Jump to content

Trojan.Agent is found but not removed after reboot ot the computer


Recommended Posts

Hello

MBAM found a Trojan.Agent but after removal and reboot of the pc the Trojan comes back. In the MBAM logfile following logrecord is found

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|40964 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\msazujo.com -> Will be removed after reboot of the computer.

Can't find a solution for it. :(

DDS.txt

Attach.txt

Link to post
Share on other sites

Hello htems and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

OTL logfile created on: 17/04/2012 1:15:36 - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Hugo-2010\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

4,00 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 32,72% Memory free

7,99 Gb Paging File | 4,50 Gb Available in Paging File | 56,29% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465,66 Gb Total Space | 342,18 Gb Free Space | 73,48% Space Free | Partition Type: NTFS

Drive F: | 2794,39 Gb Total Space | 2640,42 Gb Free Space | 94,49% Space Free | Partition Type: NTFS

Drive G: | 149,05 Gb Total Space | 129,77 Gb Free Space | 87,07% Space Free | Partition Type: NTFS

Drive U: | 149,05 Gb Total Space | 96,48 Gb Free Space | 64,73% Space Free | Partition Type: NTFS

Drive V: | 2794,39 Gb Total Space | 1341,51 Gb Free Space | 48,01% Space Free | Partition Type: NTFS

Computer Name: HUGO-2010-PC | User Name: Hugo-2010 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/17 01:14:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Hugo-2010\Desktop\OTL.exe

PRC - [2012/04/14 01:01:56 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe

PRC - [2012/04/06 19:36:52 | 019,985,920 | ---- | M] () -- C:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_3.26_windows_x86_64.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/02/25 18:07:21 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

PRC - [2012/01/18 16:11:40 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe

PRC - [2012/01/18 16:11:32 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe

PRC - [2012/01/18 13:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

PRC - [2012/01/05 01:39:38 | 000,843,264 | ---- | M] () -- C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcg_gfam_vina_6.11_windows_intelx86

PRC - [2012/01/05 01:39:37 | 000,502,784 | ---- | M] () -- C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcg_gfam_6.11_windows_intelx86

PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/11/07 17:23:59 | 002,741,031 | ---- | M] () -- C:\ProgramData\BOINC\projects\boinc.fzk.de_poem\poempp_0.8_windows_intelx86

PRC - [2011/10/23 22:07:34 | 000,630,784 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe

PRC - [2011/09/02 18:14:34 | 008,948,719 | ---- | M] () -- C:\ProgramData\BOINC\projects\einstein.phys.uwm.edu\hsgamma_FGRP1_0.23_windows_intelx86.exe

PRC - [2011/08/19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe

PRC - [2011/08/12 13:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

PRC - [2011/08/12 13:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

PRC - [2011/05/24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

PRC - [2011/04/03 22:04:53 | 000,784,384 | ---- | M] () -- C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_eu_6.09_windows_intelx86.exe

PRC - [2011/02/24 16:01:00 | 004,220,416 | ---- | M] () -- C:\ProgramData\BOINC\projects\climateprediction.net\hadrm3p_eu_um_6.09_windows_intelx86.exe

PRC - [2011/02/24 16:00:59 | 004,398,592 | ---- | M] () -- C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_eu_um_6.09_windows_intelx86.exe

PRC - [2010/09/30 04:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

PRC - [2010/06/18 23:02:20 | 001,423,520 | ---- | M] () -- C:\Program Files (x86)\No-IP\DUC30.exe

PRC - [2010/05/06 19:24:09 | 000,406,016 | ---- | M] (Space Sciences Laboratory) -- C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe

PRC - [2010/04/30 22:20:12 | 002,475,952 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

PRC - [2010/04/29 09:22:00 | 007,221,248 | ---- | M] (LaCie SA) -- C:\Program Files (x86)\LaCie\Ethernet Agent\LaCie Network Assistant.exe

PRC - [2009/11/13 18:53:26 | 000,357,304 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

PRC - [2009/11/13 18:52:10 | 005,075,776 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

PRC - [2009/10/21 12:12:50 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2007/08/20 14:05:24 | 001,671,168 | ---- | M] (D-Link) -- C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe

PRC - [2007/01/19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe

PRC - [2006/11/14 13:22:10 | 000,121,640 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Location Finder\LocationFinder.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/06 19:36:52 | 019,985,920 | ---- | M] () -- C:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_3.26_windows_x86_64.exe

MOD - [2012/01/05 01:39:38 | 000,843,264 | ---- | M] () -- C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcg_gfam_vina_6.11_windows_intelx86

MOD - [2012/01/05 01:39:37 | 000,502,784 | ---- | M] () -- C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcg_gfam_6.11_windows_intelx86

MOD - [2011/11/07 17:23:59 | 002,741,031 | ---- | M] () -- C:\ProgramData\BOINC\projects\boinc.fzk.de_poem\poempp_0.8_windows_intelx86

MOD - [2011/09/02 18:14:34 | 008,948,719 | ---- | M] () -- C:\ProgramData\BOINC\projects\einstein.phys.uwm.edu\hsgamma_FGRP1_0.23_windows_intelx86.exe

MOD - [2011/08/22 16:47:44 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe

MOD - [2011/08/12 13:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/04/03 22:04:53 | 000,784,384 | ---- | M] () -- C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_eu_6.09_windows_intelx86.exe

MOD - [2011/02/24 16:01:00 | 004,220,416 | ---- | M] () -- C:\ProgramData\BOINC\projects\climateprediction.net\hadrm3p_eu_um_6.09_windows_intelx86.exe

MOD - [2011/02/24 16:00:59 | 004,398,592 | ---- | M] () -- C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_eu_um_6.09_windows_intelx86.exe

MOD - [2010/06/18 23:02:20 | 001,423,520 | ---- | M] () -- C:\Program Files (x86)\No-IP\DUC30.exe

MOD - [2010/05/07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll

MOD - [2010/05/07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll

MOD - [2010/05/07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll

MOD - [2010/05/07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll

MOD - [2010/05/07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll

MOD - [2010/05/06 19:24:10 | 000,448,600 | ---- | M] () -- C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\libfftw3f-3-1-1a_upx.dll

MOD - [2009/02/17 12:19:22 | 000,194,048 | ---- | M] () -- C:\Program Files (x86)\LaCie\Ethernet Agent\curllib.dll

MOD - [2007/08/20 17:41:12 | 000,233,472 | ---- | M] () -- C:\Windows\SysWOW64\WlanApp.dll

MOD - [2003/10/24 01:27:46 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\LaCie\Ethernet Agent\openldap.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/02/15 05:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2012/04/14 13:01:30 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/01/18 16:11:40 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)

SRV - [2012/01/18 16:11:32 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2012/01/18 13:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)

SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/10/23 22:07:34 | 000,630,784 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe -- (FileZilla Server)

SRV - [2011/08/29 22:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)

SRV - [2011/08/19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2011/05/24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)

SRV - [2011/04/26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

SRV - [2010/09/30 04:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)

SRV - [2010/05/01 12:30:27 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/04/30 22:20:12 | 002,475,952 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/11/13 18:55:02 | 000,891,344 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2009/09/18 04:54:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)

SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x64\Sandra.sys -- (SANDRA)

DRV:64bit: - [2012/04/14 22:41:14 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/02/15 04:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/01/18 16:11:56 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)

DRV:64bit: - [2012/01/18 16:11:08 | 000,032,880 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)

DRV:64bit: - [2012/01/18 16:10:38 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV:64bit: - [2012/01/18 13:06:00 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)

DRV:64bit: - [2012/01/18 13:06:00 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam Pro 9000(UVC)

DRV:64bit: - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2011/12/05 21:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2011/08/29 22:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)

DRV:64bit: - [2011/08/29 22:01:10 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)

DRV:64bit: - [2011/08/08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)

DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/09/15 08:46:14 | 000,060,288 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MHIKEY10x64.sys -- (MHIKEY10)

DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)

DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)

DRV:64bit: - [2010/05/01 13:52:36 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)

DRV:64bit: - [2010/04/30 22:20:14 | 000,250,464 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)

DRV:64bit: - [2010/04/30 22:20:09 | 001,477,152 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm255.sys -- (tdrpman255) Acronis Try&Decide and Restore Points filter (build 255)

DRV:64bit: - [2010/04/30 22:20:08 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)

DRV:64bit: - [2010/04/30 22:20:02 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)

DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2010/03/09 12:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009/11/11 18:19:54 | 000,027,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)

DRV:64bit: - [2009/11/11 18:19:54 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)

DRV:64bit: - [2009/10/29 10:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2009/10/26 23:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2009/10/26 23:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2009/08/20 18:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/14 02:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)

DRV:64bit: - [2009/07/14 02:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)

DRV:64bit: - [2009/07/14 02:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)

DRV:64bit: - [2009/06/10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)

DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2007/07/24 03:53:04 | 000,125,992 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PnP680r.sys -- (Pnp680r)

DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://be.msn.com/default.aspx

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-BE

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 CA 78 7C 31 6A CB 01 [binary data]

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_nl

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://be.msn.com/default.aspx

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-BE

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 CA 78 7C 31 6A CB 01 [binary data]

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_nl

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Download\Utilities\CD-DVD branden\Burnaware

IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ig

IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://be.msn.com/default.aspx

IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-be

IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 2F A1 82 DE E7 CA 01 [binary data]

IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found

IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\..\SearchScopes,DefaultScope = {E7EFE7B4-CF76-4EDD-AD5A-14D80C36529A}

IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\..\SearchScopes\{6DA38389-9A26-45F5-A879-72607AAF7E81}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=nl_EU&apn_ptnrs=FV&apn_dtid=YYYYYYYYBE&apn_uid=cf096f9b-a3a5-4275-8808-b9d349e4b0f1&apn_sauid=9FF96F89-ACFF-4475-A2DA-BE96F1116E4F

IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\..\SearchScopes\{E7EFE7B4-CF76-4EDD-AD5A-14D80C36529A}: "URL" = http://www.google.be/search?hl=en&q={searchTerms}&meta=&rlz=1I7GGLL_nlBE377

IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/06/10 21:15:18 | 000,000,000 | ---D | M]

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/06/10 21:15:18 | 000,000,000 | ---D | M]

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

[2012/01/01 21:48:52 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.

O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [Acronis Scheduler2Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [beid] C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe (Belgian Government)

O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)

O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)

O4 - HKLM..\Run: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe (D-Link)

O4 - HKLM..\Run: [FileZilla Server Interface] C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Premium_Download-versie\Trayserver_NL.exe (MAGIX AG)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3593445478-578016552-3228295415-1000..\Run: [LaCie Ethernet Agent Startup] C:\Program Files (x86)\LaCie\Ethernet Agent\LaCie Network Assistant.exe (LaCie SA)

O4 - HKU\S-1-5-21-3593445478-578016552-3228295415-1000..\Run: [Microsoft Location Finder] C:\Program Files (x86)\Microsoft Location Finder\LocationFinder.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Hugo-2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\No-IP DUC.lnk = C:\Program Files (x86)\No-IP\DUC30.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 40964 = C:\PROGRA~3\LOCALS~1\Temp\msazujo.com

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0

O7 - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\..Trusted Ranges: Range1979 ([http] in Trusted sites)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab (Reg Error: Key error.)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)

O16 - DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} http://ua.foto.com/ImageUploader6.cab (Uploader Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42846E5C-B61B-442A-A5C3-CD01953184B2}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97CF2B03-C29E-4E3F-AD0B-9E181F18604D}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\belarc - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/17 01:14:48 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Hugo-2010\Desktop\OTL.exe

[2012/04/17 01:10:50 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{B8C6423E-5EA9-4066-998F-BA1CF924925A}

[2012/04/16 22:54:14 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{1FFC7504-008A-47B5-A775-3C28A0C2CE3B}

[2012/04/16 22:53:51 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{3EE836B9-9BE0-4131-B479-F883607097DB}

[2012/04/16 22:35:44 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{DA32A2B5-AB12-4D54-9875-F35D6E2DE733}

[2012/04/16 22:35:22 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{8D007362-8370-4718-B94C-2F5F15F1A005}

[2012/04/16 22:32:21 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{1F416AB4-5ACA-4B22-8793-78F2A561096C}

[2012/04/16 20:40:29 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{2B62D506-961D-4160-9E60-5F3B67827FFB}

[2012/04/16 20:40:18 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{787AF0AB-655C-48B0-83F4-85A2F23D0F4A}

[2012/04/16 20:37:08 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{41E838CE-5BFF-428E-A28E-91CBF352665B}

[2012/04/16 20:36:52 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{C30C3717-6B83-4FFB-82D6-927F9BB202E9}

[2012/04/16 20:33:33 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{06469FD8-192F-4D60-A6CA-6695B95B1AD1}

[2012/04/16 20:07:22 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{2C24A87F-7176-491C-8869-E13322DE89E3}

[2012/04/16 20:07:05 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{34E015FF-0B74-40A0-8845-D9BFE36FCF89}

[2012/04/16 20:01:47 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{98913718-E9B8-45C1-B7BF-1C93B5C8279C}

[2012/04/16 20:01:28 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{7C9240E3-214F-42D0-9875-40E94887392B}

[2012/04/15 23:20:14 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{F04B55AA-CCAE-4F7C-AE75-27661325DF77}

[2012/04/15 23:19:53 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{5C11D4D8-8771-415E-A6D1-DD16A540AB65}

[2012/04/15 22:54:16 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{0B94BF89-5682-4192-83F7-60FBD7CD432B}

[2012/04/15 22:43:57 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{30C4AD49-B5EB-44C4-8FDC-9F8FB465656F}

[2012/04/15 22:12:28 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{843E519B-4953-444B-BA2A-B307885E4649}

[2012/04/15 21:57:58 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{0177C792-8AAD-41FA-8560-08DB29982117}

[2012/04/15 21:52:57 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{B94E0A54-2BAE-4273-8DD2-06B219ED7F29}

[2012/04/15 14:34:06 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{3E334EB8-749E-44E8-8B02-E882FC2E2722}

[2012/04/15 14:33:44 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{E7027750-DEB4-45D8-9FA1-B2591AC743B3}

[2012/04/15 14:19:09 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{A556EDB0-6CA8-4050-A531-BB256F50A420}

[2012/04/15 13:48:01 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{EA9A9F99-5BD5-4B84-B180-A392E9CBE7F4}

[2012/04/15 12:09:39 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW

[2012/04/14 22:38:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster

[2012/04/14 22:33:11 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{248F572A-528F-4A57-BD7B-20045C45AACB}

[2012/04/14 12:47:01 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{7D1C9996-3D81-456D-BF14-D8904A6A953A}

[2012/04/13 22:49:00 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{800FF905-9ED3-46B3-8949-2ED8249FA36C}

[2012/04/12 19:54:50 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{23843A14-262A-4376-B924-BA1AAFAEC182}

[2012/04/11 19:54:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/04/11 19:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/04/11 19:54:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2012/04/11 19:50:54 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{FEBF4F75-CFCC-4E1A-971A-3BE94A126274}

[2012/04/10 19:24:33 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{6D179046-7A1E-43B1-925D-7CE3A2FB92F0}

[2012/04/09 22:17:16 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{4EFE79A7-03ED-433D-BBFC-80EDADEDAB5D}

[2012/04/09 00:54:28 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{D5316C05-1EE2-44B2-97C5-4E60B4996582}

[2012/04/08 00:52:25 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{56610D69-A2B9-4D65-A760-2E53D56F0E29}

[2012/04/08 00:46:12 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{D7F95174-E24B-4937-8BD2-A19C3C3CAD11}

[2012/04/07 11:19:54 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{6E4C6B2F-6FB1-44AC-862F-16466F47C1E5}

[2012/04/06 19:38:17 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{90E20DD1-DF3E-4C51-A4EB-EC1F2383EFAA}

[2012/04/05 19:35:25 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{00930944-BEFE-47C3-8609-F7F9C77A38C3}

[2012/04/04 19:46:45 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{986A7BED-ECFB-45CD-A90E-2DB0506A0EFF}

[2012/04/03 19:21:50 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{89725327-A0AF-4ECC-85C9-809F31B2FE91}

[2012/04/02 20:09:12 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{01F2AC68-6B7F-4818-8581-257985216FBD}

[2012/04/02 01:19:43 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{22348CA7-052B-4AE6-9142-24786DE1F9B4}

[2012/04/01 12:03:03 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{6E2B1CDF-AD4B-4D01-99CA-114D0255431D}

[2012/03/31 10:56:25 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{BBE58B25-1B27-4E5C-A754-14B3923ABF63}

[2012/03/31 09:58:03 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{D7CD9887-856F-4F79-9222-71999C3560B8}

[2012/03/30 23:15:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP3 My MP3 3.1

[2012/03/30 19:37:47 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{70233815-6091-4C20-896C-7B6E869873A4}

[2012/03/29 19:47:59 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{2B6687A7-2280-4525-9894-5217312462B9}

[2012/03/29 01:20:31 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{39657706-DC0C-4965-BF70-24634BDA51AD}

[2012/03/29 01:20:09 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{FEC4EB8C-D4F4-41AB-BC98-9C972B8348B2}

[2012/03/27 19:56:04 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{EB3E23CA-2CC4-40FC-9416-A6764B90FDB3}

[2012/03/27 19:55:44 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{CA463D1E-C063-4EA7-81B6-B0855A54AC99}

[2012/03/27 01:17:47 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{068EA4EA-7489-46F9-86F2-2CC31DD7DF73}

[2012/03/27 01:17:28 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{7DB97B9C-5067-4321-8FE9-849232FC1E09}

[2012/03/26 12:48:10 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{EBFE29C5-CF5B-493C-B1CB-2D407F1741A1}

[2012/03/26 12:47:59 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{EA430D28-CA68-49B5-AC4E-088358361119}

[2012/03/26 11:17:17 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{AED8925A-AD04-4ED6-B125-4C5DEFF642E5}

[2012/03/25 21:14:11 | 000,063,088 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys

[2012/03/25 21:13:40 | 000,354,416 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe

[2012/03/25 21:13:38 | 000,433,264 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe

[2012/03/25 21:13:32 | 000,030,320 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys

[2012/03/25 21:13:23 | 000,942,192 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll

[2012/03/25 21:13:14 | 000,032,880 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys

[2012/03/25 21:13:10 | 000,039,024 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys

[2012/03/25 21:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware

[2012/03/25 21:12:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware

[2012/03/25 21:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware

[2012/03/25 21:00:44 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{86305E9D-6759-4F9E-874E-6B8F10082985}

[2012/03/25 21:00:30 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{A5801A4C-73C3-496B-AEBC-D4753B7558F3}

[2012/03/24 13:12:24 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{1F8DAFD5-96D3-46E9-B735-AF7CC57DEA3F}

[2012/03/24 13:12:01 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{ED35EE70-664D-4C1F-A193-736F90BDBFD4}

[2012/03/23 23:24:35 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{039CE32D-539F-41EA-9913-F355ED20FEE7}

[2012/03/23 23:24:23 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{42F32CE1-E936-469D-B52E-28756AB0B396}

[2012/03/22 20:21:23 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{545D05A6-A854-4591-A7D4-C991CC5C6D56}

[2012/03/22 20:20:55 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{35E39AC6-6503-4452-80F2-E8E8F8162AD9}

[2012/03/21 20:38:37 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{411164FF-99BC-404E-9DB4-48277CEA9FB2}

[2012/03/21 20:38:24 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{F124CC7B-F28F-43A0-B1D2-B26B6E1300E5}

[2012/03/20 20:27:01 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{B04E9371-C37B-4431-BD8B-724E92CB2A02}

[2012/03/20 20:26:44 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{760442AE-2740-48BC-BAEA-B98F2B2DF19C}

[2012/03/19 20:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Windows OneCare Live

[2012/03/19 20:37:46 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{4A6E9BED-67D6-4197-883F-DE4FC265F036}

[2012/03/19 20:37:30 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{6F80A696-74B0-483F-918C-35D79C71666C}

[2012/03/19 01:52:40 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{4CBB8269-80B4-4D76-A280-31F50AD1E9F0}

[2012/03/18 12:41:49 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{6AF8DB76-54CE-48FC-AA00-CD6E3BCAC474}

[2012/03/18 12:41:27 | 000,000,000 | ---D | C] -- C:\Users\Hugo-2010\AppData\Local\{8FD4F172-7FB9-4BC7-B2EC-24A0F32A5848}

[2012/03/18 01:20:32 | 000,000,000 | ---D | C] -- C:\Windows\Simple Port Forwarding

[2012/03/18 01:20:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Simple Port Forwarding

[2010/05/01 13:52:36 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Hugo-2010\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/04/17 01:14:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Hugo-2010\Desktop\OTL.exe

[2012/04/17 01:11:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/04/17 01:01:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/04/16 20:23:50 | 000,023,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/16 20:23:50 | 000,023,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/16 20:15:58 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/04/16 20:15:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/04/16 20:15:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs

[2012/04/16 20:15:30 | 3219,763,200 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/15 22:22:22 | 000,001,502 | ---- | M] () -- C:\Users\Hugo-2010\.recently-used.xbel

[2012/04/15 18:00:01 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job

[2012/04/15 13:04:40 | 000,934,473 | ---- | M] () -- C:\Users\Hugo-2010\AppData\Local\census.cache

[2012/04/15 13:03:50 | 000,154,181 | ---- | M] () -- C:\Users\Hugo-2010\AppData\Local\ars.cache

[2012/04/14 23:09:19 | 000,000,790 | ---- | M] () -- C:\Users\Hugo-2010\AppData\Roaming\burnaware.ini

[2012/04/14 22:44:20 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk

[2012/04/14 22:41:14 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys

[2012/04/14 22:36:22 | 000,001,980 | ---- | M] () -- C:\Users\Hugo-2010\Desktop\Update Checker.lnk

[2012/04/14 22:34:51 | 001,564,368 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/04/14 22:34:51 | 000,706,370 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat

[2012/04/14 22:34:51 | 000,620,854 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/04/14 22:34:51 | 000,135,828 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat

[2012/04/14 22:34:51 | 000,108,660 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/04/13 01:22:22 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\FreeFileSync.lnk

[2012/04/11 19:55:24 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/04/11 00:09:13 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job

[2012/04/10 19:12:33 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/03/31 13:59:54 | 000,002,112 | ---- | M] () -- C:\Users\Hugo-2010\Documents\SyncSettings.ffs_gui

[2012/03/31 10:12:38 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/03/30 23:17:33 | 000,087,552 | ---- | M] () -- C:\Users\Hugo-2010\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/03/30 23:15:23 | 000,001,990 | ---- | M] () -- C:\Users\Hugo-2010\Desktop\MP3MyMP3 3.1.lnk

[2012/03/26 12:05:30 | 000,007,640 | ---- | M] () -- C:\Users\Hugo-2010\AppData\Local\Resmon.ResmonCfg

[2012/03/25 21:14:15 | 000,001,026 | ---- | M] () -- C:\Users\Hugo-2010\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk

[2012/03/25 21:12:55 | 001,584,524 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/03/25 21:12:53 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\VMware Player.lnk

[2012/03/24 02:57:33 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

========== Files Created - No Company Name ==========

[2012/04/15 22:22:22 | 000,001,502 | ---- | C] () -- C:\Users\Hugo-2010\.recently-used.xbel

[2012/04/15 13:04:40 | 000,934,473 | ---- | C] () -- C:\Users\Hugo-2010\AppData\Local\census.cache

[2012/04/15 13:03:50 | 000,154,181 | ---- | C] () -- C:\Users\Hugo-2010\AppData\Local\ars.cache

[2012/04/11 19:55:24 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/04/04 19:41:13 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/03/31 13:59:54 | 000,002,112 | ---- | C] () -- C:\Users\Hugo-2010\Documents\SyncSettings.ffs_gui

[2012/03/30 23:15:23 | 000,001,990 | ---- | C] () -- C:\Users\Hugo-2010\Desktop\MP3MyMP3 3.1.lnk

[2012/03/26 13:06:22 | 000,000,831 | ---- | C] () -- C:\Users\Public\Desktop\FreeFileSync.lnk

[2012/03/25 21:14:15 | 000,001,026 | ---- | C] () -- C:\Users\Hugo-2010\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk

[2012/03/25 21:12:53 | 000,002,143 | ---- | C] () -- C:\Users\Public\Desktop\VMware Player.lnk

[2012/03/24 02:57:33 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2012/02/20 02:06:26 | 000,001,057 | ---- | C] () -- C:\Users\Hugo-2010\AppData\Roaming\vso_ts_preview.xml

[2012/02/15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012/02/15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012/01/28 03:10:10 | 000,000,636 | ---- | C] () -- C:\Users\Hugo-2010\AppData\Roaming\AutoGK.ini

[2012/01/18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2012/01/18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2012/01/18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

[2011/12/05 23:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll

[2011/12/05 23:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

[2011/11/06 03:03:50 | 000,035,328 | ---- | C] () -- C:\Windows\INETWH32.DLL

[2011/11/06 03:03:50 | 000,009,136 | ---- | C] () -- C:\Windows\INETWH16.DLL

[2011/11/06 03:03:50 | 000,004,528 | ---- | C] () -- C:\Windows\SETBROWS.EXE

[2011/11/06 02:54:49 | 000,000,089 | ---- | C] () -- C:\Windows\ULead32.ini

[2011/09/13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/08/03 13:21:58 | 004,077,568 | ---- | C] () -- C:\Windows\QLMGXRenderer.dll

[2011/03/14 20:11:06 | 000,000,011 | ---- | C] () -- C:\Windows\3DShadow.INI

[2011/03/12 16:27:06 | 000,044,544 | ---- | C] () -- C:\Windows\AWuninstall.exe

[2011/03/12 16:26:49 | 000,000,550 | ---- | C] () -- C:\Windows\PluginSwitch.ini

[2011/03/12 16:26:14 | 000,000,279 | ---- | C] () -- C:\Windows\ImageInc.ini

[2011/03/09 01:27:08 | 000,000,016 | ---- | C] () -- C:\Windows\Wininit.ini

[2011/01/15 15:40:57 | 001,584,524 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/01/02 02:24:38 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2010/08/02 22:06:05 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

[2010/07/12 21:48:10 | 000,327,168 | ---- | C] () -- C:\Windows\SysWow64\cutil32.dll

[2010/07/12 21:38:20 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb

[2010/05/28 21:07:14 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo3.dll

[2010/05/07 22:10:02 | 000,000,036 | ---- | C] () -- C:\Users\Hugo-2010\AppData\Local\housecall.guid.cache

[2010/05/06 22:00:42 | 000,087,552 | ---- | C] () -- C:\Users\Hugo-2010\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/02 20:27:13 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\OctaneARM.dll

[2010/05/02 12:00:30 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

[2010/05/01 13:52:36 | 000,099,384 | ---- | C] () -- C:\Users\Hugo-2010\AppData\Roaming\inst.exe

[2010/05/01 13:52:36 | 000,007,859 | ---- | C] () -- C:\Users\Hugo-2010\AppData\Roaming\pcouffin.cat

[2010/05/01 13:52:36 | 000,001,167 | ---- | C] () -- C:\Users\Hugo-2010\AppData\Roaming\pcouffin.inf

[2010/05/01 13:21:40 | 000,000,019 | ---- | C] () -- C:\Users\Hugo-2010\AppData\Roaming\mdbu.bin

[2010/05/01 12:30:50 | 000,007,640 | ---- | C] () -- C:\Users\Hugo-2010\AppData\Local\Resmon.ResmonCfg

[2010/04/30 22:44:13 | 000,000,790 | ---- | C] () -- C:\Users\Hugo-2010\AppData\Roaming\burnaware.ini

[2010/04/30 20:51:37 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\afasrv64.exe

[2010/04/29 22:52:43 | 000,233,472 | ---- | C] () -- C:\Windows\SysWow64\WlanApp.dll

[2010/04/29 22:52:43 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\JJAKEn.dll

[2010/04/29 22:31:20 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2010/04/29 22:31:20 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2010/04/28 23:20:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2010/07/12 19:52:55 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\Acronis

[2010/04/30 22:57:25 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\aignes

[2011/12/10 00:21:00 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\avidemux

[2011/12/04 19:50:44 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\Azureus

[2010/04/30 22:47:32 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\Canneverbe Limited

[2011/06/04 12:16:54 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\Canon

[2011/03/15 23:19:30 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/11/07 20:45:00 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\CoreFTP

[2010/06/10 21:18:53 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\DassaultSystemes

[2010/10/25 20:25:24 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\DeviceDoctorSoftware

[2011/05/19 21:25:00 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\DriverCure

[2012/03/21 00:29:36 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\FreeCommander

[2010/10/14 00:30:19 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\FreeFileSync

[2012/04/15 22:23:48 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\gtk-2.0

[2010/04/30 22:41:07 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\JAM Software

[2011/11/23 22:53:17 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\kompozer.net

[2011/01/04 20:49:11 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\Leadertech

[2011/09/28 18:47:31 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\MAGIX

[2012/03/30 22:31:25 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\MediaMonkey

[2010/05/01 18:25:25 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\NASA

[2010/07/17 20:54:10 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\No Company Name

[2010/05/07 00:27:23 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\No Company Name weg

[2010/04/30 23:28:27 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\OpenOffice.org

[2011/05/19 21:24:59 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\ParetoLogic

[2011/09/11 20:55:49 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\proDAD

[2011/11/27 13:07:19 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\Raptr

[2010/05/01 17:31:01 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\ResizeMe_

[2010/05/01 18:29:29 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\Stellarium

[2012/01/12 01:50:50 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\Subtitle Edit

[2011/12/04 16:34:00 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\Totusoft

[2012/04/14 22:41:17 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\TrueCrypt

[2010/05/01 15:04:50 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\TuneUp Software

[2010/05/01 15:22:47 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\TweakNow PowerPack 2010

[2012/03/08 20:59:32 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\Vso

[2010/10/26 20:38:54 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\Windows Live Writer

[2011/11/03 12:16:53 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\xVideoServiceThief

[2012/04/15 18:00:01 | 000,000,476 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job

[2012/04/11 00:09:13 | 000,000,450 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job

[2012/03/04 13:11:50 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 252 bytes -> C:\ProgramData\TEMP:9A870F8B

@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:0CE7F3C9

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 17/04/2012 1:15:36 - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Hugo-2010\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

4,00 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 32,72% Memory free

7,99 Gb Paging File | 4,50 Gb Available in Paging File | 56,29% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465,66 Gb Total Space | 342,18 Gb Free Space | 73,48% Space Free | Partition Type: NTFS

Drive F: | 2794,39 Gb Total Space | 2640,42 Gb Free Space | 94,49% Space Free | Partition Type: NTFS

Drive G: | 149,05 Gb Total Space | 129,77 Gb Free Space | 87,07% Space Free | Partition Type: NTFS

Drive U: | 149,05 Gb Total Space | 96,48 Gb Free Space | 64,73% Space Free | Partition Type: NTFS

Drive V: | 2794,39 Gb Total Space | 1341,51 Gb Free Space | 48,01% Space Free | Partition Type: NTFS

Computer Name: HUGO-2010-PC | User Name: Hugo-2010 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- Reg Error: Value error.

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Fotoshow] -- "C:\Program Files (x86)\Fotoservice\Kruidvat fotoservice\Fotoshow.exe" -d "%1" ()

Directory [Kruidvat fotoservice] -- "C:\Program Files (x86)\Fotoservice\Kruidvat fotoservice\Kruidvat fotoservice.exe" "%1" ()

Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" "%1" (Ventis Media Inc.)

Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /NEXT "%1" (Ventis Media Inc.)

Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /ADD "%1" (Ventis Media Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- Reg Error: Value error.

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Fotoshow] -- "C:\Program Files (x86)\Fotoservice\Kruidvat fotoservice\Fotoshow.exe" -d "%1" ()

Directory [Kruidvat fotoservice] -- "C:\Program Files (x86)\Fotoservice\Kruidvat fotoservice\Kruidvat fotoservice.exe" "%1" ()

Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" "%1" (Ventis Media Inc.)

Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /NEXT "%1" (Ventis Media Inc.)

Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /ADD "%1" (Ventis Media Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java 6 Update 24 (64-bit)

"{2C304CEF-37C3-424E-9DD7-C56C45658290}" = Microsoft Image Composite Editor

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}" = AMD Catalyst Install Manager

"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client

"{4567EA14-6BCA-3EF9-859B-92CE48B1D704}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack

"{47E5588F-C3A0-11DE-9857-005056C00008}" = Paragon Partition Manager™ 2010 Free Edition

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4EED336D-C202-43AD-8834-7D8212F3CB5E}" = HD View Utilities

"{4FF5C7C9-86CC-41ED-B93B-0B51AB4FED24}" = VmciSockets

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{51FD1644-F4A7-44C6-B0B3-2C3787B918D8}" = BOINC

"{54FFD5AC-7350-52B9-FB8F-1A8A6CF1FB5B}" = AMD Media Foundation Decoders

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{C9378F0F-B547-5506-165D-98F235F11514}" = ATI AVIVO64 Codecs

"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety

"{CF1EB598-B424-436A-B15F-B763846BA970}" = Dassault Systemes Software Prerequisites x86-x64

"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes

"{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}" = ccc-utility64

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client NL-NL Language Pack

"{E2A59F15-F731-4062-9BB7-3C99D8F15756}" = HP Scanjet G3010

"{E6456858-8C0C-35CE-96B8-AFFCD205C9FC}" = AMD Drag and Drop Transcoding

"{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}" = Microsoft IntelliType Pro 7.1

"{F11009B0-F4DB-463B-B717-5266E47498AA}" = Windows Live Family Safety

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F8EDC0F8-15BC-4411-8762-77105C8AAEEC}" = Microsoft Antimalware Service NL-NL Language Pack

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"CCleaner" = CCleaner

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Photosmart Essential" = HP Photosmart Essential 3.5

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPOCR" = OCR Software by I.R.I.S. 13.0

"lvdrivers_12.10" = Logitech Webcam Software-stuurprogrammapakket

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD

"Microsoft Security Client" = Microsoft Security Essentials

"Primatte PS" = Primatte

"Recuva" = Recuva

"Speccy" = Speccy

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd

"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9

"{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish

"{037045B1-21D7-4F32-8F9C-90606D780C73}" = MAGIX Video deluxe 17 Premium (proDAD Heroglyph 2.6)

"{03AE842F-9204-4FBD-8FD9-0C27AF1533E3}" = MAGIX Video deluxe 17 Premium (Menusjablonen 2)

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{09ACF160-EFA8-4154-BB47-5171C9DB04E2}" = MAGIX Video deluxe 17 Premium (XXL-geluidenarchief 2)

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0DC66F25-C58F-40d3-86BC-CA29C6D99BF8}" = Windows 7 Upgrade Advisor

"{0ED24503-D0D5-40EB-BC52-2C32C4E44C41}" = MAGIX Video deluxe 17 Premium (Overgangseffecten)

"{0EE31180-F347-4954-8AE6-C64306559775}" = MAGIX Speed burnR (MSI)

"{103FA994-406C-4643-9EA3-C0E841D836E0}" = MAGIX Video deluxe MX Premium Download-versie (Fotoshow Maker-stijlen 1)

"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool

"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources

"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi

"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main

"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter

"{17C4A35A-2041-42C0-8D10-DEF55B47BE56}" = Adobe Premiere Elements 8.0 Templates

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware

"{1B5F9286-538A-4CA0-8729-2648F29C70F3}" = MAGIX Audio Cleaning Lab 16 deluxe Download-versie

"{1E4DCB05-1BBF-494A-B304-AE0FE7FB6FE0}" = MAGIX Video deluxe 17 Premium (inleidende video)

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 24

"{27E3BC84-8151-4F76-9D53-A810394CADAC}" = hpg3010

"{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish

"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials

"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{2F43A69E-6BB1-4030-B754-331B287B9656}" = MAGIX Video deluxe 17 Premium (titeleffecten)

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34682103-4986-4A41-B9D2-AC1068E77169}" = MAGIX Speed 2 (MSI)

"{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German

"{39FF0964-98B2-4DC2-8153-B853DF1740FD}" = MAGIX Video deluxe MX Premium Download-versie (Overgangseffecten)

"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver

"{3AAFE6E0-3DED-40AA-AD19-F758112C9D72}" = CCExtractor

"{3B19CE3D-C4D3-A873-C5DB-11349E0B62DF}" = HydraVision

"{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish

"{3E553ED2-8212-4DD3-8992-1A5B878CD91D}" = MAGIX Video deluxe 17 Premium (XXL-geluidenarchief 1)

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT

"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0

"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service

"{4CC5BA76-4F22-4010-834D-E40DE027F3FB}" = MAGIX Video deluxe MX Premium Download-versie (filmsjablonen)

"{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek

"{56984DD4-9196-4891-BB2C-8339A5AD5DF1}" = MAGIX Video deluxe 17 Premium (proDAD Adorage 11)

"{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian

"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7

"{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech

"{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional

"{62963D16-D25A-4CCA-AC3B-9484AFFC4D04}" = MAGIX Video deluxe MX Premium Download-versie (Fotoshow Maker-stijlen 2)

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6B20EE79-2049-49BC-BC46-17A040EE3C2E}" = PS-Wizard

"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition

"{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai

"{6D84AE16-DA77-47CA-B1A0-D035F7BF78AD}" = MAGIX Video deluxe MX Premium Download-versie (Demoproject)

"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72E13122-5B72-4626-99D1-735AAFCAF65B}" = MAGIX Video deluxe MX Premium Download-versie (titeleffecten)

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78F90836-E409-496B-AE20-1B1197C4C06C}" = MAGIX Video deluxe MX Premium Download-versie

"{79403E3A-7BF3-437F-A178-00AE4685FA71}" = MAGIX Video deluxe 17 Premium (Klanggenerator)

"{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean

"{7AD379E0-746F-427E-8468-41D782708D21}" = MAGIX Video deluxe MX Premium Download-versie (inleidende video)

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{806E9D55-58A9-4BA5-8007-A0111C7D1339}" = MAGIX Video deluxe 17 Premium (Demoproject)

"{824563DE-75AD-4166-9DC0-B6482F206193}" = Belgium e-ID middleware 3.5.3 (build 6193)

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher

"{859E2F1F-53A9-431E-9395-6D41BBCBC007}" = MAGIX Video deluxe MX Premium Download-versie (Individuele menusjablonen)

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later

"{88512121-C9BE-4109-B92D-2EEF8A342B49}" = MAGIX Video deluxe 17 Premium (Fotoshow Maker-stijlen 2)

"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software

"{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8AB45D63-43A7-4CB8-A566-435B5EC59B81}" = mufin player 2.5

"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial

"{8B788DF8-3753-4BC9-92DE-C46CCE093801}" = MAGIX Video deluxe 17 Premium (Fotoshow Maker-stijlen 1)

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E53C906-574C-4AFC-BF53-23E3AFB9B290}" = MAGIX Video deluxe 17 Premium (Designelementen)

"{8E7F86F8-D107-46C4-AFA6-4C649915C207}" = MAGIX Video deluxe 17 Premium (proDAD Mercalli 2)

"{8F3B3E0F-4D21-444B-995C-A10CA48A95A5}" = MAGIX Video deluxe 17 Premium (Menusjablonen 1)

"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool

"{91EBCCB9-A539-4306-AC5A-F372E0D6092B}" = OpenOffice.org 3.3

"{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish

"{966CA8ED-5A5D-47F8-A478-794206AB1B3E}" = Microsoft WorldWide Telescope

"{984C51B3-2D77-4085-A392-3550413928DC}" = MAGIX Video deluxe MX Premium Download-versie (proDAD VitaScene 2 MAGIX Edition)

"{9876AE1C-C31E-4C52-9F80-D192A688DF10}" = MAGIX Video deluxe MX Premium (Red Giant Magic Bullet Quick Looks)

"{98EDB4FD-292B-4AA0-B702-3BD7A68397A4}" = MAGIX Screenshare

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French

"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc

"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin

"{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0

"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris

"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.04.28

"{AC76BA86-7AD7-1043-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Nederlands

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k

"{B2CF1869-8727-4F9C-BA7D-807CA9F7C528}" = Magic Bullet Quick Looks (for MAGIX)

"{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian

"{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = Catalyst Control Center

"{B61EB6FF-572D-4326-970C-87B6C77F973D}" = MAGIX 3D Maker (embedded MSI)

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B80A66EB-ED49-489D-A6A6-D6B566C5C0E8}" = MAGIX Video Sound Cleaning Lab Download-versie

"{B8CB4CBE-FD0E-4061-BEE2-24333A28C9CA}" = MAGIX Video deluxe MX Premium (Video Plugins)

"{BA94B525-1469-4E00-AFE4-50ADEB8B3993}_is1" = LaCie Network Assistant 1.4.2.40

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{BE06114F-559D-11E0-B5A1-001D0926B1BF}" = Google Earth

"{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish

"{C158843E-B183-4A50-B368-608B94BA185A}" = MAGIX Video deluxe 17 Premium Video Plugins

"{C17BF36D-E3C4-42FF-98C1-51BACA39FDC9}" = MAGIX Video deluxe 17 Premium (Soundtrack Maker-Stijlen)

"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home

"{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C6B01AEA-4FB0-4DA1-B037-12BCD372B253}" = MAGIX Video deluxe MX Premium Download-versie (Designelementen)

"{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese

"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker

"{CD916DAB-2D43-49DE-AFB0-470A1D705621}" = MAGIX Video deluxe MX Premium Download-versie (proDAD Adorage startpakket)

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8

"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech-webcamsoftware

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All

"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail

"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack

"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential

"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}" = D-Link RangeBooster N DWA-140

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DAF650C8-AFE5-3460-E1C4-B9716D2DA5D2}" = Catalyst Control Center InstallProxy

"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365

"{DF79A36B-62DE-460A-8307-DBC6EC44716A}" = MAGIX Video deluxe MX Premium Download-versie (Menusjablonen 2)

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English

"{E14D6A39-96CA-44DF-9FC7-EB17BC9E2F73}" = Photosynth 2.0110.0317.1042

"{E19CB40D-3BD6-496D-A752-690EC4DEC280}" = MAGIX Video deluxe MX Premium Download-versie (Menusjablonen 1)

"{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch

"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer

"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player

"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

"{E5720A0A-7951-48CC-BBE5-3A9333AC25F2}" = MAGIX Video deluxe MX Premium Download-versie (NewBlueFX Light Blends)

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common

"{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1" = FotoSketcher 2.20

"{E869CE2F-A5D5-44D1-8D71-B2560129F310}" = MAGIX Video deluxe 17 Premium (Individuele menusjablonen)

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EC637522-73A5-4428-8B46-65A621529CC7}" = Microsoft Location Finder

"{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese

"{EE531675-A09C-51DD-F356-ECA9D6857039}" = Adobe Community Help

"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F40B0B58-23AB-49A9-9477-6BF3FF99CC5C}" = MAGIX Video deluxe MX Premium Download-versie (Soundtrack Maker-Stijlen)

"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel

"{FBD23F24-A1F9-47C4-8703-7B3237E0A1F2}" = MAGIX Video deluxe 17 Premium Download-versie

"{FC19BA02-E1E3-40E0-9FA9-6CEAA62C60C6}" = ResizeMyPhotos

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"{FEE83A6D-7E16-ECAB-D10F-0B5813D2799E}" = Application Profiles

"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows

"3D Shadow by Lokas Software" = 3D Shadow by Lokas Software

"7-Zip" = 7-Zip 9.10 beta

"Adobe AIR" = Adobe AIR

"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9

"aignesamdeadlink_is1" = AM-DeadLink 4.3

"Album Art Downloader XUI" = Album Art Downloader XUI 0.40.1

"AMF CD and DVD Label Maker" = AMF CD and DVD Label Maker

"ASRock IES_is1" = ASRock IES v2.0.28

"ASRock InstantBoot_is1" = ASRock InstantBoot v1.23

"Asynx Planetarium v2.61_is1" = Asynx Planetarium Version 2.61

"aTube Catcher" = aTube Catcher

"Audacity_is1" = Audacity 1.2.6

"Avidemux 2.5 (64-bit)" = Avidemux 2.5

"BurnAware Free_is1" = BurnAware Free 4.7

"CameraWindowDC8" = Canon Utilities CameraWindow DC 8

"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher

"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX

"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX

"Canon MOV Decoder" = Canon MOV Decoder

"Canon MOV Encoder" = Canon MOV Encoder

"Celestia_is1" = Celestia 1.6.0

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"CodeStuff Starter" = CodeStuff Starter

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Core FTP LE 2.1" = Core FTP LE 2.1

"CoreFTP" = Core FTP LE

"CRW Fixer" = CRW Fixer

"DPP" = Canon Utilities Digital Photo Professional 3.9

"eIMAGE Recovery" = eIMAGE Recovery

"FileHippo.com" = FileHippo.com Update Checker

"FileZilla Server" = FileZilla Server

"FMCODEC" = FM Screen Capture Codec (Remove Only)

"FormatFactory" = FormatFactory 2.80

"Foto.com's Editor_is1" = Foto.com's Editor 1.0

"FreeCommander_is1" = FreeCommander 2009.02a

"FreeFileSync" = FreeFileSync v5.2

"FXhome PhotoKey 4" = FXhome PhotoKey 4 (remove only)

"HD Tune_is1" = HD Tune 2.55

"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0

"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"IsoBuster_is1" = IsoBuster 3.0

"Kruidvat fotoservice" = Kruidvat fotoservice

"Look@LAN_1.0" = Look@LAN 2.50 Build 35

"MAGIX Screenshare NL" = MAGIX Screenshare

"MAGIX Speed burnR NL" = MAGIX Speed burnR

"MAGIX_MSI_mufin_player_2_5" = mufin player 2.5

"MAGIX_MSI_Videodeluxe17_premium" = MAGIX Video deluxe 17 Premium Download-versie

"MAGIX_MSI_Videodeluxe18_premium" = MAGIX Video deluxe MX Premium Download-versie

"MAGIX_MSI_Videoton_Cleaning_Lab" = MAGIX Video Sound Cleaning Lab Download-versie

"MainApp.exe_is1" = CloneDVD 5.0.1.6

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.61.0.1400

"mclab_16dlx" = MAGIX Audio Cleaning Lab 16 deluxe Download-versie

"MediaMonkey_is1" = MediaMonkey 4.0

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube

"MP3MyMP3_is1" = MP3MyMP3 3.1

"mufin player US" = mufin player

"MyCamera" = Canon Utilities MyCamera

"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin

"NASA World Wind 1.4" = NASA World Wind 1.4

"NewBlue 3D Explosions for Windows" = NewBlue 3D Explosions for Windows

"NewBlue 3D Transformations for Windows" = NewBlue 3D Transformations for Windows

"NewBlue Art Blends for Windows" = NewBlue Art Blends for Windows

"NewBlue Art Effects for Windows" = NewBlue Art Effects for Windows

"NewBlue Film Effects for Windows" = NewBlue Film Effects for Windows

"NewBlue Free Effects for Windows" = NewBlue Free Effects for Windows

"NewBlue Motion Blends for Windows" = NewBlue Motion Blends for Windows

"NewBlue Motion Effects for Windows" = NewBlue Motion Effects for Windows

"NewBlue Paint Blends for Windows" = NewBlue Paint Blends for Windows

"NewBlue Paint Effects for Windows" = NewBlue Paint Effects for Windows

"NewBlue Video Essentials for Windows" = NewBlue Video Essentials for Windows

"NewBlue Video Essentials II for Windows" = NewBlue Video Essentials II for Windows

"NewBlue Video Essentials III for Windows" = NewBlue Video Essentials III for Windows

"NewBlueFX Light Blends" = NewBlueFX Light Blends

"NoIPDUC" = No-IP DUC

"PhotoStitch" = Canon Utilities PhotoStitch

"PremElem80" = Adobe Premiere Elements 8.0

"PremElem80Templates" = Adobe Premiere Elements 8.0 Templates

"proDAD-Adorage-3.0" = proDAD Adorage 3.0

"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5

"proDAD-Mercalli-2.0" = proDAD Mercalli 2.0

"proDAD-Vitascene-1.0" = proDAD Vitascene StarterKit 1.0

"proDAD-Vitascene-2.0" = proDAD Vitascene 2.0

"Recover My Files_is1" = Recover My Files

"Revo Uninstaller" = Revo Uninstaller 1.92

"Simple Port Forwarding" = Simple Port Forwarding

"Stellarium_is1" = Stellarium 0.9.1

"SubMagic_is1" = SubMagic V0.71

"SubtitleEdit_is1" = Subtitle Edit v3.2.2

"SubtitleWorkshop" = Subtitle Workshop 2.51

"System Explorer_is1" = System Explorer 2.7.1

"TreeSize Free_is1" = TreeSize Free V2.5

"TrueCrypt" = TrueCrypt

"TweakNow PowerPack 2010_is1" = TweakNow PowerPack 2010

"Ulead Particle.Plugin 1.0" = Ulead Particle.Plugin 1.0

"VLC media player" = VLC media player 2.0.1

"VMware_Player" = VMware Player

"WinGimp-2.0_is1" = GIMP 2.6.11

"WinLiveSuite" = Windows Live Essentials

"Wise Registry Cleaner_is1" = Wise Registry Cleaner Professional V5.31

"WMV9_VCM" = Microsoft Windows Media Video 9 VCM

"XnFoto_is1" = XnFoto www.foto.com

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3593445478-578016552-3228295415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Aldfaer" = Aldfaer

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
    IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
    IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
    IE - HKU\S-1-5-21-3593445478-578016552-3228295415-1000\..\SearchScopes\{6DA38389-9A26-45F5-A879-72607AAF7E81}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=nl_EU&apn_ptnrs=FV&apn_dtid=YYYYYYYYBE&apn_uid=cf096f9b-a3a5-4275-8808-b9d349e4b0f1&apn_sauid=9FF96F89-ACFF-4475-A2DA-BE96F1116E4F
    O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 40964 = C:\PROGRA~3\LOCALS~1\Temp\msazujo.com
    [2011/12/04 19:50:44 | 000,000,000 | ---D | M] -- C:\Users\Hugo-2010\AppData\Roaming\Azureus
    @Alternate Data Stream - 252 bytes -> C:\ProgramData\TEMP:9A870F8B
    @Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:0CE7F3C9

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

After running your fix I've ran the flash scan with 0 infections as result. I presume the trojan has gone now.

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-3593445478-578016552-3228295415-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.

Registry key HKEY_USERS\S-1-5-21-3593445478-578016552-3228295415-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.

Registry key HKEY_USERS\S-1-5-21-3593445478-578016552-3228295415-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6DA38389-9A26-45F5-A879-72607AAF7E81}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DA38389-9A26-45F5-A879-72607AAF7E81}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\40964 deleted successfully.

C:\Users\Hugo-2010\AppData\Roaming\Azureus\torrents folder moved successfully.

C:\Users\Hugo-2010\AppData\Roaming\Azureus\tmp folder moved successfully.

C:\Users\Hugo-2010\AppData\Roaming\Azureus\subs folder moved successfully.

C:\Users\Hugo-2010\AppData\Roaming\Azureus\shares folder moved successfully.

C:\Users\Hugo-2010\AppData\Roaming\Azureus\rss folder moved successfully.

C:\Users\Hugo-2010\AppData\Roaming\Azureus\plugins\mlab folder moved successfully.

C:\Users\Hugo-2010\AppData\Roaming\Azureus\plugins\azutp\x64 folder moved successfully.

C:\Users\Hugo-2010\AppData\Roaming\Azureus\plugins\azutp\win32 folder moved successfully.

C:\Users\Hugo-2010\AppData\Roaming\Azureus\plugins\azutp folder moved successfully.

C:\Users\Hugo-2010\AppData\Roaming\Azureus\plugins\azupnpav folder moved successfully.

C:\Users\Hugo-2010\AppData\Roaming\Azureus\plugins\aefeatman_v folder moved successfully.

C:\Users\Hugo-2010\AppData\Roaming\Azureus\plugins folder moved successfully.

C:\Users\Hugo-2010\AppData\Roaming\Azureus\net folder moved successfully.

C:\Users\Hugo-2010\AppData\Roaming\Azureus\logs folder moved successfully.

C:\Users\Hugo-2010\AppData\Roaming\Azureus\dht folder moved successfully.

C:\Users\Hugo-2010\AppData\Roaming\Azureus\devices folder moved successfully.

C:\Users\Hugo-2010\AppData\Roaming\Azureus\cache folder moved successfully.

C:\Users\Hugo-2010\AppData\Roaming\Azureus\active folder moved successfully.

C:\Users\Hugo-2010\AppData\Roaming\Azureus folder moved successfully.

ADS C:\ProgramData\TEMP:9A870F8B deleted successfully.

ADS C:\ProgramData\TEMP:0CE7F3C9 deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56475 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Hugo-2010

->Temp folder emptied: 87979625 bytes

->Temporary Internet Files folder emptied: 63014240 bytes

->Java cache emptied: 216870 bytes

->Flash cache emptied: 57591 bytes

User: Mijn back-ups

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 51672 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 3659235 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 148,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.39.2 log created on 04172012_194115

Files\Folders moved on Reboot...

C:\Users\Hugo-2010\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Users\Hugo-2010\AppData\Local\Temp\~DF129EB4F1AF9530A3.TMP not found!

File\Folder C:\Users\Hugo-2010\AppData\Local\Temp\~DF30102E73528E358D.TMP not found!

File\Folder C:\Users\Hugo-2010\AppData\Local\Temp\~DF57AEBCEFE51F78B8.TMP not found!

File\Folder C:\Users\Hugo-2010\AppData\Local\Temp\~DF95ECA35964255F30.TMP not found!

C:\Users\Hugo-2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

C:\Users\Hugo-2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

C:\Users\Hugo-2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMUR4BBQ\fastbutton[2].htm moved successfully.

C:\Users\Hugo-2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMUR4BBQ\plusone_gadget[1].htm moved successfully.

C:\Users\Hugo-2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMUR4BBQ\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.

C:\Users\Hugo-2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\36R4V358\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully.

C:\Users\Hugo-2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\36R4V358\index[6].htm moved successfully.

File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.

C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2560.log moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

Hello.

I ran yesterday a full scan with MBAM. Nothing was found.

Today I ran a full system scan with Microsoft Security Essentials and found 1 item, which I think is not very harmful, but I've removed it to be sure.

Adware:Win32/OpenCandy

containerfile:C:\Download\Utilities\Tweak programs\SIW\siw-setup.exe

file:C:\Download\Utilities\Tweak programs\SIW\siw-setup.exe->(inno#000007)

The flash scan with MBAM today was also ok.

I presume my pc is ok again.

Many thanx

Link to post
Share on other sites

Adware:Win32/OpenCandy is an adware program that may be bundled with certain third-party software installation programs. Some versions of this program may send user-specific information, including a unique machine code, operating system information, locale (country), and certain other information to a remote server without obtaining adequate user consent.

More information here:

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=ADWARE:WIN32/OPENCANDY

Please run OTL and click on CleanUp button.

Some malware prevention tips:

http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983

Safe surfing! :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.