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f3d656c870f960559120f947c32ec8dd\Microsoft.VisualBasic.ni.dll MOD - [2013-07-21 18:12:04 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc4a8709f71eba20cc71c7905bba3dee\PresentationFramework.ni.dll MOD - [2013-07-21 18:11:56 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ef17be93e209cc95b9768c7822530432\PresentationCore.ni.dll MOD - [2013-07-21 18:11:49 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll MOD - [2013-07-21 18:11:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll MOD - [2013-07-21 18:10:51 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll MOD - [2013-07-21 18:10:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c8ea295fd4dce110b32c3c4f0e3807b2\System.Runtime.Remoting.ni.dll MOD - [2013-07-21 18:10:42 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll MOD - [2013-07-21 18:10:40 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll MOD - [2013-07-21 18:10:39 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll MOD - [2013-07-21 18:10:33 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll MOD - [2012-08-17 11:23:07 | 003,333,120 | ---- | M] () -- C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\GamingMouseEditor.exe MOD - [2011-08-10 13:43:19 | 000,118,272 | ---- | M] () -- C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\dll\DLL_Wheel4D.dll MOD - [2011-05-20 16:52:09 | 000,901,632 | ---- | M] () -- C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\Data\5Mode_OEM\Forms\ProfileHint\ProfileHint.dll MOD - [2011-04-12 15:14:04 | 000,063,488 | ---- | M] () -- C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\dll\DLL_AnalyzeGesturesInRight.dll MOD - [2011-04-06 16:06:05 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\dll\DLL_PenSuit.dll MOD - [2011-03-21 19:33:17 | 000,999,424 | ---- | M] () -- C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\Data\5Mode_OEM\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll MOD - [2011-01-09 20:45:55 | 000,088,064 | ---- | M] () -- C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\dll\DLL_MouseDeviceManager.dll MOD - [2010-12-02 17:56:52 | 000,815,104 | ---- | M] () -- C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\Data\5Mode_OEM\Forms\OSD_Text\OSD_Text.dll MOD - [2010-11-01 20:16:00 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\dll\DLL_AnalyzeGesturesInOne.dll MOD - [2010-09-20 14:18:57 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\dll\DLL_ZoomControl.dll MOD - [2010-09-20 14:18:54 | 000,054,272 | ---- | M] () -- C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\dll\DLL_ScrollbarControl.dll MOD - [2007-09-02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe MOD - [2007-09-02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll ========== Services (SafeList) ========== SRV:64bit: - [2013-05-27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2013-04-18 19:15:18 | 003,388,144 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV:64bit: - [2013-04-18 19:14:58 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2013-04-18 19:14:46 | 000,621,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2013-04-18 19:14:20 | 000,149,744 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2013-04-11 03:12:50 | 000,772,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2013-02-19 19:31:56 | 000,497,664 | ---- | M] () [Auto | Running] -- C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe -- (Qualcomm Atheros Killer Service) SRV:64bit: - [2012-09-12 19:07:06 | 000,135,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:64bit: - [2012-03-07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV:64bit: - [2010-12-13 15:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV:64bit: - [2010-10-08 03:24:16 | 000,150,016 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013-08-21 19:11:50 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-08-18 13:35:58 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-06-27 11:02:13 | 000,128,000 | ---- | M] (Yuna Software) [Auto | Running] -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService) SRV - [2013-06-21 10:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-06-05 18:47:52 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- Z:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- Z:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012-11-09 21:30:12 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Connectify\ConnectifyService.exe -- (Connectify) SRV - [2012-06-18 15:32:00 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2012-06-18 15:31:58 | 001,333,184 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2012-06-18 15:31:48 | 001,095,616 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2012-04-27 15:27:10 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\S-Bar\MSIService.exe -- (Micro Star SCM) SRV - [2012-04-24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) SRV - [2012-03-19 04:53:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011-12-07 16:38:10 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009-07-13 01:08:04 | 000,024,168 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013-07-20 02:41:09 | 000,031,344 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cnnctfy2.sys -- (cnnctfy2) DRV:64bit: - [2013-07-20 02:24:58 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2013-05-07 18:25:24 | 000,442,368 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2013-05-07 18:22:42 | 004,431,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2013-04-18 08:31:40 | 011,524,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwsw00.sys -- (NETwNs64) DRV:64bit: - [2013-04-11 03:13:08 | 000,164,832 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2013-04-11 03:13:08 | 000,164,832 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013-02-19 19:32:58 | 000,066,928 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bflwfx64.sys -- (BfLwf) DRV:64bit: - [2013-02-19 19:32:56 | 000,165,824 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e22W7x64.sys -- (Ke2200) DRV:64bit: - [2012-09-28 09:38:22 | 000,329,104 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2012-08-21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012-07-09 16:27:06 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex) DRV:64bit: - [2012-06-09 15:51:44 | 000,849,408 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2012-05-21 09:39:12 | 000,111,104 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2012-03-26 06:24:02 | 003,341,904 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012-03-19 04:53:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2012-03-14 08:40:04 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr) DRV:64bit: - [2012-03-14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:64bit: - [2012-03-14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:64bit: - [2012-03-08 11:09:30 | 000,088,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxdiaga.sys -- (b06diag) DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012-02-27 05:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012-02-27 05:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012-02-27 05:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012-02-22 18:33:36 | 000,539,176 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxois.sys -- (bxois) DRV:64bit: - [2012-02-22 18:06:00 | 000,178,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxfcoe.sys -- (bxfcoe) DRV:64bit: - [2012-02-01 17:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012-01-24 17:44:00 | 000,529,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012-01-03 12:21:44 | 000,340,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2011-11-30 18:50:04 | 000,078,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ifP60x64.sys -- (IFCoEVB) DRV:64bit: - [2011-11-30 18:50:02 | 000,388,368 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ifM60x64.sys -- (IFCoEMP) DRV:64bit: - [2011-11-10 02:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010-12-13 15:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo) DRV:64bit: - [2010-11-21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010-11-21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010-11-21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010-11-21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010-11-21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010-10-08 03:23:38 | 000,019,192 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009-11-17 22:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009-11-16 16:45:24 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2) DRV:64bit: - [2009-11-16 16:45:21 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1) DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-07-14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009-07-13 01:09:20 | 000,030,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxpatch.sys -- (uxpatch) DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007-08-28 17:04:20 | 000,067,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2007-04-11 23:30:04 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTVE.sys -- (IAMTVE) DRV:64bit: - [2007-04-11 23:29:58 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTXPE.sys -- (IAMTXPE) DRV - [2011-06-02 11:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.nl IE - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daum.net/ IE - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.nl IE - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ IE - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: Z:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Most Exalted One\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012-07-10 20:43:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-08-18 13:35:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-07-10 20:43:52 | 000,000,000 | ---D | M] [2013-08-18 13:35:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013-08-18 13:36:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013-06-26 22:48:10 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [bLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Motorola Solutions, Inc.) O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd) O4 - HKLM..\Run: [updReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [uSB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-20..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000..\Run: [GamingMouseEditor] C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\GamingMouseEditor.exe () O4 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001..\Run: [GamingMouseEditor] C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\GamingMouseEditor.exe () O4 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013-07-29 23:54:55 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Adobe [2013-08-12 17:18:38 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Ament.ini () O4 - Startup: C:\Users\All Users\Apple [2013-07-20 14:02:44 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Apple Computer [2013-07-20 14:03:02 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Application Data [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Bigfoot Networks [2013-09-07 11:49:36 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Bureaublad [2013-07-19 00:54:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Connectify [2013-07-20 02:42:36 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\CustoPackTools [2013-08-29 00:19:39 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\DAEMON Tools Lite [2013-07-20 02:24:19 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Desktop [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Divinity 2 [2013-08-30 23:02:51 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Documenten [2013-07-19 00:54:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Documents [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\DriverGenius [2012-07-10 20:39:35 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\ESET [2012-07-10 20:43:51 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Favorieten [2013-07-19 00:54:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Favorites [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\HP [2013-08-15 20:07:07 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Intel [2013-07-19 01:08:06 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Malwarebytes [2013-09-04 17:35:45 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Media Center Programs [2013-09-06 23:54:02 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Menu Start [2013-07-19 00:54:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Messenger Plus! for Skype [2013-07-21 02:06:32 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Microsoft [2013-08-28 20:41:48 | 000,000,000 | --SD | M] O4 - Startup: C:\Users\All Users\Mozilla [2013-08-18 13:36:07 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Nero [2013-07-20 14:09:19 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\NVIDIA [2013-07-19 01:21:59 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\NVIDIA Corporation [2013-07-19 01:15:18 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Origin [2013-08-10 00:03:43 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Package Cache [2013-08-27 23:07:35 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\PDF Writer [2013-08-04 16:35:17 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\regid.1986-12.com.adobe [2013-07-20 02:04:09 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Roaming [2013-07-19 01:08:17 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Sjablonen [2013-07-19 00:54:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Skype [2013-07-20 14:12:29 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Start Menu [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Steam [2013-07-20 22:26:15 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Sun [2012-07-10 20:41:43 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\SystemRequirementsLab [2013-07-20 22:59:33 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Templates [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Win7codecs [2013-07-19 01:32:01 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Default\AppData [2009-07-14 05:20:08 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\Default\Application Data [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Cookies [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Desktop [2009-07-14 04:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Documents [2013-07-19 00:54:44 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Downloads [2009-07-14 04:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Favorites [2009-07-14 04:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Links [2009-07-14 04:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Local Settings [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Menu Start [2013-07-19 00:54:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Mijn documenten [2013-07-19 00:54:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Music [2009-07-14 04:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\My Documents [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\NetHood [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Netwerkprinteromgeving [2013-07-19 00:54:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\NTUSER.DAT () O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG () O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 () O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 () O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf () O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\Default\Pictures [2009-07-14 04:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\PrintHood [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Recent [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Roaming [2013-07-19 01:08:17 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Default\Saved Games [2009-07-14 04:34:59 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Default\SendTo [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Sjablonen [2013-07-19 00:54:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Start Menu [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Templates [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Videos [2009-07-14 04:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Most Exalted One\.rnd () O4 - Startup: C:\Users\Most Exalted One\.swt [2013-07-20 02:21:20 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Most Exalted One\AppData [2013-07-19 00:54:58 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\Most Exalted One\Application Data [2013-07-19 00:54:58 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Most Exalted One\Contacts [2013-07-19 00:55:01 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Most Exalted One\Cookies [2013-07-19 00:54:58 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Most Exalted One\Desktop [2013-09-06 23:42:03 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Most Exalted One\Documents [2013-08-31 18:30:18 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Most Exalted One\Downloads [2013-08-21 20:18:04 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Most Exalted One\Favorites [2013-07-19 01:30:30 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Most Exalted One\Links [2013-07-20 13:32:06 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Most Exalted One\Local Settings [2013-07-19 00:54:58 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Most Exalted One\Menu Start [2013-07-19 00:54:58 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Most Exalted One\Mijn documenten [2013-07-19 00:54:58 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Most Exalted One\Music [2013-07-29 23:55:56 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Most Exalted One\NetHood [2013-07-19 00:54:58 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Most Exalted One\Netwerkprinteromgeving [2013-07-19 00:54:58 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Most Exalted One\NTUSER.DAT () O4 - Startup: C:\Users\Most Exalted One\ntuser.dat.LOG1 () O4 - Startup: C:\Users\Most Exalted One\ntuser.dat.LOG2 () O4 - Startup: C:\Users\Most Exalted One\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf () O4 - Startup: C:\Users\Most Exalted One\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\Most Exalted One\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\Most Exalted One\ntuser.ini () O4 - Startup: C:\Users\Most Exalted One\Pictures [2013-07-29 23:56:03 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Most Exalted One\Recent [2013-07-19 00:54:58 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Most Exalted One\Roaming [2013-07-19 01:08:17 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Most Exalted One\Saved Games [2009-07-14 04:34:59 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Most Exalted One\Searches [2013-07-20 13:32:05 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Most Exalted One\SendTo [2013-07-19 00:54:58 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Most Exalted One\Sjablonen [2013-07-19 00:54:58 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Most Exalted One\Videos [2013-07-19 01:27:51 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Desktop [2013-08-28 23:29:23 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Documents [2013-07-20 01:28:02 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Downloads [2009-07-14 06:54:24 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Favorites [2009-07-14 04:34:59 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Libraries [2013-07-21 12:14:55 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Music [2012-07-10 20:50:04 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Pictures [2012-07-10 20:49:44 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Roaming [2013-07-19 01:08:17 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Public\Videos [2012-07-10 20:49:57 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\UpdatusUser\AppData [2013-07-19 01:15:31 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\UpdatusUser\Application Data [2013-07-19 01:15:31 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\UpdatusUser\Contacts [2013-07-19 01:15:32 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\UpdatusUser\Cookies [2013-07-19 01:15:31 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\UpdatusUser\Desktop [2013-07-20 13:42:41 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\UpdatusUser\Documents [2013-07-19 01:15:31 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\UpdatusUser\Downloads [2009-07-14 04:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\UpdatusUser\Favorites [2009-07-14 04:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\UpdatusUser\Links [2009-07-14 04:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\UpdatusUser\Local Settings [2013-07-19 01:15:31 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\UpdatusUser\Menu Start [2013-07-19 01:15:31 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\UpdatusUser\Mijn documenten [2013-07-19 01:15:31 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\UpdatusUser\Music [2009-07-14 04:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\UpdatusUser\NetHood [2013-07-19 01:15:31 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\UpdatusUser\Netwerkprinteromgeving [2013-07-19 01:15:31 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT () O4 - Startup: C:\Users\UpdatusUser\ntuser.dat.LOG1 () O4 - Startup: C:\Users\UpdatusUser\ntuser.dat.LOG2 () O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf () O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\UpdatusUser\ntuser.ini () O4 - Startup: C:\Users\UpdatusUser\Pictures [2009-07-14 04:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\UpdatusUser\Recent [2013-07-19 01:15:31 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\UpdatusUser\Roaming [2013-07-19 01:08:17 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\UpdatusUser\Saved Games [2009-07-14 04:34:59 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\UpdatusUser\Searches [2013-07-19 01:15:32 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\UpdatusUser\SendTo [2013-07-19 01:15:31 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\UpdatusUser\Sjablonen [2013-07-19 01:15:31 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\UpdatusUser\Videos [2009-07-14 04:34:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\User\Pictures [2013-08-18 14:34:08 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - Z:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm () O8:64bit: - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - Z:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm () O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Z:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.35.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A44FDB7-1057-418B-BC3C-FEDE42C531F8}: DhcpNameServer = 212.54.40.25 212.54.35.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{834FB281-A31B-4B1E-B18D-950AF5193353}: DhcpNameServer = 212.54.40.25 212.54.35.25 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{809af03a-f0ca-11e2-a0b4-bcad5359dc64}\Shell - "" = AutoRun O33 - MountPoints2\{809af03a-f0ca-11e2-a0b4-bcad5359dc64}\Shell\AutoRun\command - "" = X:\setup.exe O33 - MountPoints2\{809af044-f0ca-11e2-a0b4-bcad5359dc64}\Shell - "" = AutoRun O33 - MountPoints2\{809af044-f0ca-11e2-a0b4-bcad5359dc64}\Shell\AutoRun\command - "" = Y:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013-09-06 13:03:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013-09-04 17:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013-09-04 17:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013-09-04 17:35:44 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013-08-31 01:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum [2013-08-31 01:06:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Daum [2013-08-30 23:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Divinity 2 [2013-08-29 23:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2013-08-29 00:40:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\W7TIC [2013-08-28 23:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker [2013-08-28 23:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\CustoPackTools [2013-08-28 23:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CustoPackTools [2013-08-28 23:23:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CustoPackTools [2013-08-28 20:41:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\FxsTmp [2013-08-28 20:41:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\FxsTmp [2013-08-28 20:41:53 | 000,000,000 | ---D | C] -- C:\Windows\addins [2013-08-28 20:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013-08-27 23:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\Rainmeter [2013-08-27 10:50:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix [2013-08-26 18:11:50 | 000,000,000 | ---D | C] -- \Documents [2013-08-24 16:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RW-Everything [2013-08-22 17:08:36 | 000,117,024 | ---- | C] (Glarysoft Ltd) -- C:\Windows\SysNative\BootDefrag.exe [2013-08-22 17:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 3 [2013-08-18 13:36:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013-08-18 13:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013-08-18 13:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013-08-17 00:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps [2013-08-16 17:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor [2013-08-16 17:18:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HxD [2013-08-15 20:07:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2013-08-15 20:07:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2013-08-15 20:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2013-08-15 17:08:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2013-08-15 00:29:31 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2013-08-14 20:20:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013-08-14 20:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs [2013-08-14 20:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare [2013-08-13 17:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013-08-12 17:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013-08-12 17:21:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2013-08-12 17:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nikon [2013-08-12 16:47:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013-08-09 19:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 \*.tmp files -> \*.tmp -> ] [1 \*.tmp files -> \*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013-09-07 14:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-09-07 11:56:32 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-09-07 11:56:32 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-09-07 11:53:42 | 002,201,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-09-07 11:53:42 | 000,743,342 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2013-09-07 11:53:42 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-09-07 11:53:42 | 000,419,176 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat [2013-09-07 11:53:42 | 000,152,426 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2013-09-07 11:53:42 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-09-07 11:53:42 | 000,119,368 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat [2013-09-07 11:50:39 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 3.job [2013-09-07 11:49:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-09-04 00:44:33 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2013-09-02 11:16:01 | 005,074,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013-08-31 19:59:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013-08-23 20:35:16 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\GlaryUpdate 3.job [2013-08-22 17:08:36 | 000,000,749 | ---- | M] () -- C:\Users\Most Exalted One\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 3.lnk [2013-08-20 11:21:52 | 000,117,024 | ---- | M] (Glarysoft Ltd) -- C:\Windows\SysNative\BootDefrag.exe [2013-08-16 16:37:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01005.Wdf [2013-08-15 20:07:02 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2013-08-15 17:36:00 | 000,000,613 | ---- | M] () -- C:\Users\Most Exalted One\Application Data\Microsoft\Internet Explorer\Quick Launch\Mass Effect 2.lnk [2013-08-15 00:29:31 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013-09-07 14:02:46 | 000,602,112 | ---- | C] () -- \OTL.exe [2013-08-31 19:59:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013-08-27 23:07:44 | 000,001,725 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk [2013-08-22 17:09:20 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\GlaryUpdate 3.job [2013-08-22 17:08:36 | 000,000,749 | ---- | C] () -- C:\Users\Most Exalted One\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 3.lnk [2013-08-22 17:08:35 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize 3.job [2013-08-16 16:37:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01005.Wdf [2013-08-15 20:07:02 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013-08-15 17:36:00 | 000,000,613 | ---- | C] () -- C:\Users\Most Exalted One\Application Data\Microsoft\Internet Explorer\Quick Launch\Mass Effect 2.lnk [2013-08-04 22:13:35 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2013-07-29 00:27:11 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2013-07-25 00:48:46 | 000,000,146 | ---- | C] () -- C:\Program Files (x86)\Sound.lnk [2013-07-20 23:54:09 | 002,171,830 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013-07-20 14:10:15 | 000,001,024 | ---- | C] () -- C:\Users\Most Exalted One\.rnd [2013-07-20 13:46:58 | 000,000,040 | ---- | C] () -- C:\Windows\Hjimesv.ini [2013-07-20 13:44:23 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\winhcfga.ini [2013-07-20 13:43:01 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo.dll [2013-07-20 13:40:26 | 000,002,979 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.dat [2013-07-20 13:40:06 | 000,014,100 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat [2013-07-20 13:40:02 | 000,515,760 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2013-07-20 13:40:02 | 000,018,293 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat [2013-07-20 02:33:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2013-07-19 01:18:37 | 000,001,313 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2013-07-19 01:18:37 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2013-07-19 01:18:37 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2013-07-19 01:18:36 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2013-07-19 01:18:36 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2013-05-07 18:20:26 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2013-05-07 18:20:24 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll [2013-05-07 18:16:22 | 019,587,072 | ---- | C] () -- C:\Windows\SysWow64\igdfcl32.dll ========== ZeroAccess Check ========== [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013-02-27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013-02-27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013-07-29 23:54:55 | 000,000,000 | ---D | M] -- C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69 [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data [2013-09-07 11:49:36 | 000,000,000 | ---D | M] -- C:\Users\All Users\Bigfoot Networks [2013-07-19 00:54:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Bureaublad [2013-07-20 02:42:36 | 000,000,000 | ---D | M] -- C:\Users\All Users\Connectify [2013-08-29 00:19:39 | 000,000,000 | ---D | M] -- C:\Users\All Users\CustoPackTools [2013-07-20 02:24:19 | 000,000,000 | ---D | M] -- C:\Users\All Users\DAEMON Tools Lite [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop [2013-08-30 23:02:51 | 000,000,000 | ---D | M] -- C:\Users\All Users\Divinity 2 [2013-07-19 00:54:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documenten [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents [2012-07-10 20:39:35 | 000,000,000 | ---D | M] -- C:\Users\All Users\DriverGenius [2012-07-10 20:43:51 | 000,000,000 | ---D | M] -- C:\Users\All Users\ESET [2013-07-19 00:54:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorieten [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites [2013-07-19 00:54:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Menu Start [2013-07-21 02:06:32 | 000,000,000 | ---D | M] -- C:\Users\All Users\Messenger Plus! for Skype [2013-08-10 00:03:43 | 000,000,000 | ---D | M] -- C:\Users\All Users\Origin [2013-08-27 23:07:35 | 000,000,000 | ---D | M] -- C:\Users\All Users\Package Cache [2013-08-04 16:35:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\PDF Writer [2013-07-20 02:04:09 | 000,000,000 | ---D | M] -- C:\Users\All Users\regid.1986-12.com.adobe [2013-07-19 01:08:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\Roaming [2013-07-19 00:54:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Sjablonen [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu [2013-07-20 22:26:15 | 000,000,000 | ---D | M] -- C:\Users\All Users\Steam [2013-07-20 22:59:33 | 000,000,000 | ---D | M] -- C:\Users\All Users\SystemRequirementsLab [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates [2013-07-19 01:32:01 | 000,000,000 | ---D | M] -- C:\Users\All Users\Win7codecs [2009-07-14 05:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies [2009-07-14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop [2013-07-19 00:54:44 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents [2009-07-14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads [2009-07-14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites [2009-07-14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Links [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings [2013-07-19 00:54:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\Menu Start [2013-07-19 00:54:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\Mijn documenten [2009-07-14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Music [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood [2013-07-19 00:54:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netwerkprinteromgeving [2009-07-14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent [2013-07-19 01:08:17 | 000,000,000 | ---D | M] -- C:\Users\Default\Roaming [2009-07-14 04:34:59 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo [2013-07-19 00:54:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\Sjablonen [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu [2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates [2009-07-14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos [2013-07-20 02:21:20 | 000,000,000 | ---D | M] -- C:\Users\Most Exalted One\.swt [2013-07-19 00:54:58 | 000,000,000 | -H-D | M] -- C:\Users\Most Exalted One\AppData [2013-07-19 00:54:58 | 000,000,000 | -HSD | M] -- C:\Users\Most Exalted One\Application Data [2013-07-19 00:55:01 | 000,000,000 | R--D | M] -- C:\Users\Most Exalted One\Contacts [2013-07-19 00:54:58 | 000,000,000 | -HSD | M] -- C:\Users\Most Exalted One\Cookies [2013-09-06 23:42:03 | 000,000,000 | R--D | M] -- C:\Users\Most Exalted One\Desktop [2013-08-31 18:30:18 | 000,000,000 | ---D | M] -- C:\Users\Most Exalted One\Documents [2013-08-21 20:18:04 | 000,000,000 | R--D | M] -- C:\Users\Most Exalted One\Downloads [2013-07-19 01:30:30 | 000,000,000 | R--D | M] -- C:\Users\Most Exalted One\Favorites [2013-07-20 13:32:06 | 000,000,000 | R--D | M] -- C:\Users\Most Exalted One\Links [2013-07-19 00:54:58 | 000,000,000 | -HSD | M] -- C:\Users\Most Exalted One\Local Settings [2013-07-19 00:54:58 | 000,000,000 | -HSD | M] -- C:\Users\Most Exalted One\Menu Start [2013-07-19 00:54:58 | 000,000,000 | -HSD | M] -- C:\Users\Most Exalted One\Mijn documenten [2013-07-29 23:55:56 | 000,000,000 | R--D | M] -- C:\Users\Most Exalted One\Music [2013-07-19 00:54:58 | 000,000,000 | -HSD | M] -- C:\Users\Most Exalted One\NetHood [2013-07-19 00:54:58 | 000,000,000 | -HSD | M] -- C:\Users\Most Exalted One\Netwerkprinteromgeving [2013-07-29 23:56:03 | 000,000,000 | R--D | M] -- C:\Users\Most Exalted One\Pictures [2013-07-19 00:54:58 | 000,000,000 | -HSD | M] -- C:\Users\Most Exalted One\Recent [2013-07-19 01:08:17 | 000,000,000 | ---D | M] -- C:\Users\Most Exalted One\Roaming [2009-07-14 04:34:59 | 000,000,000 | ---D | M] -- C:\Users\Most Exalted One\Saved Games [2013-07-20 13:32:05 | 000,000,000 | R--D | M] -- C:\Users\Most Exalted One\Searches [2013-07-19 00:54:58 | 000,000,000 | -HSD | M] -- C:\Users\Most Exalted One\SendTo [2013-07-19 00:54:58 | 000,000,000 | -HSD | M] -- C:\Users\Most Exalted One\Sjablonen [2013-07-19 01:27:51 | 000,000,000 | R--D | M] -- C:\Users\Most Exalted One\Videos [2013-08-28 23:29:23 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop [2013-07-20 01:28:02 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents [2009-07-14 06:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads [2009-07-14 04:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites [2013-07-21 12:14:55 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries [2012-07-10 20:50:04 | 000,000,000 | R--D | M] -- C:\Users\Public\Music [2012-07-10 20:49:44 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures [2013-07-19 01:08:17 | 000,000,000 | ---D | M] -- C:\Users\Public\Roaming [2012-07-10 20:49:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos [2013-07-19 01:15:31 | 000,000,000 | -H-D | M] -- C:\Users\UpdatusUser\AppData [2013-07-19 01:15:31 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Application Data [2013-07-19 01:15:32 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\Contacts [2013-07-19 01:15:31 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Cookies [2013-07-20 13:42:41 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Desktop [2013-07-19 01:15:31 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Documents [2009-07-14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Downloads [2009-07-14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Favorites [2009-07-14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Links [2013-07-19 01:15:31 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Local Settings [2013-07-19 01:15:31 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Menu Start [2013-07-19 01:15:31 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Mijn documenten [2009-07-14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Music [2013-07-19 01:15:31 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\NetHood [2013-07-19 01:15:31 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Netwerkprinteromgeving [2009-07-14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Pictures [2013-07-19 01:15:31 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Recent [2013-07-19 01:08:17 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\Roaming [2009-07-14 04:34:59 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\Saved Games [2013-07-19 01:15:32 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\Searches [2013-07-19 01:15:31 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\SendTo [2013-07-19 01:15:31 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Sjablonen [2009-07-14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Videos [2013-08-18 14:34:08 | 000,000,000 | ---D | M] -- C:\Users\User\Pictures ========== Purity Check ========== < End of report >
  10. Update: I just got a 'Vube' popup too, whatever that is. Apparently they go hand in hand.
  11. Here are the logs: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.5.8 (09.05.2013:1) OS: Windows 7 Ultimate x64 Ran by Most Exalted One on vr 06-09-2013 at 13:03:40,81 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar ~~~ Files Successfully deleted: [File] "C:\end" ~~~ Folders Successfully deleted: [Folder] "C:\Program Files (x86)\driver-soft" ~~~ FireFox Successfully deleted: [File] C:\Users\Most Exalted One\AppData\Roaming\mozilla\firefox\profiles\tz1sjbrn.User\extensions\firefox1@myibay.com.xpi Successfully deleted: [File] C:\Users\Most Exalted One\AppData\Roaming\mozilla\firefox\profiles\tz1sjbrn.User\searchplugins\youtube-video-search.xml Successfully deleted the following from C:\Users\Most Exalted One\AppData\Roaming\mozilla\firefox\profiles\tz1sjbrn.User\prefs.js user_pref("extensions.helperbar.SmartbarDisabled", false); user_pref("extensions.helperbar.SmartbarStateMinimaized", false); Emptied folder: C:\Users\Most Exalted One\AppData\Roaming\mozilla\firefox\profiles\tz1sjbrn.User\minidumps [404 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on vr 06-09-2013 at 13:07:56,60 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.002 - Report created 06/09/2013 at 13:10:47 # Updated 01/09/2013 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) # Username : Most Exalted One - MSIGE70 # Running from : Z:\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\jetpack ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16635 -\\ Mozilla Firefox v23.0.1 (en-US) [ File : C:\Users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\1k99lj6i.default\prefs.js ] [ File : C:\Users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\prefs.js ] Line Deleted : user_pref("extensions.enabledItems", "helperbar@helperbar.com:1.0,{9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.15,{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3,{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.[...] Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false); Line Deleted : user_pref("extensions.helperbar.Visibility", true); Line Deleted : user_pref("extensions.helperbar.countryiso", "tj"); Line Deleted : user_pref("extensions.helperbar.date", "b0721"); Line Deleted : user_pref("extensions.helperbar.downloadprovider", "pb2"); Line Deleted : user_pref("extensions.helperbar.installationid", "5dae86cb-56bd-44eb-937e-c3ae0e6c6d5e"); Line Deleted : user_pref("extensions.helperbar.installdate", "21/07/2013"); Line Deleted : user_pref("extensions.helperbar.ppctid", "mpls_lin"); Line Deleted : user_pref("extensions.helperbar.publisher", "messengerplus"); Line Deleted : user_pref("extensions.helperbar.uid", "dd752bcf"); Line Deleted : user_pref("extensions.helperbar@helperbar.com.install-event-fired", true); Line Deleted : user_pref("extensions.nosquint.sites", "scribd.com=0,1374348361656,1,100,0,0,false,0,0,false 4chan.org=0,1378465723088,222,130,0,0,false,0,0,false mozilla.org=0,1377728772353,69,130,0,0,false,0,0,fals[...] Line Deleted : user_pref("extensions.snipit.askTbInstalled", true); Line Deleted : user_pref("foxamp.winampautostart", false); Line Deleted : user_pref("foxamp.winampdir", ""); Line Deleted : user_pref("foxytunes.player_class", "@foxytunes.org/FoxyTunes/WinAmp;1"); ************************* AdwCleaner[R0].txt - [2584 octets] - [06/09/2013 13:09:48] AdwCleaner[s0].txt - [2545 octets] - [06/09/2013 13:10:47] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2605 octets] ########## Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.06.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 Most Exalted One :: MSIGE70 [administrator] Protection: Enabled 6-9-2013 13:12:47 mbam-log-2013-09-06 (13-12-47).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 254053 Time elapsed: 2 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  12. Hi Borislav, thank you for your time. Here's the content of the logs: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2 Run by Most Exalted One at 17:42:04 on 2013-09-04 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.8081.5822 [GMT 2:00] . AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\UnsignedThemesSvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Connectify\ConnectifyService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\Program Files (x86)\Connectify\ConnectifyD.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files (x86)\S-Bar\MSIService.exe C:\Program Files\Microsoft LifeCam\MSCamS64.exe C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Skype\Updater\Updater.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Classic Shell\ClassicStartMenu.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\GamingMouseEditor.exe C:\Program Files (x86)\RocketDock\RocketDock.exe C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\S-Bar\S-Bar.exe C:\Program Files (x86)\THX TruStudio Pro\THXAudioCP\THXAudio.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [AdobeBridge] <no file> mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [updReg] C:\Windows\UpdReg.EXE mRun: [THX Audio Control Panel] "C:\Program Files (x86)\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r StartupFolder: C:\Users\MOSTEX~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe StartupFolder: C:\Users\MOSTEX~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\S-BARE~1.LNK - C:\Program Files (x86)\S-Bar\S-Bar.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DEKILL~1.LNK - C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\sbar_hide.exe uPolicies-Explorer: NoResolveTrack = dword:1 uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:0 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - Z:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm IE: Verzenden naar Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} LSP: %SYSTEMROOT%\system32\BfLLR.dll TCP: NameServer = 212.54.40.25 212.54.35.25 TCP: Interfaces\{0A44FDB7-1057-418B-BC3C-FEDE42C531F8} : DHCPNameServer = 212.54.40.25 212.54.35.25 TCP: Interfaces\{834FB281-A31B-4B1E-B18D-950AF5193353} : DHCPNameServer = 212.54.40.25 212.54.35.25 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll SSODL: WebCheck - <orphaned> x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe x64-Run: [bLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64 x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" x64-Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\ FF - prefs.js: browser.search.selectedEngine - Google.com (in English) FF - prefs.js: browser.startup.homepage - Google.com/ncr FF - component: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Apollion\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.5.dll FF - component: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Apollion\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.6.dll FF - component: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Apollion\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.7.dll FF - component: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Apollion\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.8.dll FF - component: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Apollion\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.9.dll FF - component: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Apollion\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll FF - component: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Apollion\extensions\{9e1d7c80-43d1-11db-b0de-0800200c9a66}\components\TSHelper.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Most Exalted One\AppData\Local\Citrix\Plugins\104\npappdetector.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - plugin: Z:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF - ExtSQL: 2013-07-20 21:03; nosquint@urandom.ca; C:\Users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\nosquint@urandom.ca.xpi FF - ExtSQL: 2013-07-20 23:50; {F0B24ABB-A42D-4c82-AF2C-3FA6FF27E2C0}; C:\Users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\{F0B24ABB-A42D-4c82-AF2C-3FA6FF27E2C0}.xpi FF - ExtSQL: 2013-08-22 18:08; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; C:\Users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi FF - ExtSQL: 2013-08-22 19:23; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; C:\Users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi FF - ExtSQL: 2013-08-22 20:31; {5C655500-E712-41e7-9349-CE462F844B19}; C:\Users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi FF - ExtSQL: 2013-08-28 20:31; {fe272bd1-5f76-4ea4-8501-a05d35d823fc}; C:\Users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi FF - ExtSQL: 2013-08-29 00:26; {f69e22c7-bc50-414a-9269-0f5c344cd94c}; C:\Users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c} . ============= SERVICES / DRIVERS =============== . R0 iusb3hcs;Intel® USB 3.0 hostcontrollerswitch-stuurprogramma;C:\Windows\System32\drivers\iusb3hcs.sys [2013-7-19 16152] R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-7-19 28992] R1 BfLwf;Qualcomm Atheros Bandwidth Control;C:\Windows\System32\drivers\bflwfx64.sys [2013-2-19 66928] R1 cnnctfy2;Connectify LightWeight Filter;C:\Windows\System32\drivers\cnnctfy2.sys [2013-7-20 31344] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-7-20 279616] R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-6-18 1095616] R2 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-6-18 1333184] R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-6-18 1124288] R2 Connectify;Connectify;C:\Program Files (x86)\Connectify\ConnectifyService.exe [2013-7-20 65536] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-3-7 913144] R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2012-3-14 137144] R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\S-Bar\MSIService.exe [2012-4-27 160768] R2 MsgPlusService;Messenger Plus! Service;C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2013-7-21 128000] R2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [2013-2-19 497664] R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-10-8 19192] R2 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-7-13 24168] R2 uxpatch;uxpatch;C:\Windows\System32\drivers\uxpatch.sys [2009-7-13 30568] R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-4-18 3388144] R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtuele adapter;C:\Windows\System32\drivers\AmpPal.sys [2013-4-11 164832] R3 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-3-14 209768] R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2013-7-19 329104] R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-7-19 169752] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-5-7 442368] R3 iusb3hub;Intel® USB 3.0 hub-stuurprogramma;C:\Windows\System32\drivers\iusb3hub.sys [2013-7-19 356120] R3 iusb3xhc;Intel® USB 3.0 uitbreidbare hostcontroller-stuurprogramma;C:\Windows\System32\drivers\iusb3xhc.sys [2013-7-19 788760] R3 Ke2200;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;C:\Windows\System32\drivers\e22W7x64.sys [2013-2-19 165824] R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-8-3 32344] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2013-7-19 340072] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-4-11 772064] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-7-19 2429544] S2 MBAMScheduler;MBAMScheduler;Z:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-4 418376] S2 MBAMService;MBAMService;Z:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-4 701512] S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2013-4-11 164832] S3 b06diag;Broadcom NetXtreme II Diag Driver;C:\Windows\System32\drivers\bxdiaga.sys [2012-7-12 88104] S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2012-5-21 111104] S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2012-6-9 849408] S3 bxfcoe;bxfcoe;C:\Windows\System32\drivers\bxfcoe.sys [2012-7-12 178216] S3 bxois;bxois;C:\Windows\System32\drivers\bxois.sys [2012-7-12 539176] S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168] S3 IAMTVE;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTVE.sys [2012-7-12 43416] S3 IAMTXPE;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTXPE.sys [2012-7-12 51096] S3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-7-9 60928] S3 IFCoEMP;IFCoEMP;C:\Windows\System32\drivers\ifM60x64.sys [2012-7-12 388368] S3 IFCoEVB;IFCoEVB;C:\Windows\System32\drivers\ifP60x64.sys [2012-7-12 78096] S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2012-7-12 40144] S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2012-7-12 42192] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-4 25928] S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-4-18 273136] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960] S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248] S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016] . =============== File Associations =============== . ShellExec: DVDXPlayer.exe: open=Z:\Program Files\DVD X Player 4.0\DVDXPlayer.exe" "%1 ShellExec: Hwp.exe: print=Z:\Program Files\Haansoft Hangul 2007\Hwp70\HwpPrnMng.exe /p "%1" . =============== Created Last 30 ================ . 2013-09-04 15:35:50 -------- d-----w- C:\Users\Most Exalted One\AppData\Roaming\Malwarebytes 2013-09-04 15:35:45 -------- d-----w- C:\ProgramData\Malwarebytes 2013-09-04 15:35:44 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-08-30 23:06:03 -------- d-----w- C:\Program Files (x86)\Daum 2013-08-30 21:03:21 -------- d-----w- C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP 2013-08-30 21:03:01 -------- d-----w- C:\Users\Most Exalted One\AppData\Local\Divinity 2 2013-08-30 21:02:51 -------- d-----w- C:\ProgramData\Divinity 2 2013-08-28 22:40:03 780800 ----a-w- C:\Windows\System32\ActionCenter.dll.bak 2013-08-28 22:40:03 225280 ----a-w- C:\Windows\System32\SndVolSSO.dll.bak 2013-08-28 22:40:03 1808384 ----a-w- C:\Windows\System32\pnidui.dll.bak 2013-08-28 22:40:03 -------- d-----w- C:\Windows\System32\W7TIC 2013-08-28 22:11:20 2871808 ----a-w- C:\Windows\explorer - Copy.exe 2013-08-28 21:24:16 -------- d-----w- C:\ProgramData\CustoPackTools 2013-08-28 21:23:32 -------- d-----w- C:\Program Files (x86)\CustoPackTools 2013-08-28 18:41:53 -------- d-----w- C:\Windows\SysWow64\FxsTmp 2013-08-28 18:41:53 -------- d-----w- C:\Windows\System32\FxsTmp 2013-08-28 18:41:53 -------- d-----w- C:\Windows\addins 2013-08-28 15:52:26 44544 ----a-w- C:\Windows\System32\themeservice.dll.backup 2013-08-28 15:52:25 2851840 ----a-w- C:\Windows\System32\themeui.dll.backup 2013-08-28 15:52:21 332288 ----a-w- C:\Windows\System32\uxtheme.dll.backup 2013-08-27 21:07:56 -------- d-----w- C:\Users\Most Exalted One\AppData\Roaming\Rainmeter 2013-08-27 21:07:39 -------- d-----w- C:\Program Files\Rainmeter 2013-08-27 08:50:38 -------- d-----w- C:\Program Files (x86)\Citrix 2013-08-27 08:50:24 -------- d-----w- C:\Users\Most Exalted One\AppData\Local\Citrix 2013-08-26 12:24:19 -------- d-----w- C:\Users\Most Exalted One\AppData\Roaming\SPORE 2013-08-22 15:08:36 117024 ----a-w- C:\Windows\System32\BootDefrag.exe 2013-08-22 15:08:35 -------- d-----w- C:\Users\Most Exalted One\AppData\Roaming\GlarySoft 2013-08-21 17:11:41 17139080 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2013-08-18 11:36:07 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-16 22:12:44 -------- d-----w- C:\Users\Most Exalted One\AppData\Roaming\Greenshot 2013-08-16 22:12:44 -------- d-----w- C:\Users\Most Exalted One\AppData\Local\Greenshot 2013-08-16 15:21:51 -------- d-----w- C:\Users\Most Exalted One\AppData\Roaming\Mael 2013-08-16 15:18:56 -------- d-----w- C:\Program Files (x86)\HxD 2013-08-16 00:23:58 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{423701D6-6F5C-4339-B5E6-34C0B9FBCF1E}\mpengine.dll 2013-08-15 20:18:56 5425496 ----a-w- C:\Windows\System32\D3DX9_41.dll 2013-08-15 20:17:48 3767504 ----a-w- C:\Windows\System32\d3dx9_26.dll 2013-08-15 18:07:46 741480 ------w- C:\Windows\System32\HPDiscoPMa211.dll 2013-08-15 18:07:06 -------- d-----w- C:\Program Files (x86)\HP 2013-08-15 18:07:04 -------- d-----w- C:\Program Files\HP 2013-08-15 18:06:59 -------- d-----w- C:\Users\Most Exalted One\AppData\Local\HP 2013-08-15 15:09:24 -------- d-----w- C:\Windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP 2013-08-15 15:08:54 -------- d-----w- C:\Windows\SysWow64\directx 2013-08-14 22:29:31 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll 2013-08-14 18:20:06 -------- d-----w- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP 2013-08-14 18:20:04 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2013-08-14 18:05:40 -------- d-----w- C:\ProgramData\Media Center Programs 2013-08-14 18:05:40 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare 2013-08-13 15:18:33 -------- d-----w- C:\Program Files\CCleaner 2013-08-12 15:22:55 -------- d-----w- C:\Users\Most Exalted One\AppData\Roaming\iView 2013-08-12 15:22:30 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll 2013-08-12 15:22:30 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll 2013-08-12 15:22:30 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll 2013-08-12 15:22:30 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll 2013-08-12 15:22:30 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll 2013-08-12 15:18:40 -------- d-----w- C:\Program Files (x86)\Common Files\Nikon 2013-08-09 17:52:40 -------- d-----w- C:\Users\Most Exalted One\AppData\Roaming\Origin 2013-08-09 17:52:22 -------- d-----w- C:\ProgramData\Origin 2013-08-06 21:59:37 -------- d-----w- C:\Users\Most Exalted One\AppData\Local\Intel_Corporation 2013-08-05 20:38:37 -------- d-----w- C:\Users\Most Exalted One\AppData\Local\dxhr 2013-08-05 20:37:46 -------- d-----w- C:\Users\Most Exalted One\AppData\Local\28050 . ==================== Find3M ==================== . 2013-08-21 17:11:50 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-21 17:11:50 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-08-04 20:13:35 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll 2013-07-20 16:36:52 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2013-07-20 16:36:49 972712 ----a-w- C:\Windows\System32\deployJava1.dll 2013-07-20 16:36:49 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll 2013-07-20 11:43:01 14 ----a-w- C:\Windows\SysWow64\systeminfo.dll 2013-07-20 00:41:09 31344 ----a-w- C:\Windows\System32\drivers\cnnctfy2.sys 2013-07-20 00:24:58 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys 2013-07-19 21:32:04 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-07-18 23:30:16 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-07-18 23:30:16 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-07-18 23:30:16 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-07-18 23:08:44 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2013-07-18 23:08:44 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2013-07-18 23:08:44 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2013-07-16 09:14:12 3486680 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys 2013-07-16 02:52:04 147160 ----a-w- C:\Windows\System32\RCoInstII64.dll 2013-07-09 06:20:54 3760344 ----a-w- C:\Windows\System32\RtkAPO64.dll 2013-06-27 03:12:14 2795224 ----a-w- C:\Windows\System32\RtPgEx64.dll 2013-06-26 07:18:02 920832 ----a-w- C:\Windows\System32\MaxxAudioAPOShell64.dll 2013-06-26 07:17:58 2032896 ----a-w- C:\Windows\System32\MaxxAudioEQ64.dll 2013-06-26 07:17:52 2103040 ----a-w- C:\Windows\System32\WavesGUILib64.dll 2013-06-18 08:52:58 1004248 ----a-w- C:\Windows\System32\RtkApi64.dll 2013-06-18 06:44:22 2736160 ----a-w- C:\Windows\System32\FMAPO64.dll 2013-06-10 04:44:08 2080472 ----atw- C:\Windows\RtlExUpd.dll . ============= FINISH: 17:42:18,66 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 19-7-2013 0:54:57 System Uptime: 4-9-2013 17:39:52 (0 hours ago) . Motherboard: Micro-Star International Co., Ltd. | | MS-1756 Processor: Intel® Core i7-3630QM CPU @ 2.40GHz | SOCKET 0 | 2401/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 60 GiB total, 10,31 GiB free. D: is CDROM () X: is CDROM () Y: is CDROM () Z: is FIXED (NTFS) - 699 GiB total, 238,683 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop CS6 Adobe Photoshop Lightroom 5 64-bit Adobe Reader XI (11.0.03) Adobe Shockwave Player 12.0 Apple Application Support Apple Mobile Device Support Apple Software Update Battery Calibration Bonjour Bullzip PDF Printer 8.2.0.1406 CCleaner Citrix Online Launcher Classic Shell ClassicPro© v2.01 Combined Community Codec Pack 2013-08-01 ComicRack v0.9.170 Compatibility Pack for the 2007 Office system Connectify Hotspot CustoPackTools DAEMON Tools Lite Daum ½ºÅ©¸°¼¼À̹ö °íÈ­Áú¹öÀü dBpoweramp DSP Effects dBpoweramp FLAC Codec dBpoweramp Music Converter Divinity II - DKS Divinity: Dragon Commander DVD X Player 4.0 Professional ESET NOD32 Antivirus ETDWare PS/2-X64 11.13.1.4_WHQL Fraps (remove only) Glary Utilities 3.9 GoToMeeting 5.5.0.1132 Haansoft Hangul 2007 HP Deskjet 3070 B611 series Basic Device Software HxD Hex Editor version 1.7.7.0 ImgBurn Intel® Management Engine Components Intel® Processor Graphics Intel® PROSet/Wireless for Bluetooth® + High Speed Intel® PROSet/Wireless Software for Bluetooth® Technology Intel® PROSet/Wireless WiFi Software Driver Intel® SDK for OpenCL - CPU Only Runtime Package Intel® USB 3.0 eXtensible Host Controller Driver Intel® PROSet/Wireless Software Intel® PROSet/Wireless WiFi Software Intel® Turbo Boost Technologie monitor 2.0 iTunes iView MediaPro3 Java 7 Update 25 Java 7 Update 25 (64-bit) Java Auto Updater Java SE Development Kit 7 Update 25 (64-bit) JDownloader 0.9 Junk Mail filter update Malwarebytes Anti-Malware version 1.75.0.1300 Mass Effect Mass Effect 2 Mass Effect 3 Messenger Plus! for Skype Microsoft-invoegtoepassing Opslaan als PDF voor 2007 Microsoft Office-programma's Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile NLD Language Pack Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Corporation Microsoft LifeCam Microsoft Office 2003 Dutch User Interface Pack Microsoft Office 2003 Korean User Interface Pack Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 Mozilla Firefox 23.0.1 (x86 en-US) Mozilla Maintenance Service Mp3tag v2.55a MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 8 Ultra Edition HD neroxml NirSoft ShellExView NVIDIA-configuratiescherm 296.31 NVIDIA Grafisch stuurprogramma 296.31 NVIDIA Install Application NVIDIA Optimus 1.7.12 NVIDIA PhysX NVIDIA Update 1.7.12 NVIDIA Update Components PDF Settings CS6 Qualcomm Atheros Killer Network Manager QuickTime Rainmeter Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Realtek PCIE Card Reader Resource Hacker Version 3.6.0 RocketDock 1.3.5 RW-Everything v1.6.4 S-Bar Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Shadowrun Returns Skype™ 6.6 SPORE™ SPORE™ Creepy & Cute Parts Pack SPORE™ Galactic Adventures Star Wars Republic Commando swMSM System Requirements Lab CYRI System Requirements Lab for Intel Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD THX TruStudio Pro Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) UxStyle Core Beta Winamp Winamp Detector Plug-in Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool WinRAR 4.20 (64-bit) . ==== Event Viewer Messages From Past Week ======== . 4-9-2013 15:02:37, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 30-8-2013 20:30:48, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2. 30-8-2013 13:51:54, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR4. 30-8-2013 13:48:42, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3. . ==== End Of File ===========================
  13. Hi, I've been reinstalling my laptop for a while and suddenly I've noticed the iLivid webpage open on its own in firefox. I don't remember doing a lot of stupid things, but I did use a uxtheme.dll patcher that in hindsight may have been suspicious. NOD32 didn't pick anything up though, and when I ran malwarebytes it did find 3 objects but they seemed unrelated (I realize now that it might've been a good idea to save the log for that one, but alas I didn't). I saw this thread that seems to describe my problem pretty well but of course the steps taken were personalized so I'm not sure if I can apply it to my problem as well. My DDS results are included. Any help would be appreciated. attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.