Jump to content

iLivid popups in firefox


Recommended Posts

Hi,

 

I've been reinstalling my laptop for a while and suddenly I've noticed the iLivid webpage open on its own in firefox. I don't remember doing a lot of stupid things, but I did use a uxtheme.dll patcher that in hindsight may have been suspicious. NOD32 didn't pick anything up though, and when I ran malwarebytes it did find 3 objects but they seemed unrelated (I realize now that it might've been a good idea to save the log for that one, but alas I didn't).

 

I saw this thread that seems to describe my problem pretty well but of course the steps taken were personalized so I'm not sure if I can apply it to my problem as well.

 

My DDS results are included.

Any help would be appreciated.

attach.txt

dds.txt

Link to post
Share on other sites

Hello AnonOfHolland and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please post your logs directly in your reply.
Link to post
Share on other sites

Hi Borislav, thank you for your time.
Here's the content of the logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2
Run by Most Exalted One at 17:42:04 on 2013-09-04
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.31.1043.18.8081.5822 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\UnsignedThemesSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Connectify\ConnectifyService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Connectify\ConnectifyD.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\S-Bar\MSIService.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\GamingMouseEditor.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\S-Bar\S-Bar.exe
C:\Program Files (x86)\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [AdobeBridge] <no file>
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [updReg] C:\Windows\UpdReg.EXE
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
StartupFolder: C:\Users\MOSTEX~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
StartupFolder: C:\Users\MOSTEX~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\S-BARE~1.LNK - C:\Program Files (x86)\S-Bar\S-Bar.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DEKILL~1.LNK - C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\sbar_hide.exe
uPolicies-Explorer: NoResolveTrack = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - Z:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: Verzenden naar Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: NameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{0A44FDB7-1057-418B-BC3C-FEDE42C531F8} : DHCPNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{834FB281-A31B-4B1E-B18D-950AF5193353} : DHCPNameServer = 212.54.40.25 212.54.35.25
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [bLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\
FF - prefs.js: browser.search.selectedEngine - Google.com (in English)
FF - prefs.js: browser.startup.homepage - Google.com/ncr
FF - component: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Apollion\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.5.dll
FF - component: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Apollion\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.6.dll
FF - component: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Apollion\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.7.dll
FF - component: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Apollion\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.8.dll
FF - component: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Apollion\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.9.dll
FF - component: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Apollion\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Apollion\extensions\{9e1d7c80-43d1-11db-b0de-0800200c9a66}\components\TSHelper.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Most Exalted One\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: Z:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF - ExtSQL: 2013-07-20 21:03; nosquint@urandom.ca; C:\Users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\nosquint@urandom.ca.xpi
FF - ExtSQL: 2013-07-20 23:50; {F0B24ABB-A42D-4c82-AF2C-3FA6FF27E2C0}; C:\Users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\{F0B24ABB-A42D-4c82-AF2C-3FA6FF27E2C0}.xpi
FF - ExtSQL: 2013-08-22 18:08; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; C:\Users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF - ExtSQL: 2013-08-22 19:23; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; C:\Users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF - ExtSQL: 2013-08-22 20:31; {5C655500-E712-41e7-9349-CE462F844B19}; C:\Users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi
FF - ExtSQL: 2013-08-28 20:31; {fe272bd1-5f76-4ea4-8501-a05d35d823fc}; C:\Users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
FF - ExtSQL: 2013-08-29 00:26; {f69e22c7-bc50-414a-9269-0f5c344cd94c}; C:\Users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 hostcontrollerswitch-stuurprogramma;C:\Windows\System32\drivers\iusb3hcs.sys [2013-7-19 16152]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-7-19 28992]
R1 BfLwf;Qualcomm Atheros Bandwidth Control;C:\Windows\System32\drivers\bflwfx64.sys [2013-2-19 66928]
R1 cnnctfy2;Connectify LightWeight Filter;C:\Windows\System32\drivers\cnnctfy2.sys [2013-7-20 31344]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-7-20 279616]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-6-18 1095616]
R2 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-6-18 1333184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-6-18 1124288]
R2 Connectify;Connectify;C:\Program Files (x86)\Connectify\ConnectifyService.exe [2013-7-20 65536]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-3-7 913144]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2012-3-14 137144]
R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\S-Bar\MSIService.exe [2012-4-27 160768]
R2 MsgPlusService;Messenger Plus! Service;C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2013-7-21 128000]
R2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [2013-2-19 497664]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-10-8 19192]
R2 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-7-13 24168]
R2 uxpatch;uxpatch;C:\Windows\System32\drivers\uxpatch.sys [2009-7-13 30568]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-4-18 3388144]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtuele adapter;C:\Windows\System32\drivers\AmpPal.sys [2013-4-11 164832]
R3 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-3-14 209768]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2013-7-19 329104]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-7-19 169752]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-5-7 442368]
R3 iusb3hub;Intel® USB 3.0 hub-stuurprogramma;C:\Windows\System32\drivers\iusb3hub.sys [2013-7-19 356120]
R3 iusb3xhc;Intel® USB 3.0 uitbreidbare hostcontroller-stuurprogramma;C:\Windows\System32\drivers\iusb3xhc.sys [2013-7-19 788760]
R3 Ke2200;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;C:\Windows\System32\drivers\e22W7x64.sys [2013-2-19 165824]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-8-3 32344]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2013-7-19 340072]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-4-11 772064]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-7-19 2429544]
S2 MBAMScheduler;MBAMScheduler;Z:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-4 418376]
S2 MBAMService;MBAMService;Z:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-4 701512]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2013-4-11 164832]
S3 b06diag;Broadcom NetXtreme II Diag Driver;C:\Windows\System32\drivers\bxdiaga.sys [2012-7-12 88104]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2012-5-21 111104]
S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2012-6-9 849408]
S3 bxfcoe;bxfcoe;C:\Windows\System32\drivers\bxfcoe.sys [2012-7-12 178216]
S3 bxois;bxois;C:\Windows\System32\drivers\bxois.sys [2012-7-12 539176]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IAMTVE;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTVE.sys [2012-7-12 43416]
S3 IAMTXPE;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTXPE.sys [2012-7-12 51096]
S3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-7-9 60928]
S3 IFCoEMP;IFCoEMP;C:\Windows\System32\drivers\ifM60x64.sys [2012-7-12 388368]
S3 IFCoEVB;IFCoEVB;C:\Windows\System32\drivers\ifP60x64.sys [2012-7-12 78096]
S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2012-7-12 40144]
S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2012-7-12 42192]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-4 25928]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-4-18 273136]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
.
=============== File Associations ===============
.
ShellExec: DVDXPlayer.exe: open=Z:\Program Files\DVD X Player 4.0\DVDXPlayer.exe" "%1
ShellExec: Hwp.exe: print=Z:\Program Files\Haansoft Hangul 2007\Hwp70\HwpPrnMng.exe /p "%1"
.
=============== Created Last 30 ================
.
2013-09-04 15:35:50    --------    d-----w-    C:\Users\Most Exalted One\AppData\Roaming\Malwarebytes
2013-09-04 15:35:45    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-09-04 15:35:44    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-08-30 23:06:03    --------    d-----w-    C:\Program Files (x86)\Daum
2013-08-30 21:03:21    --------    d-----w-    C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2013-08-30 21:03:01    --------    d-----w-    C:\Users\Most Exalted One\AppData\Local\Divinity 2
2013-08-30 21:02:51    --------    d-----w-    C:\ProgramData\Divinity 2
2013-08-28 22:40:03    780800    ----a-w-    C:\Windows\System32\ActionCenter.dll.bak
2013-08-28 22:40:03    225280    ----a-w-    C:\Windows\System32\SndVolSSO.dll.bak
2013-08-28 22:40:03    1808384    ----a-w-    C:\Windows\System32\pnidui.dll.bak
2013-08-28 22:40:03    --------    d-----w-    C:\Windows\System32\W7TIC
2013-08-28 22:11:20    2871808    ----a-w-    C:\Windows\explorer - Copy.exe
2013-08-28 21:24:16    --------    d-----w-    C:\ProgramData\CustoPackTools
2013-08-28 21:23:32    --------    d-----w-    C:\Program Files (x86)\CustoPackTools
2013-08-28 18:41:53    --------    d-----w-    C:\Windows\SysWow64\FxsTmp
2013-08-28 18:41:53    --------    d-----w-    C:\Windows\System32\FxsTmp
2013-08-28 18:41:53    --------    d-----w-    C:\Windows\addins
2013-08-28 15:52:26    44544    ----a-w-    C:\Windows\System32\themeservice.dll.backup
2013-08-28 15:52:25    2851840    ----a-w-    C:\Windows\System32\themeui.dll.backup
2013-08-28 15:52:21    332288    ----a-w-    C:\Windows\System32\uxtheme.dll.backup
2013-08-27 21:07:56    --------    d-----w-    C:\Users\Most Exalted One\AppData\Roaming\Rainmeter
2013-08-27 21:07:39    --------    d-----w-    C:\Program Files\Rainmeter
2013-08-27 08:50:38    --------    d-----w-    C:\Program Files (x86)\Citrix
2013-08-27 08:50:24    --------    d-----w-    C:\Users\Most Exalted One\AppData\Local\Citrix
2013-08-26 12:24:19    --------    d-----w-    C:\Users\Most Exalted One\AppData\Roaming\SPORE
2013-08-22 15:08:36    117024    ----a-w-    C:\Windows\System32\BootDefrag.exe
2013-08-22 15:08:35    --------    d-----w-    C:\Users\Most Exalted One\AppData\Roaming\GlarySoft
2013-08-21 17:11:41    17139080    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-08-18 11:36:07    --------    d-----w-    C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-16 22:12:44    --------    d-----w-    C:\Users\Most Exalted One\AppData\Roaming\Greenshot
2013-08-16 22:12:44    --------    d-----w-    C:\Users\Most Exalted One\AppData\Local\Greenshot
2013-08-16 15:21:51    --------    d-----w-    C:\Users\Most Exalted One\AppData\Roaming\Mael
2013-08-16 15:18:56    --------    d-----w-    C:\Program Files (x86)\HxD
2013-08-16 00:23:58    9460976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{423701D6-6F5C-4339-B5E6-34C0B9FBCF1E}\mpengine.dll
2013-08-15 20:18:56    5425496    ----a-w-    C:\Windows\System32\D3DX9_41.dll
2013-08-15 20:17:48    3767504    ----a-w-    C:\Windows\System32\d3dx9_26.dll
2013-08-15 18:07:46    741480    ------w-    C:\Windows\System32\HPDiscoPMa211.dll
2013-08-15 18:07:06    --------    d-----w-    C:\Program Files (x86)\HP
2013-08-15 18:07:04    --------    d-----w-    C:\Program Files\HP
2013-08-15 18:06:59    --------    d-----w-    C:\Users\Most Exalted One\AppData\Local\HP
2013-08-15 15:09:24    --------    d-----w-    C:\Windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP
2013-08-15 15:08:54    --------    d-----w-    C:\Windows\SysWow64\directx
2013-08-14 22:29:31    178800    ----a-w-    C:\Windows\SysWow64\CmdLineExt_x64.dll
2013-08-14 18:20:06    --------    d-----w-    C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2013-08-14 18:20:04    --------    d-----w-    C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-08-14 18:05:40    --------    d-----w-    C:\ProgramData\Media Center Programs
2013-08-14 18:05:40    --------    d-----w-    C:\Program Files (x86)\Common Files\BioWare
2013-08-13 15:18:33    --------    d-----w-    C:\Program Files\CCleaner
2013-08-12 15:22:55    --------    d-----w-    C:\Users\Most Exalted One\AppData\Roaming\iView
2013-08-12 15:22:30    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-08-12 15:22:30    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-08-12 15:22:30    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-08-12 15:22:30    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-08-12 15:22:30    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-08-12 15:18:40    --------    d-----w-    C:\Program Files (x86)\Common Files\Nikon
2013-08-09 17:52:40    --------    d-----w-    C:\Users\Most Exalted One\AppData\Roaming\Origin
2013-08-09 17:52:22    --------    d-----w-    C:\ProgramData\Origin
2013-08-06 21:59:37    --------    d-----w-    C:\Users\Most Exalted One\AppData\Local\Intel_Corporation
2013-08-05 20:38:37    --------    d-----w-    C:\Users\Most Exalted One\AppData\Local\dxhr
2013-08-05 20:37:46    --------    d-----w-    C:\Users\Most Exalted One\AppData\Local\28050
.
==================== Find3M  ====================
.
2013-08-21 17:11:50    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-21 17:11:50    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-04 20:13:35    43520    ----a-w-    C:\Windows\SysWow64\CmdLineExt03.dll
2013-07-20 16:36:52    108968    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-07-20 16:36:49    972712    ----a-w-    C:\Windows\System32\deployJava1.dll
2013-07-20 16:36:49    1093032    ----a-w-    C:\Windows\System32\npDeployJava1.dll
2013-07-20 11:43:01    14    ----a-w-    C:\Windows\SysWow64\systeminfo.dll
2013-07-20 00:41:09    31344    ----a-w-    C:\Windows\System32\drivers\cnnctfy2.sys
2013-07-20 00:24:58    279616    ----a-w-    C:\Windows\System32\drivers\dtsoftbus01.sys
2013-07-19 21:32:04    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-18 23:30:16    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-18 23:30:16    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-07-18 23:30:16    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-07-18 23:08:44    9728    ----a-w-    C:\Windows\System32\Wdfres.dll
2013-07-18 23:08:44    785512    ----a-w-    C:\Windows\System32\drivers\Wdf01000.sys
2013-07-18 23:08:44    54376    ----a-w-    C:\Windows\System32\drivers\WdfLdr.sys
2013-07-16 09:14:12    3486680    ----a-w-    C:\Windows\System32\drivers\RTKVHD64.sys
2013-07-16 02:52:04    147160    ----a-w-    C:\Windows\System32\RCoInstII64.dll
2013-07-09 06:20:54    3760344    ----a-w-    C:\Windows\System32\RtkAPO64.dll
2013-06-27 03:12:14    2795224    ----a-w-    C:\Windows\System32\RtPgEx64.dll
2013-06-26 07:18:02    920832    ----a-w-    C:\Windows\System32\MaxxAudioAPOShell64.dll
2013-06-26 07:17:58    2032896    ----a-w-    C:\Windows\System32\MaxxAudioEQ64.dll
2013-06-26 07:17:52    2103040    ----a-w-    C:\Windows\System32\WavesGUILib64.dll
2013-06-18 08:52:58    1004248    ----a-w-    C:\Windows\System32\RtkApi64.dll
2013-06-18 06:44:22    2736160    ----a-w-    C:\Windows\System32\FMAPO64.dll
2013-06-10 04:44:08    2080472    ----atw-    C:\Windows\RtlExUpd.dll
.
============= FINISH: 17:42:18,66 ===============
 

 

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 19-7-2013 0:54:57
System Uptime: 4-9-2013 17:39:52 (0 hours ago)
.
Motherboard: Micro-Star International Co., Ltd. |  | MS-1756
Processor: Intel® Core i7-3630QM CPU @ 2.40GHz | SOCKET 0 | 2401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 60 GiB total, 10,31 GiB free.
D: is CDROM ()
X: is CDROM ()
Y: is CDROM ()
Z: is FIXED (NTFS) - 699 GiB total, 238,683 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS6
Adobe Photoshop Lightroom 5 64-bit
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 12.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Battery Calibration
Bonjour
Bullzip PDF Printer 8.2.0.1406
CCleaner
Citrix Online Launcher
Classic Shell
ClassicPro© v2.01
Combined Community Codec Pack 2013-08-01
ComicRack v0.9.170
Compatibility Pack for the 2007 Office system
Connectify Hotspot
CustoPackTools
DAEMON Tools Lite
Daum ½ºÅ©¸°¼¼À̹ö °íÈ­Áú¹öÀü
dBpoweramp DSP Effects
dBpoweramp FLAC Codec
dBpoweramp Music Converter
Divinity II - DKS
Divinity: Dragon Commander
DVD X Player 4.0 Professional
ESET NOD32 Antivirus
ETDWare PS/2-X64 11.13.1.4_WHQL
Fraps (remove only)
Glary Utilities 3.9
GoToMeeting 5.5.0.1132
Haansoft Hangul 2007
HP Deskjet 3070 B611 series Basic Device Software
HxD Hex Editor version 1.7.7.0
ImgBurn
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless for Bluetooth® + High Speed
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® PROSet/Wireless WiFi Software Driver
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® PROSet/Wireless Software
Intel® PROSet/Wireless WiFi Software
Intel® Turbo Boost Technologie monitor 2.0
iTunes
iView MediaPro3
Java 7 Update 25
Java 7 Update 25 (64-bit)
Java Auto Updater
Java SE Development Kit 7 Update 25 (64-bit)
JDownloader 0.9
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Mass Effect
Mass Effect 2
Mass Effect 3
Messenger Plus! for Skype
Microsoft-invoegtoepassing Opslaan als PDF voor 2007 Microsoft Office-programma's
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile NLD Language Pack
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2003 Dutch User Interface Pack
Microsoft Office 2003 Korean User Interface Pack
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.55a
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Ultra Edition HD
neroxml
NirSoft ShellExView
NVIDIA-configuratiescherm 296.31
NVIDIA Grafisch stuurprogramma 296.31
NVIDIA Install Application
NVIDIA Optimus 1.7.12
NVIDIA PhysX
NVIDIA Update 1.7.12
NVIDIA Update Components
PDF Settings CS6
Qualcomm Atheros Killer Network Manager
QuickTime
Rainmeter
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Resource Hacker Version 3.6.0
RocketDock 1.3.5
RW-Everything v1.6.4
S-Bar
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Shadowrun Returns
Skype™ 6.6
SPORE™
SPORE™ Creepy & Cute Parts Pack
SPORE™ Galactic Adventures
Star Wars Republic Commando
swMSM
System Requirements Lab CYRI
System Requirements Lab for Intel
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
THX TruStudio Pro
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
UxStyle Core Beta
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
WinRAR 4.20 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
4-9-2013 15:02:37, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user

imposed limit.
30-8-2013 20:30:48, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR2.
30-8-2013 13:51:54, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR4.
30-8-2013 13:48:42, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR3.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 3
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

Here are the logs:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.8 (09.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by Most Exalted One on vr 06-09-2013 at 13:03:40,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\driver-soft"



~~~ FireFox

Successfully deleted: [File] C:\Users\Most Exalted One\AppData\Roaming\mozilla\firefox\profiles\tz1sjbrn.User\extensions\firefox1@myibay.com.xpi
Successfully deleted: [File] C:\Users\Most Exalted One\AppData\Roaming\mozilla\firefox\profiles\tz1sjbrn.User\searchplugins\youtube-video-search.xml
Successfully deleted the following from C:\Users\Most Exalted One\AppData\Roaming\mozilla\firefox\profiles\tz1sjbrn.User\prefs.js

user_pref("extensions.helperbar.SmartbarDisabled", false);
user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Emptied folder: C:\Users\Most Exalted One\AppData\Roaming\mozilla\firefox\profiles\tz1sjbrn.User\minidumps [404 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on vr 06-09-2013 at 13:07:56,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

# AdwCleaner v3.002 - Report created 06/09/2013 at 13:10:47
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Most Exalted One - MSIGE70
# Running from : Z:\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\jetpack

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16635


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\1k99lj6i.default\prefs.js ]


[ File : C:\Users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\prefs.js ]

Line Deleted : user_pref("extensions.enabledItems", "helperbar@helperbar.com:1.0,{9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.15,{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3,{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.[...]
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", true);
Line Deleted : user_pref("extensions.helperbar.countryiso", "tj");
Line Deleted : user_pref("extensions.helperbar.date", "b0721");
Line Deleted : user_pref("extensions.helperbar.downloadprovider", "pb2");
Line Deleted : user_pref("extensions.helperbar.installationid", "5dae86cb-56bd-44eb-937e-c3ae0e6c6d5e");
Line Deleted : user_pref("extensions.helperbar.installdate", "21/07/2013");
Line Deleted : user_pref("extensions.helperbar.ppctid", "mpls_lin");
Line Deleted : user_pref("extensions.helperbar.publisher", "messengerplus");
Line Deleted : user_pref("extensions.helperbar.uid", "dd752bcf");
Line Deleted : user_pref("extensions.helperbar@helperbar.com.install-event-fired", true);
Line Deleted : user_pref("extensions.nosquint.sites", "scribd.com=0,1374348361656,1,100,0,0,false,0,0,false 4chan.org=0,1378465723088,222,130,0,0,false,0,0,false mozilla.org=0,1377728772353,69,130,0,0,false,0,0,fals[...]
Line Deleted : user_pref("extensions.snipit.askTbInstalled", true);
Line Deleted : user_pref("foxamp.winampautostart", false);
Line Deleted : user_pref("foxamp.winampdir", "");
Line Deleted : user_pref("foxytunes.player_class", "@foxytunes.org/FoxyTunes/WinAmp;1");

*************************

AdwCleaner[R0].txt - [2584 octets] - [06/09/2013 13:09:48]
AdwCleaner[s0].txt - [2545 octets] - [06/09/2013 13:10:47]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2605 octets] ##########
 

 

 

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.06.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Most Exalted One :: MSIGE70 [administrator]

Protection: Enabled

6-9-2013 13:12:47
mbam-log-2013-09-06 (13-12-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254053
Time elapsed: 2 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Okay, let's take a deeper look:

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites

OTL.txt:

 

OTL logfile created on: 7-9-2013 14:09:28 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = Z:\
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
 
7,89 Gb Total Physical Memory | 5,67 Gb Available Physical Memory | 71,83% Memory free
15,78 Gb Paging File | 13,51 Gb Available in Paging File | 85,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,62 Gb Total Space | 8,92 Gb Free Space | 14,96% Space Free | Partition Type: NTFS
Drive Z: | 698,54 Gb Total Space | 287,47 Gb Free Space | 41,15% Space Free | Partition Type: NTFS
 
Computer Name: MSIGE70 | User Name: Most Exalted One | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013-09-07 14:02:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- Z:\OTL.exe
PRC - [2013-06-27 11:02:13 | 000,128,000 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
PRC - [2012-11-09 21:30:26 | 000,287,592 | ---- | M] (Connectify) -- C:\Program Files (x86)\Connectify\Connectifyd.exe
PRC - [2012-11-09 21:30:12 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Connectify\ConnectifyService.exe
PRC - [2012-08-17 11:23:07 | 003,333,120 | ---- | M] () -- C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\GamingMouseEditor.exe
PRC - [2012-06-18 15:32:00 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012-06-18 15:31:58 | 001,333,184 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2012-06-18 15:31:48 | 001,095,616 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012-06-18 15:31:42 | 000,956,352 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2012-04-27 15:27:10 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\S-Bar\MSIService.exe
PRC - [2012-04-24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
PRC - [2012-03-19 04:53:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-03-07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2012-02-27 05:01:58 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011-08-29 17:37:02 | 001,517,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\THX TruStudio Pro\THXAudioCP\THXAudio.exe
PRC - [2007-09-02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013-07-21 18:12:11 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f3d656c870f960559120f947c32ec8dd\Microsoft.VisualBasic.ni.dll
MOD - [2013-07-21 18:12:04 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc4a8709f71eba20cc71c7905bba3dee\PresentationFramework.ni.dll
MOD - [2013-07-21 18:11:56 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ef17be93e209cc95b9768c7822530432\PresentationCore.ni.dll
MOD - [2013-07-21 18:11:49 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll
MOD - [2013-07-21 18:11:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013-07-21 18:10:51 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013-07-21 18:10:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c8ea295fd4dce110b32c3c4f0e3807b2\System.Runtime.Remoting.ni.dll
MOD - [2013-07-21 18:10:42 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013-07-21 18:10:40 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013-07-21 18:10:39 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013-07-21 18:10:33 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012-08-17 11:23:07 | 003,333,120 | ---- | M] () -- C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\GamingMouseEditor.exe
MOD - [2011-08-10 13:43:19 | 000,118,272 | ---- | M] () -- C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\dll\DLL_Wheel4D.dll
MOD - [2011-05-20 16:52:09 | 000,901,632 | ---- | M] () -- C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\Data\5Mode_OEM\Forms\ProfileHint\ProfileHint.dll
MOD - [2011-04-12 15:14:04 | 000,063,488 | ---- | M] () -- C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\dll\DLL_AnalyzeGesturesInRight.dll
MOD - [2011-04-06 16:06:05 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\dll\DLL_PenSuit.dll
MOD - [2011-03-21 19:33:17 | 000,999,424 | ---- | M] () -- C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\Data\5Mode_OEM\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll
MOD - [2011-01-09 20:45:55 | 000,088,064 | ---- | M] () -- C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\dll\DLL_MouseDeviceManager.dll
MOD - [2010-12-02 17:56:52 | 000,815,104 | ---- | M] () -- C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\Data\5Mode_OEM\Forms\OSD_Text\OSD_Text.dll
MOD - [2010-11-01 20:16:00 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\dll\DLL_AnalyzeGesturesInOne.dll
MOD - [2010-09-20 14:18:57 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\dll\DLL_ZoomControl.dll
MOD - [2010-09-20 14:18:54 | 000,054,272 | ---- | M] () -- C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\dll\DLL_ScrollbarControl.dll
MOD - [2007-09-02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007-09-02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013-05-27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013-04-18 19:15:18 | 003,388,144 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2013-04-18 19:14:58 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2013-04-18 19:14:46 | 000,621,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2013-04-18 19:14:20 | 000,149,744 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2013-04-11 03:12:50 | 000,772,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2013-02-19 19:31:56 | 000,497,664 | ---- | M] () [Auto | Running] -- C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe -- (Qualcomm Atheros Killer Service)
SRV:64bit: - [2012-09-12 19:07:06 | 000,135,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012-03-07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010-12-13 15:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010-10-08 03:24:16 | 000,150,016 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013-08-21 19:11:50 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-08-18 13:35:58 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-06-27 11:02:13 | 000,128,000 | ---- | M] (Yuna Software) [Auto | Running] -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService)
SRV - [2013-06-21 10:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-06-05 18:47:52 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- Z:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- Z:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-11-09 21:30:12 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Connectify\ConnectifyService.exe -- (Connectify)
SRV - [2012-06-18 15:32:00 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012-06-18 15:31:58 | 001,333,184 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2012-06-18 15:31:48 | 001,095,616 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012-04-27 15:27:10 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\S-Bar\MSIService.exe -- (Micro Star SCM)
SRV - [2012-04-24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012-03-19 04:53:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011-12-07 16:38:10 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-07-13 01:08:04 | 000,024,168 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013-07-20 02:41:09 | 000,031,344 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cnnctfy2.sys -- (cnnctfy2)
DRV:64bit: - [2013-07-20 02:24:58 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013-05-07 18:25:24 | 000,442,368 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013-05-07 18:22:42 | 004,431,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013-04-18 08:31:40 | 011,524,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwsw00.sys -- (NETwNs64)
DRV:64bit: - [2013-04-11 03:13:08 | 000,164,832 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2013-04-11 03:13:08 | 000,164,832 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013-02-19 19:32:58 | 000,066,928 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bflwfx64.sys -- (BfLwf)
DRV:64bit: - [2013-02-19 19:32:56 | 000,165,824 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e22W7x64.sys -- (Ke2200)
DRV:64bit: - [2012-09-28 09:38:22 | 000,329,104 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012-08-21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012-07-09 16:27:06 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2012-06-09 15:51:44 | 000,849,408 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2012-05-21 09:39:12 | 000,111,104 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2012-03-26 06:24:02 | 003,341,904 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012-03-19 04:53:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012-03-14 08:40:04 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2012-03-14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012-03-14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012-03-08 11:09:30 | 000,088,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxdiaga.sys -- (b06diag)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-02-27 05:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012-02-27 05:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012-02-27 05:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012-02-22 18:33:36 | 000,539,176 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxois.sys -- (bxois)
DRV:64bit: - [2012-02-22 18:06:00 | 000,178,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxfcoe.sys -- (bxfcoe)
DRV:64bit: - [2012-02-01 17:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012-01-24 17:44:00 | 000,529,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012-01-03 12:21:44 | 000,340,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011-11-30 18:50:04 | 000,078,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ifP60x64.sys -- (IFCoEVB)
DRV:64bit: - [2011-11-30 18:50:02 | 000,388,368 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ifM60x64.sys -- (IFCoEMP)
DRV:64bit: - [2011-11-10 02:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-12-13 15:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010-11-21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010-11-21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010-11-21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010-11-21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-10-08 03:23:38 | 000,019,192 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009-11-17 22:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009-11-16 16:45:24 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2)
DRV:64bit: - [2009-11-16 16:45:21 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009-07-13 01:09:20 | 000,030,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxpatch.sys -- (uxpatch)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007-08-28 17:04:20 | 000,067,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2007-04-11 23:30:04 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTVE.sys -- (IAMTVE)
DRV:64bit: - [2007-04-11 23:29:58 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTXPE.sys -- (IAMTXPE)
DRV - [2011-06-02 11:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.nl
IE - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daum.net/
IE - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.nl
IE - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
IE - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: Z:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Most Exalted One\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012-07-10 20:43:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-08-18 13:35:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-07-10 20:43:52 | 000,000,000 | ---D | M]
 
[2013-08-18 13:35:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013-08-18 13:36:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013-06-26 22:48:10 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [bLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [updReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [uSB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000..\Run: [GamingMouseEditor] C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\GamingMouseEditor.exe ()
O4 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001..\Run: [GamingMouseEditor] C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\GamingMouseEditor.exe ()
O4 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013-07-29 23:54:55 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Adobe [2013-08-12 17:18:38 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Ament.ini ()
O4 - Startup: C:\Users\All Users\Apple [2013-07-20 14:02:44 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple Computer [2013-07-20 14:03:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Bigfoot Networks [2013-09-07 11:49:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Bureaublad [2013-07-19 00:54:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Connectify [2013-07-20 02:42:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\CustoPackTools [2013-08-29 00:19:39 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\DAEMON Tools Lite [2013-07-20 02:24:19 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Divinity 2 [2013-08-30 23:02:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Documenten [2013-07-19 00:54:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\DriverGenius [2012-07-10 20:39:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ESET [2012-07-10 20:43:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Favorieten [2013-07-19 00:54:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favorites [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\HP [2013-08-15 20:07:07 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Intel [2013-07-19 01:08:06 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2013-09-04 17:35:45 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Media Center Programs [2013-09-06 23:54:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Menu Start [2013-07-19 00:54:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Messenger Plus! for Skype [2013-07-21 02:06:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2013-08-28 20:41:48 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Mozilla [2013-08-18 13:36:07 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Nero [2013-07-20 14:09:19 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NVIDIA [2013-07-19 01:21:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NVIDIA Corporation [2013-07-19 01:15:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Origin [2013-08-10 00:03:43 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Package Cache [2013-08-27 23:07:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PDF Writer [2013-08-04 16:35:17 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\regid.1986-12.com.adobe [2013-07-20 02:04:09 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Roaming [2013-07-19 01:08:17 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Sjablonen [2013-07-19 00:54:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Skype [2013-07-20 14:12:29 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Steam [2013-07-20 22:26:15 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Sun [2012-07-10 20:41:43 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\SystemRequirementsLab [2013-07-20 22:59:33 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Win7codecs [2013-07-19 01:32:01 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\AppData [2009-07-14 05:20:08 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2009-07-14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2013-07-19 00:54:44 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2009-07-14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2009-07-14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2009-07-14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Menu Start [2013-07-19 00:54:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Mijn documenten [2013-07-19 00:54:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2009-07-14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Netwerkprinteromgeving [2013-07-19 00:54:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2009-07-14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Roaming [2013-07-19 01:08:17 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\Saved Games [2009-07-14 04:34:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Sjablonen [2013-07-19 00:54:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2009-07-14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Most Exalted One\.rnd ()
O4 - Startup: C:\Users\Most Exalted One\.swt [2013-07-20 02:21:20 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Most Exalted One\AppData [2013-07-19 00:54:58 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Most Exalted One\Application Data [2013-07-19 00:54:58 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Most Exalted One\Contacts [2013-07-19 00:55:01 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Most Exalted One\Cookies [2013-07-19 00:54:58 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Most Exalted One\Desktop [2013-09-06 23:42:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Most Exalted One\Documents [2013-08-31 18:30:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Most Exalted One\Downloads [2013-08-21 20:18:04 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Most Exalted One\Favorites [2013-07-19 01:30:30 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Most Exalted One\Links [2013-07-20 13:32:06 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Most Exalted One\Local Settings [2013-07-19 00:54:58 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Most Exalted One\Menu Start [2013-07-19 00:54:58 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Most Exalted One\Mijn documenten [2013-07-19 00:54:58 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Most Exalted One\Music [2013-07-29 23:55:56 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Most Exalted One\NetHood [2013-07-19 00:54:58 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Most Exalted One\Netwerkprinteromgeving [2013-07-19 00:54:58 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Most Exalted One\NTUSER.DAT ()
O4 - Startup: C:\Users\Most Exalted One\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Most Exalted One\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Most Exalted One\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\Most Exalted One\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Most Exalted One\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Most Exalted One\ntuser.ini ()
O4 - Startup: C:\Users\Most Exalted One\Pictures [2013-07-29 23:56:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Most Exalted One\Recent [2013-07-19 00:54:58 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Most Exalted One\Roaming [2013-07-19 01:08:17 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Most Exalted One\Saved Games [2009-07-14 04:34:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Most Exalted One\Searches [2013-07-20 13:32:05 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Most Exalted One\SendTo [2013-07-19 00:54:58 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Most Exalted One\Sjablonen [2013-07-19 00:54:58 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Most Exalted One\Videos [2013-07-19 01:27:51 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Desktop [2013-08-28 23:29:23 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2013-07-20 01:28:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2009-07-14 06:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2009-07-14 04:34:59 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Libraries [2013-07-21 12:14:55 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2012-07-10 20:50:04 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Pictures [2012-07-10 20:49:44 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Roaming [2013-07-19 01:08:17 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Public\Videos [2012-07-10 20:49:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\UpdatusUser\AppData [2013-07-19 01:15:31 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\UpdatusUser\Application Data [2013-07-19 01:15:31 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\UpdatusUser\Contacts [2013-07-19 01:15:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\UpdatusUser\Cookies [2013-07-19 01:15:31 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\UpdatusUser\Desktop [2013-07-20 13:42:41 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\UpdatusUser\Documents [2013-07-19 01:15:31 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\UpdatusUser\Downloads [2009-07-14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\UpdatusUser\Favorites [2009-07-14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\UpdatusUser\Links [2009-07-14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\UpdatusUser\Local Settings [2013-07-19 01:15:31 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\UpdatusUser\Menu Start [2013-07-19 01:15:31 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\UpdatusUser\Mijn documenten [2013-07-19 01:15:31 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\UpdatusUser\Music [2009-07-14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\UpdatusUser\NetHood [2013-07-19 01:15:31 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\UpdatusUser\Netwerkprinteromgeving [2013-07-19 01:15:31 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT ()
O4 - Startup: C:\Users\UpdatusUser\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\UpdatusUser\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\UpdatusUser\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\UpdatusUser\ntuser.ini ()
O4 - Startup: C:\Users\UpdatusUser\Pictures [2009-07-14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\UpdatusUser\Recent [2013-07-19 01:15:31 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\UpdatusUser\Roaming [2013-07-19 01:08:17 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\UpdatusUser\Saved Games [2009-07-14 04:34:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\UpdatusUser\Searches [2013-07-19 01:15:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\UpdatusUser\SendTo [2013-07-19 01:15:31 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\UpdatusUser\Sjablonen [2013-07-19 01:15:31 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\UpdatusUser\Videos [2009-07-14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\User\Pictures [2013-08-18 14:34:08 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-3113198049-2749692753-1754522176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - Z:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8:64bit: - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - Z:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Z:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.35.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A44FDB7-1057-418B-BC3C-FEDE42C531F8}: DhcpNameServer = 212.54.40.25 212.54.35.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{834FB281-A31B-4B1E-B18D-950AF5193353}: DhcpNameServer = 212.54.40.25 212.54.35.25
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{809af03a-f0ca-11e2-a0b4-bcad5359dc64}\Shell - "" = AutoRun
O33 - MountPoints2\{809af03a-f0ca-11e2-a0b4-bcad5359dc64}\Shell\AutoRun\command - "" = X:\setup.exe
O33 - MountPoints2\{809af044-f0ca-11e2-a0b4-bcad5359dc64}\Shell - "" = AutoRun
O33 - MountPoints2\{809af044-f0ca-11e2-a0b4-bcad5359dc64}\Shell\AutoRun\command - "" = Y:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013-09-06 13:03:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013-09-04 17:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013-09-04 17:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013-09-04 17:35:44 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013-08-31 01:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
[2013-08-31 01:06:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Daum
[2013-08-30 23:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Divinity 2
[2013-08-29 23:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2013-08-29 00:40:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\W7TIC
[2013-08-28 23:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker
[2013-08-28 23:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\CustoPackTools
[2013-08-28 23:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CustoPackTools
[2013-08-28 23:23:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CustoPackTools
[2013-08-28 20:41:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\FxsTmp
[2013-08-28 20:41:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\FxsTmp
[2013-08-28 20:41:53 | 000,000,000 | ---D | C] -- C:\Windows\addins
[2013-08-28 20:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013-08-27 23:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\Rainmeter
[2013-08-27 10:50:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2013-08-26 18:11:50 | 000,000,000 | ---D | C] -- \Documents
[2013-08-24 16:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RW-Everything
[2013-08-22 17:08:36 | 000,117,024 | ---- | C] (Glarysoft Ltd) -- C:\Windows\SysNative\BootDefrag.exe
[2013-08-22 17:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 3
[2013-08-18 13:36:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013-08-18 13:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013-08-18 13:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013-08-17 00:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2013-08-16 17:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor
[2013-08-16 17:18:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HxD
[2013-08-15 20:07:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013-08-15 20:07:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2013-08-15 20:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013-08-15 17:08:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013-08-15 00:29:31 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2013-08-14 20:20:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013-08-14 20:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2013-08-14 20:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2013-08-13 17:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013-08-12 17:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013-08-12 17:21:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013-08-12 17:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nikon
[2013-08-12 16:47:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013-08-09 19:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 \*.tmp files -> \*.tmp -> ]
[1 \*.tmp files -> \*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013-09-07 14:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-09-07 11:56:32 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-09-07 11:56:32 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-09-07 11:53:42 | 002,201,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-09-07 11:53:42 | 000,743,342 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013-09-07 11:53:42 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-09-07 11:53:42 | 000,419,176 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat
[2013-09-07 11:53:42 | 000,152,426 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013-09-07 11:53:42 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-09-07 11:53:42 | 000,119,368 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat
[2013-09-07 11:50:39 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 3.job
[2013-09-07 11:49:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-09-04 00:44:33 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013-09-02 11:16:01 | 005,074,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-08-31 19:59:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013-08-23 20:35:16 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\GlaryUpdate 3.job
[2013-08-22 17:08:36 | 000,000,749 | ---- | M] () -- C:\Users\Most Exalted One\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 3.lnk
[2013-08-20 11:21:52 | 000,117,024 | ---- | M] (Glarysoft Ltd) -- C:\Windows\SysNative\BootDefrag.exe
[2013-08-16 16:37:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01005.Wdf
[2013-08-15 20:07:02 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2013-08-15 17:36:00 | 000,000,613 | ---- | M] () -- C:\Users\Most Exalted One\Application Data\Microsoft\Internet Explorer\Quick Launch\Mass Effect 2.lnk
[2013-08-15 00:29:31 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013-09-07 14:02:46 | 000,602,112 | ---- | C] () -- \OTL.exe
[2013-08-31 19:59:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013-08-27 23:07:44 | 000,001,725 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
[2013-08-22 17:09:20 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\GlaryUpdate 3.job
[2013-08-22 17:08:36 | 000,000,749 | ---- | C] () -- C:\Users\Most Exalted One\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 3.lnk
[2013-08-22 17:08:35 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize 3.job
[2013-08-16 16:37:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01005.Wdf
[2013-08-15 20:07:02 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013-08-15 17:36:00 | 000,000,613 | ---- | C] () -- C:\Users\Most Exalted One\Application Data\Microsoft\Internet Explorer\Quick Launch\Mass Effect 2.lnk
[2013-08-04 22:13:35 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2013-07-29 00:27:11 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2013-07-25 00:48:46 | 000,000,146 | ---- | C] () -- C:\Program Files (x86)\Sound.lnk
[2013-07-20 23:54:09 | 002,171,830 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-07-20 14:10:15 | 000,001,024 | ---- | C] () -- C:\Users\Most Exalted One\.rnd
[2013-07-20 13:46:58 | 000,000,040 | ---- | C] () -- C:\Windows\Hjimesv.ini
[2013-07-20 13:44:23 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\winhcfga.ini
[2013-07-20 13:43:01 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo.dll
[2013-07-20 13:40:26 | 000,002,979 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2013-07-20 13:40:06 | 000,014,100 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2013-07-20 13:40:02 | 000,515,760 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2013-07-20 13:40:02 | 000,018,293 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2013-07-20 02:33:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2013-07-19 01:18:37 | 000,001,313 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2013-07-19 01:18:37 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2013-07-19 01:18:37 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2013-07-19 01:18:36 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013-07-19 01:18:36 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013-05-07 18:20:26 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013-05-07 18:20:24 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013-05-07 18:16:22 | 019,587,072 | ---- | C] () -- C:\Windows\SysWow64\igdfcl32.dll
 
========== ZeroAccess Check ==========
 
[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-02-27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-02-27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013-07-29 23:54:55 | 000,000,000 | ---D | M] -- C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
[2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2013-09-07 11:49:36 | 000,000,000 | ---D | M] -- C:\Users\All Users\Bigfoot Networks
[2013-07-19 00:54:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Bureaublad
[2013-07-20 02:42:36 | 000,000,000 | ---D | M] -- C:\Users\All Users\Connectify
[2013-08-29 00:19:39 | 000,000,000 | ---D | M] -- C:\Users\All Users\CustoPackTools
[2013-07-20 02:24:19 | 000,000,000 | ---D | M] -- C:\Users\All Users\DAEMON Tools Lite
[2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2013-08-30 23:02:51 | 000,000,000 | ---D | M] -- C:\Users\All Users\Divinity 2
[2013-07-19 00:54:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documenten
[2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2012-07-10 20:39:35 | 000,000,000 | ---D | M] -- C:\Users\All Users\DriverGenius
[2012-07-10 20:43:51 | 000,000,000 | ---D | M] -- C:\Users\All Users\ESET
[2013-07-19 00:54:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorieten
[2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2013-07-19 00:54:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Menu Start
[2013-07-21 02:06:32 | 000,000,000 | ---D | M] -- C:\Users\All Users\Messenger Plus! for Skype
[2013-08-10 00:03:43 | 000,000,000 | ---D | M] -- C:\Users\All Users\Origin
[2013-08-27 23:07:35 | 000,000,000 | ---D | M] -- C:\Users\All Users\Package Cache
[2013-08-04 16:35:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\PDF Writer
[2013-07-20 02:04:09 | 000,000,000 | ---D | M] -- C:\Users\All Users\regid.1986-12.com.adobe
[2013-07-19 01:08:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\Roaming
[2013-07-19 00:54:44 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Sjablonen
[2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2013-07-20 22:26:15 | 000,000,000 | ---D | M] -- C:\Users\All Users\Steam
[2013-07-20 22:59:33 | 000,000,000 | ---D | M] -- C:\Users\All Users\SystemRequirementsLab
[2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2013-07-19 01:32:01 | 000,000,000 | ---D | M] -- C:\Users\All Users\Win7codecs
[2009-07-14 05:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2009-07-14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2013-07-19 00:54:44 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009-07-14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2009-07-14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2009-07-14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2013-07-19 00:54:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\Menu Start
[2013-07-19 00:54:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\Mijn documenten
[2009-07-14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2013-07-19 00:54:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netwerkprinteromgeving
[2009-07-14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2013-07-19 01:08:17 | 000,000,000 | ---D | M] -- C:\Users\Default\Roaming
[2009-07-14 04:34:59 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2013-07-19 00:54:44 | 000,000,000 | -HSD | M] -- C:\Users\Default\Sjablonen
[2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2009-07-14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009-07-14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2013-07-20 02:21:20 | 000,000,000 | ---D | M] -- C:\Users\Most Exalted One\.swt
[2013-07-19 00:54:58 | 000,000,000 | -H-D | M] -- C:\Users\Most Exalted One\AppData
[2013-07-19 00:54:58 | 000,000,000 | -HSD | M] -- C:\Users\Most Exalted One\Application Data
[2013-07-19 00:55:01 | 000,000,000 | R--D | M] -- C:\Users\Most Exalted One\Contacts
[2013-07-19 00:54:58 | 000,000,000 | -HSD | M] -- C:\Users\Most Exalted One\Cookies
[2013-09-06 23:42:03 | 000,000,000 | R--D | M] -- C:\Users\Most Exalted One\Desktop
[2013-08-31 18:30:18 | 000,000,000 | ---D | M] -- C:\Users\Most Exalted One\Documents
[2013-08-21 20:18:04 | 000,000,000 | R--D | M] -- C:\Users\Most Exalted One\Downloads
[2013-07-19 01:30:30 | 000,000,000 | R--D | M] -- C:\Users\Most Exalted One\Favorites
[2013-07-20 13:32:06 | 000,000,000 | R--D | M] -- C:\Users\Most Exalted One\Links
[2013-07-19 00:54:58 | 000,000,000 | -HSD | M] -- C:\Users\Most Exalted One\Local Settings
[2013-07-19 00:54:58 | 000,000,000 | -HSD | M] -- C:\Users\Most Exalted One\Menu Start
[2013-07-19 00:54:58 | 000,000,000 | -HSD | M] -- C:\Users\Most Exalted One\Mijn documenten
[2013-07-29 23:55:56 | 000,000,000 | R--D | M] -- C:\Users\Most Exalted One\Music
[2013-07-19 00:54:58 | 000,000,000 | -HSD | M] -- C:\Users\Most Exalted One\NetHood
[2013-07-19 00:54:58 | 000,000,000 | -HSD | M] -- C:\Users\Most Exalted One\Netwerkprinteromgeving
[2013-07-29 23:56:03 | 000,000,000 | R--D | M] -- C:\Users\Most Exalted One\Pictures
[2013-07-19 00:54:58 | 000,000,000 | -HSD | M] -- C:\Users\Most Exalted One\Recent
[2013-07-19 01:08:17 | 000,000,000 | ---D | M] -- C:\Users\Most Exalted One\Roaming
[2009-07-14 04:34:59 | 000,000,000 | ---D | M] -- C:\Users\Most Exalted One\Saved Games
[2013-07-20 13:32:05 | 000,000,000 | R--D | M] -- C:\Users\Most Exalted One\Searches
[2013-07-19 00:54:58 | 000,000,000 | -HSD | M] -- C:\Users\Most Exalted One\SendTo
[2013-07-19 00:54:58 | 000,000,000 | -HSD | M] -- C:\Users\Most Exalted One\Sjablonen
[2013-07-19 01:27:51 | 000,000,000 | R--D | M] -- C:\Users\Most Exalted One\Videos
[2013-08-28 23:29:23 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2013-07-20 01:28:02 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2009-07-14 06:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009-07-14 04:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2013-07-21 12:14:55 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2012-07-10 20:50:04 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2012-07-10 20:49:44 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2013-07-19 01:08:17 | 000,000,000 | ---D | M] -- C:\Users\Public\Roaming
[2012-07-10 20:49:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
[2013-07-19 01:15:31 | 000,000,000 | -H-D | M] -- C:\Users\UpdatusUser\AppData
[2013-07-19 01:15:31 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Application Data
[2013-07-19 01:15:32 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\Contacts
[2013-07-19 01:15:31 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Cookies
[2013-07-20 13:42:41 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Desktop
[2013-07-19 01:15:31 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Documents
[2009-07-14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Downloads
[2009-07-14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Favorites
[2009-07-14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Links
[2013-07-19 01:15:31 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Local Settings
[2013-07-19 01:15:31 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Menu Start
[2013-07-19 01:15:31 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Mijn documenten
[2009-07-14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Music
[2013-07-19 01:15:31 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\NetHood
[2013-07-19 01:15:31 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Netwerkprinteromgeving
[2009-07-14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Pictures
[2013-07-19 01:15:31 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Recent
[2013-07-19 01:08:17 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\Roaming
[2009-07-14 04:34:59 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\Saved Games
[2013-07-19 01:15:32 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\Searches
[2013-07-19 01:15:31 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\SendTo
[2013-07-19 01:15:31 | 000,000,000 | -HSD | M] -- C:\Users\UpdatusUser\Sjablonen
[2009-07-14 04:34:59 | 000,000,000 | R--D | M] -- C:\Users\UpdatusUser\Videos
[2013-08-18 14:34:08 | 000,000,000 | ---D | M] -- C:\Users\User\Pictures
 
========== Purity Check ==========
 
 

< End of report >

Link to post
Share on other sites

Extras.txt:

 

OTL Extras logfile created on: 7-9-2013 14:03:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = Z:\
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
 
7,89 Gb Total Physical Memory | 5,87 Gb Available Physical Memory | 74,43% Memory free
15,78 Gb Paging File | 13,61 Gb Available in Paging File | 86,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,62 Gb Total Space | 8,92 Gb Free Space | 14,96% Space Free | Partition Type: NTFS
Drive Z: | 698,54 Gb Total Space | 287,47 Gb Free Space | 41,15% Space Free | Partition Type: NTFS
 
Computer Name: MSIGE70 | User Name: Most Exalted One | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3113198049-2749692753-1754522176-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "Z:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "Z:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Hwp.Print] -- Z:\Program Files\Haansoft Hangul 2007\Hwp70\HwpPrnMng.exe /p "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "Z:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "Z:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Hwp.Print] -- Z:\Program Files\Haansoft Hangul 2007\Hwp70\HwpPrnMng.exe /p "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{166AE546-ECDE-4022-A9F1-4A69711CD149}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A6715BD-525D-4783-97E1-22AE75C56F67}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1BFD8F8E-3BCB-4947-87EC-3E798079CD0E}" = lport=1317 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{1CD7C57C-CF19-44E9-A08C-22474A3654F2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{276B7309-A38A-410D-9C85-5E9E9413DF28}" = rport=1900 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{348C2275-785B-40A9-B854-BCC1A7832E5A}" = rport=137 | protocol=17 | dir=out | app=system |
"{39127D91-9893-404E-AEAA-84F7A4AF8A18}" = rport=138 | protocol=17 | dir=out | app=system |
"{51CF8E2E-D62E-465B-9AF0-568E7FBF7EC5}" = lport=67 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{68201E41-1058-4C82-9482-5FDF8C87AD47}" = lport=139 | protocol=6 | dir=in | app=system |
"{7CEE52F6-B5D2-4D2C-A03C-3A556CBA8186}" = lport=53 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{7E16B186-51AA-48EC-8D35-77D3ADB1F021}" = rport=139 | protocol=6 | dir=out | app=system |
"{80A262C4-DA3D-4AEA-8898-596BFB564AEE}" = rport=2869 | protocol=6 | dir=out | app=system |
"{8FB3AC3A-B0D9-4F7E-BF67-2AF427445B86}" = lport=137 | protocol=17 | dir=in | app=system |
"{9F3CA28F-F30E-4D56-A69D-1834C5C1DD9E}" = lport=1303 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{A89584DF-85D3-41B4-B5EE-7A5A5412CE06}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A89A67EE-3020-44AF-9159-3DFA749F0DA6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9D59F37-6470-43E4-B9EA-913E8D773446}" = lport=2987 | protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"{BD218580-8193-4370-8B87-E6CA4243E706}" = lport=547 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{C253C58E-424D-4F0E-8143-50226BCCA789}" = lport=1900 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{C9F87B42-D1E5-4343-9D08-F118B3676500}" = rport=445 | protocol=6 | dir=out | app=system |
"{CCF2A35B-9D44-46DD-8392-970D0DB59497}" = lport=68 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{D1AFA4E2-009A-4470-8BAC-E548117B2D08}" = lport=138 | protocol=17 | dir=in | app=system |
"{D4A17444-BA03-4D56-9197-A1EC5CE282B0}" = lport=445 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07A8BAE7-968D-43EE-BF64-7E9E50D6F35D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{0D65FBC3-104A-4A64-A39F-95BEFE16AACB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{13E65329-294C-47AD-9A37-BA06670A5AE0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2254F824-A9EE-443B-82B3-6F84C86088FD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{335EBDE1-80BB-4BC5-8721-63C12DE6D5B9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{513C0941-DC1A-4E54-A779-5B39F8986CBF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{5B80921B-9FA9-45AB-A488-13D2D410A626}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{6B0EABB0-69EE-44A9-B27D-3CC334F02F04}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{70F6478F-2DEA-4575-BEEE-6EFDA6C2110E}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicatorcom.exe |
"{71A2F9BD-285D-4829-BF79-47B13267ACDC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{72BAFF8E-E926-43F7-A4B0-5A74FFC3705F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{7911BB91-EDEA-4C6D-B911-4D03E542ABED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B7B3096-26EC-4EE4-8826-87A631BF025C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7EAC1F2F-90D3-403D-A964-79081854B4BE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{86AD5B2E-7018-41D5-A88C-5F7463892510}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{92BE601E-81C9-45D8-B59D-559A1838A564}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{990DE44A-5633-4F4B-87B9-0AFB453283BB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{9BB28987-048F-4DE9-AF3A-09088D022514}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A1247988-5908-4943-BC1E-E6DB44C4ED44}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{A1AACF5E-D600-4092-9B31-C5E32264FC1C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{B26F1432-3130-4F5E-8C7A-6521F4257377}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B2B7CA34-E11B-4FAE-B116-A5E64D1F64FA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B6B98500-6C11-41CE-9256-02BD2944EA32}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BDA22CDC-EAFD-47B5-99F8-D96A1A7D2FA7}" = dir=in | app=z:\program files\itunes\itunes.exe |
"{BDADEDDE-7274-4758-9DF7-C3D5333C3C1B}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe |
"{C48FD4C1-11A9-4432-8DCD-26B8986D1B45}" = dir=out | app=c:\windows\system32\svchost.exe |
"{C519CDC2-3FDD-49AC-B045-CDF9402F56D6}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\devicesetup.exe |
"{CCEC4D7B-92D9-4BED-B8CF-DF741C20AF02}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D8360AEB-9A70-483D-B60B-0117213AD8AE}" = protocol=58 | dir=in | name=internet connection sharing (router solicitation-in) |
"{E078F810-5083-43B6-B60C-78C3FCC2EB50}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E32EE1FB-7098-477E-8033-A82B1CAD1D42}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{E98AA397-7C91-44F6-995B-37E708DAD45C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FEFF04D9-9A4B-47A8-980C-B2818891E068}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"TCP Query User{070536B6-29B6-4C25-BF99-47444127C789}C:\program files (x86)\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"TCP Query User{1D4B5196-4903-4270-B1AF-C44E0334E0F5}Z:\games\shadowrun returns\shadowrun.exe" = protocol=6 | dir=in | app=z:\games\shadowrun returns\shadowrun.exe |
"TCP Query User{3A98F826-19CD-4F9F-91BF-5A46CAEE553E}Z:\games\mass effect 3\binaries\win32\masseffect3.exe" = protocol=6 | dir=in | app=z:\games\mass effect 3\binaries\win32\masseffect3.exe |
"TCP Query User{3D2418C8-2FDC-4D4C-84B8-3FF55A30A00A}C:\program files (x86)\combined community codec pack\mpc\mpc-hc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\combined community codec pack\mpc\mpc-hc.exe |
"TCP Query User{75953F2A-0F16-4868-8711-8B630925FC94}C:\program files (x86)\combined community codec pack\mpc\mpc-hc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\combined community codec pack\mpc\mpc-hc.exe |
"TCP Query User{7DAEE230-AC17-44F5-871C-57A49B483BD8}Z:\games\shadowrun returns\shadowrun.exe" = protocol=6 | dir=in | app=z:\games\shadowrun returns\shadowrun.exe |
"TCP Query User{B71633AF-A77F-48BE-9B53-EF05AF07F048}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{C9B87AAB-E686-4510-BB0F-0F2594740540}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe |
"TCP Query User{CBB80B7F-CCF7-421E-AA13-C712CFE3D8CB}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{E00EAC0D-4601-428D-8819-F90FC0430FF6}Z:\games\divinity dragon commander\shipping\dcapp.exe" = protocol=6 | dir=in | app=z:\games\divinity dragon commander\shipping\dcapp.exe |
"UDP Query User{18A4B7E7-8530-40EF-A3CD-A1F9EBF64AFD}Z:\games\divinity dragon commander\shipping\dcapp.exe" = protocol=17 | dir=in | app=z:\games\divinity dragon commander\shipping\dcapp.exe |
"UDP Query User{1A92FD37-1163-4629-B77B-6BB2C7048DEB}C:\program files (x86)\combined community codec pack\mpc\mpc-hc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\combined community codec pack\mpc\mpc-hc.exe |
"UDP Query User{1FF971D6-7199-4DA0-AEC2-7EE97CABDB5F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{30918061-4417-4BA2-9790-80FE04B71A96}Z:\games\mass effect 3\binaries\win32\masseffect3.exe" = protocol=17 | dir=in | app=z:\games\mass effect 3\binaries\win32\masseffect3.exe |
"UDP Query User{3D3BD9E2-80D0-4AA9-8D4D-FA98FCB4DBCF}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe |
"UDP Query User{4C325265-38B0-45C1-9A5E-9425C64D9012}Z:\games\shadowrun returns\shadowrun.exe" = protocol=17 | dir=in | app=z:\games\shadowrun returns\shadowrun.exe |
"UDP Query User{5265F4E1-53B9-4B16-98C8-729EF1A5535C}C:\program files (x86)\connectify\connectify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"UDP Query User{9F3436DB-6C79-4036-8EE0-145CCA9E1641}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{C5943E46-F013-443F-BF2E-6876289589FD}Z:\games\shadowrun returns\shadowrun.exe" = protocol=17 | dir=in | app=z:\games\shadowrun returns\shadowrun.exe |
"UDP Query User{EAA5ABD1-3449-44A3-AAF7-CA3996A87576}C:\program files (x86)\combined community codec pack\mpc\mpc-hc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\combined community codec pack\mpc\mpc-hc.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1EAE3FBF-E39F-4B65-ACEE-560A16CD1F44}" = Intel® PROSet/Wireless WiFi Software Driver
"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{4567EA14-6BCA-3EF9-859B-92CE48B1D704}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5972F3C3-5563-47D2-BEE3-1AFEBDD17DA2}" = ESET NOD32 Antivirus
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170250}" = Java SE Development Kit 7 Update 25 (64-bit)
"{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}" = Adobe Photoshop Lightroom 5 64-bit
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A10B1524-63B5-40F2-B272-D841CF671C16}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0169FD6-8590-451E-AEFF-A6253C0A850C}" = Intel® PROSet/Wireless for Bluetooth® + High Speed
"{B08ED12B-F101-45D1-B13C-B203EA67AD6B}" = HP Deskjet 3070 B611 series Basic Device Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA-configuratiescherm 296.31
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafisch stuurprogramma 296.31
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technologie monitor 2.0
"{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager
"{E7EBB2A5-8C76-4C16-95A3-2FC74BEDE270}" = Intel® PROSet/Wireless WiFi Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FEA1590B-540A-41FC-A95C-664493C82A21}" = Classic Shell
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 8.2.0.1406
"CCleaner" = CCleaner
"ComicRack" = ComicRack v0.9.170
"Connectify" = Connectify Hotspot
"CustoPackTools" = CustoPackTools
"Elantech" = ETDWare PS/2-X64 11.13.1.4_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"RW-Everything_is1" = RW-Everything v1.6.4
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{118F84A7-53AA-4BDB-AC4E-723B7B0D8A4B}" = S-Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{3C5F1B30-B10B-4579-86DD-D00F662E1043}" = Nero 8 Ultra Edition HD
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}" = THX TruStudio Pro
"{53C63F43-B827-42D9-8886-4698D91EA33B}" = System Requirements Lab for Intel
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619FA785-489B-4D22-911F-82D6EDF5BDB0}" = Battery Calibration
"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galactic Adventures
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00B0-0413-0000-0000000FF1CE}" = Microsoft-invoegtoepassing Opslaan als PDF voor 2007 Microsoft Office-programma's
"{901E0412-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Korean User Interface Pack
"{901E0413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Dutch User Interface Pack
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2423C36-006E-4270-AEBC-CFC4CAF2C310}" = Haansoft Hangul 2007
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E1B40232-F73B-4BF9-A819-E352CCC1EDEF}" = Citrix Online Launcher
"{e6d17d96-ddaa-476f-bb07-db601024ffb1}" = Intel® PROSet/Wireless Software
"{E77DA909-3532-4C95-AFEB-06310E88462A}" = System Requirements Lab CYRI
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"CDCE6956-DD16-4F82-ACA0-E4C7BAD6B26A_is1" = Divinity II - DKS
"ClassicPro" = ClassicPro© v2.01
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2013-08-01
"DAEMON Tools Lite" = DAEMON Tools Lite
"Daum Screensaver High" = Daum ½ºÅ©¸°¼¼À̹ö °íÈ­Áú¹öÀü
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Divinity: Dragon Commander_is1" = Divinity: Dragon Commander
"DVD X Player 4.0 Professional_is1" = DVD X Player 4.0 Professional
"Fraps" = Fraps (remove only)
"Glary Utilities 3" = Glary Utilities 3.9
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"ImgBurn" = ImgBurn
"InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager
"iView MediaPro3" = iView MediaPro3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Messenger Plus! for Skype" = Messenger Plus! for Skype
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.55a
"NirSoft ShellExView" = NirSoft ShellExView
"Rainmeter" = Rainmeter
"ResourceHacker_is1" = Resource Hacker Version 3.6.0
"RocketDock_is1" = RocketDock 1.3.5
"Shadowrun Returns_is1" = Shadowrun Returns
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3113198049-2749692753-1754522176-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.5.0.1132
"Winamp Detect" = Winamp Detector Plug-in
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3113198049-2749692753-1754522176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6-9-2013 11:26:29 | Computer Name = MsiGE70 | Source = Application Error | ID = 1000
Description = Faulting application name: ComicRack.exe, version: 0.0.0.0, time stamp:
 0x51c73d40  Faulting module name: cYo.Common.ni.dll, version: 1.0.4922.34851, time
 stamp: 0x51c73cb5  Exception code: 0xc0000005  Fault offset: 0x000000000019792b  Faulting
 process id: 0xd80  Faulting application start time: 0x01ceab1572834a6e  Faulting application
 path: C:\Program Files\ComicRack\ComicRack.exe  Faulting module path: C:\Windows\assembly\NativeImages_v4.0.30319_64\cYo.Common\40f32a734f94a2b06b3b20708a5f387f\cYo.Common.ni.dll
Report
 Id: b3554ca2-1708-11e3-920e-8c89a50666d8
 
Error - 6-9-2013 11:26:38 | Computer Name = MsiGE70 | Source = .NET Runtime | ID = 1026
Description =
 
Error - 6-9-2013 11:26:38 | Computer Name = MsiGE70 | Source = Application Error | ID = 1000
Description = Faulting application name: ComicRack.exe, version: 0.0.0.0, time stamp:
 0x51c73d40  Faulting module name: cYo.Common.ni.dll, version: 1.0.4922.34851, time
 stamp: 0x51c73cb5  Exception code: 0xc0000005  Fault offset: 0x000000000019792b  Faulting
 process id: 0x1bac  Faulting application start time: 0x01ceab1577c24b28  Faulting application
 path: C:\Program Files\ComicRack\ComicRack.exe  Faulting module path: C:\Windows\assembly\NativeImages_v4.0.30319_64\cYo.Common\40f32a734f94a2b06b3b20708a5f387f\cYo.Common.ni.dll
Report
 Id: b8755338-1708-11e3-920e-8c89a50666d8
 
Error - 6-9-2013 11:33:45 | Computer Name = MsiGE70 | Source = .NET Runtime | ID = 1026
Description =
 
Error - 6-9-2013 11:33:45 | Computer Name = MsiGE70 | Source = Application Error | ID = 1000
Description = Faulting application name: ComicRack.exe, version: 0.0.0.0, time stamp:
 0x51c73d40  Faulting module name: cYo.Common.ni.dll, version: 1.0.4922.34851, time
 stamp: 0x51c73cb5  Exception code: 0xc0000005  Fault offset: 0x000000000019792b  Faulting
 process id: 0x344  Faulting application start time: 0x01ceab1675df63f1  Faulting application
 path: C:\Program Files\ComicRack\ComicRack.exe  Faulting module path: C:\Windows\assembly\NativeImages_v4.0.30319_64\cYo.Common\40f32a734f94a2b06b3b20708a5f387f\cYo.Common.ni.dll
Report
 Id: b6e1ecbb-1709-11e3-920e-8c89a50666d8
 
Error - 6-9-2013 11:33:52 | Computer Name = MsiGE70 | Source = .NET Runtime | ID = 1026
Description =
 
Error - 6-9-2013 11:33:52 | Computer Name = MsiGE70 | Source = Application Error | ID = 1000
Description = Faulting application name: ComicRack.exe, version: 0.0.0.0, time stamp:
 0x51c73d40  Faulting module name: cYo.Common.ni.dll, version: 1.0.4922.34851, time
 stamp: 0x51c73cb5  Exception code: 0xc0000005  Fault offset: 0x000000000019792b  Faulting
 process id: 0x182c  Faulting application start time: 0x01ceab167a852fac  Faulting application
 path: C:\Program Files\ComicRack\ComicRack.exe  Faulting module path: C:\Windows\assembly\NativeImages_v4.0.30319_64\cYo.Common\40f32a734f94a2b06b3b20708a5f387f\cYo.Common.ni.dll
Report
 Id: bb898d3d-1709-11e3-920e-8c89a50666d8
 
Error - 7-9-2013 5:49:26 | Computer Name = MsiGE70 | Source = WinMgmt | ID = 10
Description =
 
Error - 7-9-2013 5:49:54 | Computer Name = MsiGE70 | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
 Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
 Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.  Component identity
 found in manifest does not match the identity of the component requested.  Reference
 is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".  Definition
 is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Please use
 sxstrace.exe for detailed diagnosis.
 
Error - 7-9-2013 6:55:55 | Computer Name = MsiGE70 | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
 live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
 files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8.  Component identity
 found in manifest does not match the identity of the component requested.  Reference
 is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".  Definition
 is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Please use
 sxstrace.exe for detailed diagnosis.
 
[ System Events ]
Error - 6-9-2013 11:06:08 | Computer Name = MsiGE70 | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
 
< End of report >

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

(Sorry, but part of it appears to be in Dutch)

Here we are:

 

ComboFix 13-09-06.01 - Most Exalted One 07-09-2013  20:10:24.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.31.1043.18.8081.5958 [GMT 2:00]
Gestart vanuit: Z:\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Most Exalted One\AppData\Roaming\Microsoft\Windows\Start Menu\Internet Explorer.lnk
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\systeminfo.dll
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2013-08-07 to 2013-09-07  ))))))))))))))))))))))))))))))
.
.
2013-09-07 18:13 . 2013-09-07 18:13    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-09-07 18:13 . 2013-09-07 18:13    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-09-06 11:03 . 2013-09-06 11:03    --------    d-----w-    c:\windows\ERUNT
2013-09-04 15:35 . 2013-09-04 15:35    --------    d-----w-    c:\users\Most Exalted One\AppData\Roaming\Malwarebytes
2013-09-04 15:35 . 2013-09-04 15:35    --------    d-----w-    c:\programdata\Malwarebytes
2013-09-04 15:35 . 2013-04-04 12:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-08-30 23:06 . 2013-08-30 23:06    --------    d-----w-    c:\program files (x86)\Daum
2013-08-30 21:03 . 2013-08-30 21:03    --------    d-----w-    c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2013-08-30 21:03 . 2013-08-30 21:06    --------    d-----w-    c:\users\Most Exalted One\AppData\Local\Divinity 2
2013-08-30 21:02 . 2013-08-30 21:02    --------    d-----w-    c:\programdata\Divinity 2
2013-08-29 21:33 . 2013-08-29 21:33    --------    d-----w-    c:\program files (x86)\Electronic Arts
2013-08-28 22:40 . 2013-08-28 22:40    --------    d-----w-    c:\windows\system32\W7TIC
2013-08-28 22:40 . 2010-11-21 03:24    780800    ----a-w-    c:\windows\system32\ActionCenter.dll.bak
2013-08-28 22:40 . 2010-11-21 03:23    1808384    ----a-w-    c:\windows\system32\pnidui.dll.bak
2013-08-28 22:40 . 2010-11-21 03:23    225280    ----a-w-    c:\windows\system32\SndVolSSO.dll.bak
2013-08-28 22:11 . 2011-02-25 06:19    2871808    ----a-w-    c:\windows\explorer - Copy.exe
2013-08-28 21:24 . 2013-08-28 22:19    --------    d-----w-    c:\programdata\CustoPackTools
2013-08-28 21:23 . 2013-09-02 18:13    --------    d-----w-    c:\program files (x86)\CustoPackTools
2013-08-28 18:41 . 2013-08-28 18:41    --------    d-----w-    c:\windows\SysWow64\FxsTmp
2013-08-28 18:41 . 2013-08-28 18:41    --------    d-----w-    c:\windows\system32\FxsTmp
2013-08-28 18:41 . 2013-08-28 18:41    --------    d-----w-    c:\windows\addins
2013-08-28 15:52 . 2009-07-14 01:41    44544    ----a-w-    c:\windows\system32\themeservice.dll.backup
2013-08-28 15:52 . 2010-11-21 03:23    2851840    ----a-w-    c:\windows\system32\themeui.dll.backup
2013-08-28 15:52 . 2009-07-14 01:41    332288    ----a-w-    c:\windows\system32\uxtheme.dll.backup
2013-08-27 21:07 . 2013-08-27 21:07    --------    d-----w-    c:\users\Most Exalted One\AppData\Roaming\Rainmeter
2013-08-27 21:07 . 2013-08-27 21:07    --------    d-----w-    c:\program files\Rainmeter
2013-08-27 08:50 . 2013-08-27 08:50    --------    d-----w-    c:\program files (x86)\Citrix
2013-08-27 08:50 . 2013-08-27 08:50    --------    d-----w-    c:\users\Most Exalted One\AppData\Local\Citrix
2013-08-26 12:24 . 2013-08-29 21:40    --------    d-----w-    c:\users\Most Exalted One\AppData\Roaming\SPORE
2013-08-22 15:08 . 2013-08-20 09:21    117024    ----a-w-    c:\windows\system32\BootDefrag.exe
2013-08-22 15:08 . 2013-08-22 15:08    --------    d-----w-    c:\users\Most Exalted One\AppData\Roaming\GlarySoft
2013-08-21 17:11 . 2013-08-21 17:11    17139080    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-08-18 11:58 . 2013-08-18 11:58    --------    d-----w-    c:\users\User
2013-08-18 11:36 . 2013-08-18 11:36    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2013-08-16 22:12 . 2013-08-16 22:12    --------    d-----w-    c:\users\Most Exalted One\AppData\Roaming\Greenshot
2013-08-16 22:12 . 2013-08-16 22:12    --------    d-----w-    c:\users\Most Exalted One\AppData\Local\Greenshot
2013-08-16 15:21 . 2013-08-16 15:21    --------    d-----w-    c:\users\Most Exalted One\AppData\Roaming\Mael
2013-08-16 15:18 . 2013-08-16 15:18    --------    d-----w-    c:\program files (x86)\HxD
2013-08-16 00:23 . 2013-07-15 02:34    9460976    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{423701D6-6F5C-4339-B5E6-34C0B9FBCF1E}\mpengine.dll
2013-08-15 20:18 . 2009-03-09 13:27    5425496    ----a-w-    c:\windows\system32\D3DX9_41.dll
2013-08-15 20:17 . 2006-03-31 10:41    3927248    ----a-w-    c:\windows\system32\d3dx9_30.dll
2013-08-15 20:17 . 2006-02-03 06:43    3830992    ----a-w-    c:\windows\system32\d3dx9_29.dll
2013-08-15 20:17 . 2006-02-03 06:42    355536    ----a-w-    c:\windows\system32\xactengine2_0.dll
2013-08-15 20:17 . 2006-02-03 06:41    16592    ----a-w-    c:\windows\system32\x3daudio1_0.dll
2013-08-15 20:17 . 2005-12-05 16:09    3815120    ----a-w-    c:\windows\system32\d3dx9_28.dll
2013-08-15 20:17 . 2005-07-22 17:59    3807440    ----a-w-    c:\windows\system32\d3dx9_27.dll
2013-08-15 20:17 . 2005-05-26 13:34    3767504    ----a-w-    c:\windows\system32\d3dx9_26.dll
2013-08-15 20:17 . 2005-03-18 15:19    3823312    ----a-w-    c:\windows\system32\d3dx9_25.dll
2013-08-15 20:17 . 2005-02-05 17:45    3544272    ----a-w-    c:\windows\system32\d3dx9_24.dll
2013-08-15 18:07 . 2012-10-17 02:31    741480    ------w-    c:\windows\system32\HPDiscoPMa211.dll
2013-08-15 18:07 . 2013-08-15 18:07    --------    d-----w-    c:\programdata\HP
2013-08-15 18:07 . 2013-08-15 18:07    --------    d-----w-    c:\program files (x86)\HP
2013-08-15 18:07 . 2013-08-15 18:07    --------    d-----w-    c:\program files\HP
2013-08-15 18:06 . 2013-08-15 18:06    --------    d-----w-    c:\users\Most Exalted One\AppData\Local\HP
2013-08-15 15:09 . 2013-08-15 15:09    --------    d-----w-    c:\windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP
2013-08-15 00:13 . 2013-08-15 00:13    --------    d-----w-    c:\users\Most Exalted One\AppData\Roaming\Nero
2013-08-14 22:29 . 2013-08-14 22:29    --------    d--h--r-    c:\users\Most Exalted One\AppData\Roaming\SecuROM
2013-08-14 22:29 . 2013-08-14 22:29    178800    ----a-w-    c:\windows\SysWow64\CmdLineExt_x64.dll
2013-08-14 18:20 . 2013-08-14 18:20    --------    d-----w-    c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2013-08-14 18:20 . 2013-08-30 21:03    --------    d-----w-    c:\program files (x86)\Common Files\Wise Installation Wizard
2013-08-14 18:05 . 2013-09-06 21:55    --------    d-----w-    c:\program files (x86)\Common Files\BioWare
2013-08-14 18:05 . 2013-09-06 21:54    --------    d-----w-    c:\programdata\Media Center Programs
2013-08-13 15:18 . 2013-08-13 15:18    --------    d-----w-    c:\program files\CCleaner
2013-08-12 15:22 . 2013-08-12 15:22    --------    d-----w-    c:\users\Most Exalted One\AppData\Roaming\iView
2013-08-12 15:22 . 2013-08-12 15:22    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-08-12 15:22 . 2013-08-12 15:22    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-08-12 15:22 . 2013-08-12 15:22    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-08-12 15:22 . 2013-08-12 15:22    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-08-12 15:22 . 2013-08-12 15:22    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-08-12 15:21 . 2013-08-12 15:22    --------    d-----w-    c:\program files (x86)\QuickTime
2013-08-12 15:18 . 2013-08-12 15:18    --------    d-----w-    c:\program files (x86)\Common Files\Nikon
2013-08-12 14:47 . 2013-08-12 14:47    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2013-08-09 17:52 . 2013-08-09 17:55    --------    d-----w-    c:\users\Most Exalted One\AppData\Roaming\Origin
2013-08-09 17:52 . 2013-08-09 22:03    --------    d-----w-    c:\programdata\Origin
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-07 18:13 . 2013-09-07 18:13    76232    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{423701D6-6F5C-4339-B5E6-34C0B9FBCF1E}\offreg.dll
2013-08-21 17:11 . 2012-07-10 18:40    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-21 17:11 . 2012-07-10 18:40    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-04 20:13 . 2013-08-04 20:13    43520    ----a-w-    c:\windows\SysWow64\CmdLineExt03.dll
2013-07-20 16:36 . 2013-07-20 16:36    108968    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2013-07-20 16:36 . 2013-07-20 16:36    312232    ----a-w-    c:\windows\system32\javaws.exe
2013-07-20 16:36 . 2013-07-20 16:36    189352    ----a-w-    c:\windows\system32\javaw.exe
2013-07-20 16:36 . 2013-07-20 16:36    188840    ----a-w-    c:\windows\system32\java.exe
2013-07-20 16:36 . 2012-07-10 18:42    972712    ----a-w-    c:\windows\system32\deployJava1.dll
2013-07-20 16:36 . 2012-07-10 18:42    1093032    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-07-20 00:41 . 2013-07-20 00:41    31344    ----a-w-    c:\windows\system32\drivers\cnnctfy2.sys
2013-07-20 00:24 . 2013-07-20 00:24    279616    ----a-w-    c:\windows\system32\drivers\dtsoftbus01.sys
2013-07-19 21:34 . 2013-07-19 21:34    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-07-19 21:34 . 2013-07-19 21:34    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-07-19 21:34 . 2013-07-19 21:34    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-07-19 21:34 . 2013-07-19 21:34    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-07-19 21:34 . 2013-07-19 21:34    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-07-19 21:34 . 2013-07-19 21:34    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-07-19 21:34 . 2013-07-19 21:34    89600    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-07-19 21:34 . 2013-07-19 21:34    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-07-19 21:34 . 2013-07-19 21:34    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-07-19 21:34 . 2013-07-19 21:34    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-07-19 21:34 . 2013-07-19 21:34    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-07-19 21:34 . 2013-07-19 21:34    67072    ----a-w-    c:\windows\system32\iesetup.dll
2013-07-19 21:34 . 2013-07-19 21:34    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-07-19 21:34 . 2013-07-19 21:34    61440    ----a-w-    c:\windows\SysWow64\iesetup.dll
2013-07-19 21:34 . 2013-07-19 21:34    53248    ----a-w-    c:\windows\system32\jsproxy.dll
2013-07-19 21:34 . 2013-07-19 21:34    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-07-19 21:34 . 2013-07-19 21:34    51712    ----a-w-    c:\windows\system32\ie4uinit.exe
2013-07-19 21:34 . 2013-07-19 21:34    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-07-19 21:34 . 2013-07-19 21:34    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-07-19 21:34 . 2013-07-19 21:34    441856    ----a-w-    c:\windows\system32\html.iec
2013-07-19 21:34 . 2013-07-19 21:34    39936    ----a-w-    c:\windows\system32\iernonce.dll
2013-07-19 21:34 . 2013-07-19 21:34    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-07-19 21:34 . 2013-07-19 21:34    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-07-19 21:34 . 2013-07-19 21:34    2877440    ----a-w-    c:\windows\SysWow64\jscript9.dll
2013-07-19 21:34 . 2013-07-19 21:34    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-07-19 21:34 . 2013-07-19 21:34    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-07-19 21:34 . 2013-07-19 21:34    2706432    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-07-19 21:34 . 2013-07-19 21:34    2648576    ----a-w-    c:\windows\system32\iertutil.dll
2013-07-19 21:34 . 2013-07-19 21:34    235008    ----a-w-    c:\windows\system32\url.dll
2013-07-19 21:34 . 2013-07-19 21:34    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-07-19 21:34 . 2013-07-19 21:34    2241024    ----a-w-    c:\windows\system32\wininet.dll
2013-07-19 21:34 . 2013-07-19 21:34    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-07-19 21:34 . 2013-07-19 21:34    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-07-19 21:34 . 2013-07-19 21:34    1767936    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-07-19 21:34 . 2013-07-19 21:34    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-07-19 21:34 . 2013-07-19 21:34    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-07-19 21:34 . 2013-07-19 21:34    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-07-19 21:34 . 2013-07-19 21:34    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-07-19 21:34 . 2013-07-19 21:34    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-07-19 21:34 . 2013-07-19 21:34    1365504    ----a-w-    c:\windows\system32\urlmon.dll
2013-07-19 21:34 . 2013-07-19 21:34    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-07-19 21:34 . 2013-07-19 21:34    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-07-19 21:34 . 2013-07-19 21:34    109056    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-07-19 21:34 . 2013-07-19 21:34    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-07-19 21:34 . 2013-07-19 21:34    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-07-19 21:34 . 2013-07-19 21:34    855552    ----a-w-    c:\windows\system32\jscript.dll
2013-07-19 21:34 . 2013-07-19 21:34    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-07-19 21:34 . 2013-07-19 21:34    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-07-19 21:34 . 2013-07-19 21:34    603136    ----a-w-    c:\windows\system32\msfeeds.dll
2013-07-19 21:34 . 2013-07-19 21:34    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-07-19 21:34 . 2013-07-19 21:34    526336    ----a-w-    c:\windows\system32\ieui.dll
2013-07-19 21:34 . 2013-07-19 21:34    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-07-19 21:34 . 2013-07-19 21:34    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-07-19 21:34 . 2013-07-19 21:34    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-07-19 21:34 . 2013-07-19 21:34    3958784    ----a-w-    c:\windows\system32\jscript9.dll
2013-07-19 21:34 . 2013-07-19 21:34    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-07-19 21:34 . 2013-07-19 21:34    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-07-19 21:34 . 2013-07-19 21:34    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-07-19 21:34 . 2013-07-19 21:34    19238912    ----a-w-    c:\windows\system32\mshtml.dll
2013-07-19 21:34 . 2013-07-19 21:34    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-07-19 21:34 . 2013-07-19 21:34    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-07-19 21:34 . 2013-07-19 21:34    15404032    ----a-w-    c:\windows\system32\ieframe.dll
2013-07-19 21:34 . 2013-07-19 21:34    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-07-19 21:34 . 2013-07-19 21:34    149504    ----a-w-    c:\windows\system32\occache.dll
2013-07-19 21:34 . 2013-07-19 21:34    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-07-19 21:34 . 2013-07-19 21:34    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-07-19 21:34 . 2013-07-19 21:34    136704    ----a-w-    c:\windows\system32\iesysprep.dll
2013-07-19 21:34 . 2013-07-19 21:34    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-07-19 21:34 . 2013-07-19 21:34    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-07-19 21:34 . 2013-07-19 21:34    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-07-19 21:34 . 2013-07-19 21:34    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-07-19 21:32 . 2013-07-19 21:32    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-19 21:32 . 2013-07-19 21:32    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-19 21:32 . 2013-07-19 21:32    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-19 21:32 . 2013-07-19 21:32    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-19 21:32 . 2013-07-19 21:32    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-19 21:32 . 2013-07-19 21:32    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-19 21:32 . 2013-07-19 21:32    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-19 21:32 . 2013-07-19 21:32    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-19 21:32 . 2013-07-19 21:32    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-19 21:32 . 2013-07-19 21:32    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-19 21:32 . 2013-07-19 21:32    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-19 21:32 . 2013-07-19 21:32    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-19 21:32 . 2013-07-19 21:32    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-19 21:32 . 2013-07-19 21:32    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-19 21:32 . 2013-07-19 21:32    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-19 21:32 . 2013-07-19 21:32    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-19 21:32 . 2013-07-19 21:32    1158144    ----a-w-    c:\windows\SysWow64\XpsPrint.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GamingMouseEditor"="c:\program files (x86)\GamingMouseEditor\GamingMouseEditor\GamingMouseEditor.exe" [2012-08-17 3333120]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"THX Audio Control Panel"="c:\program files (x86)\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2011-08-29 1517056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
De Killer Network Manager van Qualcomm Atheros.lnk - c:\program files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe -minimized [2013-2-19 553984]
sbar_hide.exe [2012-1-15 8192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RUN.CMD [2012-1-8 306]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe;c:\program files (x86)\Connectify\ConnectifyService.exe [x]
R2 MBAMScheduler;MBAMScheduler;z:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe;z:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;z:\program files\Malwarebytes' Anti-Malware\mbamservice.exe;z:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiaga.sys;c:\windows\SYSNATIVE\drivers\bxdiaga.sys [x]
R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys;c:\windows\SYSNATIVE\drivers\bxfcoe.sys [x]
R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys;c:\windows\SYSNATIVE\drivers\bxois.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IAMTVE;Stuurprogramma voor Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTVE.sys;c:\windows\SYSNATIVE\drivers\IAMTVE.sys [x]
R3 IAMTXPE;Stuurprogramma voor Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXPE.sys;c:\windows\SYSNATIVE\drivers\IAMTXPE.sys [x]
R3 IFCoEMP;IFCoEMP;c:\windows\system32\drivers\ifM60x64.sys;c:\windows\SYSNATIVE\drivers\ifM60x64.sys [x]
R3 IFCoEVB;IFCoEVB;c:\windows\system32\drivers\ifP60X64.sys;c:\windows\SYSNATIVE\drivers\ifP60X64.sys [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys;c:\windows\SYSNATIVE\Drivers\qd162x64.sys [x]
R3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys;c:\windows\SYSNATIVE\Drivers\qd262x64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 iusb3hcs;Intel® USB 3.0 hostcontrollerswitch-stuurprogramma;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 BfLwf;Qualcomm Atheros Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]
S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys;c:\windows\SYSNATIVE\DRIVERS\cnnctfy2.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\S-Bar\MSIService.exe;c:\program files (x86)\S-Bar\MSIService.exe [x]
S2 MsgPlusService;Messenger Plus! Service;c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe;c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [x]
S2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe;c:\windows\UnsignedThemesSvc.exe [x]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys;c:\windows\SYSNATIVE\drivers\uxpatch.sys [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtuele adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 hub-stuurprogramma;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 uitbreidbare hostcontroller-stuurprogramma;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 Ke2200;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2013-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-10 17:11]
.
2013-09-07 c:\windows\Tasks\GlaryInitialize 3.job
- z:\program files\Glary Utilities 3\Initialize.exe [2013-08-20 09:19]
.
2013-08-23 c:\windows\Tasks\GlaryUpdate 3.job
- z:\program files\Glary Utilities 3\CheckUpdate.exe [2013-08-20 09:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-05-31 184112]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-06-18 11586944]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-06-05 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-06-05 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-06-05 444400]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2013-06-29 151552]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-07-09 13632216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - z:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send to Bluetooth - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: Verzenden naar Bluetooth - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
FF - ProfilePath - c:\users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\
FF - prefs.js: browser.search.selectedEngine - Google.com (in English)
FF - prefs.js: browser.startup.homepage - Google.com/ncr
FF - ExtSQL: 2013-07-20 21:03; nosquint@urandom.ca; c:\users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\nosquint@urandom.ca.xpi
FF - ExtSQL: 2013-07-20 23:50; {F0B24ABB-A42D-4c82-AF2C-3FA6FF27E2C0}; c:\users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\{F0B24ABB-A42D-4c82-AF2C-3FA6FF27E2C0}.xpi
FF - ExtSQL: 2013-08-22 18:08; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF - ExtSQL: 2013-08-22 19:23; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF - ExtSQL: 2013-08-22 20:31; {5C655500-E712-41e7-9349-CE462F844B19}; c:\users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi
FF - ExtSQL: 2013-08-28 20:31; {fe272bd1-5f76-4ea4-8501-a05d35d823fc}; c:\users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
FF - ExtSQL: 2013-08-29 00:26; {f69e22c7-bc50-414a-9269-0f5c344cd94c}; c:\users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}
FF - ExtSQL: 2013-09-06 22:46; {9bc51d13-3849-4541-a69c-da418934ca05}; c:\users\Most Exalted One\AppData\Roaming\Mozilla\Firefox\Profiles\tz1sjbrn.User\extensions\{9bc51d13-3849-4541-a69c-da418934ca05}.xpi
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3113198049-2749692753-1754522176-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-3113198049-2749692753-1754522176-1000)
@Denied: (2) (LocalSystem)
"Progid"="Microsoft Internet Mail Message WLMail"
.
[HKEY_USERS\S-1-5-21-3113198049-2749692753-1754522176-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-3113198049-2749692753-1754522176-1000)
@Denied: (2) (LocalSystem)
"Progid"="Microsoft Internet Mail VCard WLMail"
.
[HKEY_USERS\S-1-5-21-3113198049-2749692753-1754522176-1000\Software\SecuROM\License information*]
"datasecu"=hex:1c,2b,67,c8,15,f6,31,ac,89,cb,c0,37,98,03,4d,b1,fb,9b,30,92,0d,
   e2,e4,cb,37,9e,70,af,7d,cd,c4,bf,dc,0d,1e,59,23,0a,9b,28,88,93,27,c7,93,45,\
"rkeysecu"=hex:5c,98,2c,0b,4c,df,53,e4,1a,ae,7e,d9,17,5e,b2,ab
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2013-09-07  20:15:16
ComboFix-quarantined-files.txt  2013-09-07 18:15
.
Pre-Run: 9.452.752.896 bytes free
Post-Run: 9.442.197.504 bytes free
.
- - End Of File - - 32569EA73D437B04303A65B797CA3683
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

Well, I ran it anyway and it did come up with a few results. Luckily I didn't choose to delete them automatically though since it also thought MSNPlus! and winamp were malware. The other two are clearly trouble though. Should I manually delete them or scan again with my NOD32 and let that delete them?

 

Here's the report:

C:\Program Files (x86)\CustoPackTools\utils\ask\AskInstallChecker.exe    a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files (x86)\CustoPackTools\utils\ask\askToolbarInstaller.exe    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Most Exalted One\Documents\Software\Setup-PlusForSkype-2.0_FF.exe    a variant of Win32/MessengerPlus.A application
C:\Users\Most Exalted One\Documents\Software\winamp564_full_emusic-7plus_en-us.exe    Win32/OpenCandy application

Link to post
Share on other sites

Looks crapware to me.

C:\Program Files (x86)\CustoPackTools\utils\ask\AskInstallChecker.exe a variant of Win32/Bundled.Toolbar.Ask application

C:\Program Files (x86)\CustoPackTools\utils\ask\askToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask application

All companies that frustrate users and integrate ask toolbar to their software, for me they are traitors.

Reset your Firefox:

https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

Reboot and let me know.

Link to post
Share on other sites

You're right, actually the whole setup for that program was riddled with "Click next if you agree to install this toolbar and change your home page" and "Donate to our sponsors" crap.

 

The thing with the popups is that it doesn't happen often, so I won't be able to tell if it worked for a while.

I backed up my profile and will see what happens. Will post here after a while.

 

Thanks for your patience!

Link to post
Share on other sites

Glad I could help! :)

Step 1

Please run OTL and click on CleanUp button.

Step 2

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Please uninstall ESET Online Scanner .

Step 4

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.