Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to get rid of Precisead Popups


  • This topic is locked This topic is locked
64 replies to this topic

#1 Wolf2510

Wolf2510

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 09 February 2010 - 06:00 PM

Hey,

since a month ago, I started to get pop-ups from Precisead. I've already looked up a lot of information on this infection, followed some guides, and I was able to get rid of infected files, and for a moment everything seemed to be fine, but eventually I started to get the popups again, though at a slower rate (but it's still quite annoying). So I would go to youtube (for example), and almost every time, I get a popup that says: Ad served by precisead, and the popup is about a website called yoolu (?). Also, I only use firefox, so I'm not sure if IE gives the same problems...

This is my HJT-log (thanks in advance for the help)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:55:50, on 9/02/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Verzenden naar &Bluetooth-apparaat... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe

--
End of file - 12303 bytes


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:22 AM

Posted 15 February 2010 - 07:54 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 Wolf2510

Wolf2510
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 16 February 2010 - 12:15 PM

Hey there m0le,

thanks for the reply smile.gif Yeah I understand about the amount of work you must have, looking at the number of topics O_O So I'll try to be as quick as possible in my replies smile.gif

I have subscribed to the topic, so I'll know as soon as I get an update!

Thanks again,

Mattias

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:22 AM

Posted 16 February 2010 - 04:36 PM

Okay, let's start with a run of Gmer to check for rootkits

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#5 Wolf2510

Wolf2510
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 16 February 2010 - 06:29 PM

Hey m0le,

I have a problem with GMER. When I want to load it, I get an error saying that "c:/windows/system32/config/system: The system cannot find the file specified"

I'm using windows 7 though, and apparently GMER doesn't work for windows 7? Or am I wrong?

Anything that can be done? Or should I just click 'scan' anyway?

Thank you

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:22 AM

Posted 16 February 2010 - 06:56 PM

Try this scan instead.

Please download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

Posted Image
m0le is a proud member of UNITE

#7 Wolf2510

Wolf2510
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 17 February 2010 - 05:46 PM

Hey,

I did the scan as you recommended. I was unable to check the box "running processes" before clicking scan though. I don't know why, but it was greyed out... I did the scan, and this was the result. There were no files that needed to be removed.

This is the log:


Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 17/02/2010 at 22:36:02
User "Mattias" on computer "MATTIAS-PC"
Windows version 6.1 SP 0.0 build 7600 SM=0x300 PT=0x1 WOW64
Info: Starting registry scan.
Hidden: registry item \HKEY_USERS\S-1-5-18\Keyboard Layout\Substitutes\d0010413
Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Microsoft\CTF\Assemblies\0x00000413
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\SwSetup\CyberDVD\Stage1\ISSetup.dll
Hidden: file C:\SwSetup\CyberDVD\Stage1\LPrint\ISSetup.dll
Hidden: file C:\SwSetup\CyberDVD\Stage1\P2Go\ISSetup.dll
Hidden: file C:\SwSetup\CyberDVD\Stage1\PDIR\ISSetup.dll
Hidden: file C:\SwSetup\CyberDVD\Stage1\PStarter\ISSetup.dll
Hidden: file C:\SwSetup\CyberDVD\Stage2\ISSetup.dll
Hidden: file C:\SwSetup\CyberDVD\Stage2\LPrint\ISSetup.dll
Hidden: file C:\SwSetup\CyberDVD\Stage2\P2Go\ISSetup.dll
Hidden: file C:\SwSetup\CyberDVD\Stage2\PDIR\ISSetup.dll
Hidden: file C:\SwSetup\CyberDVD\Stage2\PhotoNow\ISSetup.dll
Hidden: file C:\SwSetup\CyberDVD\Stage2\PStarter\ISSetup.dll
Hidden: file C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Hidden: file C:\Users\Mattias\AppData\Local\Temp\Component Update 826
Hidden: file C:\Users\Mattias\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17ORZRTO\setup[1].exe
Hidden: file C:\Users\Mattias\Documents\Downloadingen\asx-p8-ds2.exe
Hidden: file C:\Users\Mattias\Documents\Downloadingen\Vanalles\RADTools.exe
Hidden: file C:\Program Files (x86)\Combined Community Codec Pack\Settings.exe
Hidden: file C:\Windows\winsxs\Manifests\amd64_microsoft-windows-k..eo-capture-plug-ins_31bf3856ad364e35_6.1.7600.16385_none_515f8e205a49ac85.manifest
Hidden: file C:\Program Files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\ISSetup.dll
Hidden: file C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Hidden: file C:\Program Files (x86)\AviSynth 2.5\Uninstall.exe
Hidden: file C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe
Hidden: file C:\Program Files (x86)\TabletPlugins\ieInstall.exe
Hidden: file C:\Program Files (x86)\TabletPlugins\npInstall.exe
Hidden: file C:\Program Files (x86)\7-Zip\Uninstall.exe
Hidden: file C:\Users\Mattias\Documents\Downloadingen\dvdfabplatinum3108-(Ghosthunter).exe
Hidden: file C:\Users\Mattias\Documents\Downloadingen\DVDFabPlatinum4062.exe
Hidden: file C:\Users\Mattias\Documents\Downloadingen\GrabIt153b.exe
Hidden: file C:\Users\Mattias\Documents\Downloadingen\icechat-setup.exe
Hidden: file C:\Users\Mattias\Documents\Downloadingen\klcodec288f.exe
Hidden: file C:\Users\Mattias\Documents\Downloadingen\SkypeSetup.exe
Hidden: file C:\Users\Mattias\Documents\Downloadingen\tmsetup3.5d.exe
Hidden: file C:\Users\Mattias\Documents\Downloadingen\UruUpdate12.exe
Hidden: file C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe
Hidden: file C:\Users\Mattias\Documents\Downloadingen\Vanalles\Apo202.exe
Hidden: file C:\Windows\System32\drivers\sptd.sys
Hidden: file C:\Program Files (x86)\InstallShield Installation Information\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\ISSetup.dll
Hidden: file C:\Program Files (x86)\CAPCOM\DEVILMAYCRY4\DevilMayCry4_DX10.exe
Hidden: file C:\Program Files (x86)\CAPCOM\DEVILMAYCRY4\DevilMayCry4_DX9.exe
Hidden: file C:\Program Files (x86)\InstallShield Installation Information\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\ISSetup.dll
Hidden: file C:\Program Files (x86)\LimeWire\uninstall.exe
Hidden: file C:\Program Files (x86)\InstallShield Installation Information\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\ISSetup.dll
Hidden: file C:\Program Files (x86)\InstallShield Installation Information\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\ISSetup.dll
Hidden: file C:\Users\Mattias\AppData\Local\Temp\Component Update 7
Hidden: file C:\Users\Mattias\AppData\Local\Temp\Component Update 277
Hidden: file C:\Program Files (x86)\InstallShield Installation Information\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}\ISSetup.dll
Hidden: file C:\Program Files (x86)\InstallShield Installation Information\{40FEF622-6E0F-46B6-824B-A40C178FD4CD}\ISSetup.dll
Hidden: file C:\Program Files (x86)\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\ISSetup.dll
Hidden: file C:\Program Files (x86)\InstallShield Installation Information\{3023EBDA-BF1B-4831-B347-E5018555F26E}\ISSetup.dll
Hidden: file C:\Program Files (x86)\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\ISSetup.dll
Hidden: file C:\Program Files (x86)\InstallShield Installation Information\{67626E09-5366-4480-8F1E-93FADF50CA15}\ISSetup.dll
Hidden: file C:\Program Files (x86)\InstallShield Installation Information\{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}\ISSetup.dll
Hidden: file C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\ISSetup.dll
Hidden: file C:\Program Files (x86)\InstallShield Installation Information\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\ISSetup.dll
Info: Starting disk scan of D: (NTFS).
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Apo202.exe
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Apophysis208beta2.exe
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\SVG Viewer\SVGSetup-en_US.exe
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\AdobePS7.md0
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\AdobePS7.tb0
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Amoeba.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Bark.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Blistpnt.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Bricks.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Burlap.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Canvas.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Carpet.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Caviar.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Clouds.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Cndrblks.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Concrete.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Confetti.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Denim1.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Denim2.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Dgnscls1.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Dgnscls2.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Drvnsnow.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Feathers.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Footprts.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Frstdgls.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Frznrain.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Gauze.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Glassblk.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Irshsthr.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Knurl.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Leathr1.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Leathr2.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Lichen.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Lines.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Loosthds.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Mtns1.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Mtns2.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Noise.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Paper.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Paprcnvs.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Paprfibr.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Paprfine.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Paprrghr.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Paprwtcl.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Paprxrgh.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Papr_reg.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Papr_rgh.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Pinebark.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Puzzle.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Read Me.wri
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Rosette.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Rustflks.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Scrndoor.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Shagrug.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Shdplst1.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Shdplst2.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Shngls1.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Shngls2.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Snakskin.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Sphrgrid.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Sprsnois.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Strands1.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Strands2.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Stucco1.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Stucco2.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Stucco3.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Styrbals.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Textures.wri
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Thckhair.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Tilsbmpy.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Tilssmth.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Towel.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Tread.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Weave1.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Weave2.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Weave3.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Weave4.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Weave5.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Weave6.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Weave7.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Weave8.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Goodies\Textures for Lighting Effects\Web.psd
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Third Party Products\Alien Skin\EC4000Demo.EXE
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Third Party Products\Andromeda\Andromeda Photoshop 7 Demos\Artistic Screening Tools\NEW Cutline Demo\Install Cutline Demo.exe
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Third Party Products\Andromeda\Andromeda Photoshop 7 Demos\Artistic Screening Tools\NEW EtchTone Demo\Install EtchTone Demo.exe
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Third Party Products\Andromeda\Andromeda Photoshop 7 Demos\Artistic Screening Tools\Series 3 Screens Demo\Install Series 3 Demo.exe
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Third Party Products\Andromeda\Andromeda Photoshop 7 Demos\Graphic Design Resources\Series 2 3-D Luxe SAMPLER\Install Series 2 Demo.exe
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Third Party Products\Andromeda\Andromeda Photoshop 7 Demos\Graphic Design Resources\Shadow Filter Demo\Install Shadow Demo (CD).exe
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Third Party Products\Andromeda\Andromeda Photoshop 7 Demos\Photo Tools & Lens Effects\NEW LensDoc Demo\Install LensDoc Demo.exe
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Third Party Products\Andromeda\Andromeda Photoshop 7 Demos\Photo Tools & Lens Effects\NEW LensDoc Demo\LensDoc Demo Readme.WRI
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Third Party Products\Andromeda\Andromeda Photoshop 7 Demos\Photo Tools & Lens Effects\NEW LensDoc Demo\Correction Images\barreling.jpg
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Third Party Products\Andromeda\Andromeda Photoshop 7 Demos\Photo Tools & Lens Effects\NEW LensDoc Demo\Correction Images\perspective.jpg
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Third Party Products\Andromeda\Andromeda Photoshop 7 Demos\Photo Tools & Lens Effects\NEW Perspective Demo\Install Perspective Demo.exe
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Third Party Products\Andromeda\Andromeda Photoshop 7 Demos\Photo Tools & Lens Effects\NEW Perspective Demo\Perspective Demo Readme.WRI
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Third Party Products\Andromeda\Andromeda Photoshop 7 Demos\Photo Tools & Lens Effects\VariFocus Demo\Install VariFocus Demo.exe
Hidden: file D:\Belangrijk\Drawings - Fractals - Photoshop\Adobe Photoshop 7.0 FULL (+serial)\ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial\Third Party Products\Andromeda\Andromeda Photoshop 7 Demos\Scientific Tools\Measure Filter Demo\Install Measure Demo.exe
Hidden: file D:\Belangrijk\Games\postal2\System\Postal2-3.exe
Hidden: file D:\Belangrijk\Games\postal2\System\Postal2-Crack.ape
Hidden: file D:\Belangrijk\Games\postal2\System\Postal2-Crack.exe
Hidden: file D:\Belangrijk\Games\postal2\System\Postal2wrongcracked.exe
Info: Starting disk scan of E: (NTFS).
Stopped logging on 17/02/2010 at 23:26:36

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:22 AM

Posted 17 February 2010 - 08:08 PM

Interesting...when reviewing the log, it shows this:
QUOTE
Hidden: file D:\Belangrijk\Games\postal2\System\Postal2-3.exe
Hidden: file D:\Belangrijk\Games\postal2\System\Postal2-Crack.ape
Hidden: file D:\Belangrijk\Games\postal2\System\Postal2-Crack.exe
Hidden: file D:\Belangrijk\Games\postal2\System\Postal2wrongcracked.exe

Someone on this system was trying to access cracks or a 'keygen'....this is a certain way to attract malware to your system. As well as being illegal, 'Cracks' and 'Keygens' are often associated or loaded with malware, and should be avoided (along with 'crack' sites).


Let's see if they have introduced anything into the system.

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Then let's run an online scan, which will remove any infected files.

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#9 Wolf2510

Wolf2510
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 18 February 2010 - 04:35 PM

Hey m0le,

I did the two scans and these are the log files

From Malwarebytes

Malwarebytes' Anti-Malware 1.44
Database versie: 3756
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18/02/2010 20:27:18
mbam-log-2010-02-18 (20-27-18).txt

Scan type: Volledige Scan (C:\|D:\|E:\|)
Objecten gescand: 339727
Verstreken tijd: 53 minute(s), 39 second(s)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 1
Registerwaarden ge´nfecteerd: 0
Registerdata bestanden ge´nfecteerd: 0
Mappen ge´nfecteerd: 0
Bestanden ge´nfecteerd: 15

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels ge´nfecteerd:
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

Registerwaarden ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Mappen ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden ge´nfecteerd:
C:\Users\Mattias\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17ORZRTO\setup[1].exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\Mattias\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZQOCJUJW\setup[1].exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\Mattias\AppData\Local\Temp\Component Update 243 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\Mattias\AppData\Local\Temp\Component Update 277 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\Mattias\AppData\Local\Temp\Component Update 328 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\Mattias\AppData\Local\Temp\Component Update 374 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\Mattias\AppData\Local\Temp\Component Update 463 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\Mattias\AppData\Local\Temp\Component Update 475 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\Mattias\AppData\Local\Temp\Component Update 580 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\Mattias\AppData\Local\Temp\Component Update 6 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\Mattias\AppData\Local\Temp\Component Update 614 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\Mattias\AppData\Local\Temp\Component Update 648 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\Mattias\AppData\Local\Temp\Component Update 7 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\Mattias\AppData\Local\Temp\Component Update 826 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\Mattias\Documents\Downloadingen\asx-p8-ds2.exe (Malware.Packer) -> Quarantined and deleted successfully.

And from ESET

C:\Users\Mattias\Documents\Fun\Fable\FableTrn.exe probably a variant of Win32/Spy.Agent trojan cleaned by deleting - quarantined

Thank you smile.gif

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:22 AM

Posted 18 February 2010 - 07:49 PM

That looks good. There was still some annoying adware hidden away but that's gone now. ESET found the trojan executable.

How is the PC running now?


Posted Image
m0le is a proud member of UNITE

#11 Wolf2510

Wolf2510
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 19 February 2010 - 12:57 PM

I've just started internet again and I immediately got another Precisead popup >< I also notice that when I start Malwarebyte again, it still gives a warning about a registry key called "havingfunonline" Maybe they're related?

This is the result:

Registersleutels ge´nfecteerd:
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:22 AM

Posted 19 February 2010 - 02:23 PM

Yes, they are related and MBAM already deleted this registry key... huh.gif

Can you run MBAM again and see if the registry key returns and gets quarantined and deleted again.


Then please run OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
Thanks smile.gif
Posted Image
m0le is a proud member of UNITE

#13 Wolf2510

Wolf2510
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 19 February 2010 - 04:17 PM

Yeah I've noticed that before I contacted you as well, every time I scan with Malwarebyte, that registry key always returns...

These are the logs from OTL

First extras.txt

OTL Extras logfile created on: 19-2-2010 22:01:47 - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Mattias\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000413 | Country: BelgiŰ | Language: NLB | Date Format: d/MM/yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449,47 Gb Total Space | 337,05 Gb Free Space | 74,99% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 340,11 Gb Free Space | 73,02% Space Free | Partition Type: NTFS
Drive E: | 16,00 Gb Total Space | 2,61 Gb Free Space | 16,32% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MATTIAS-PC
Current User Name: Mattias
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java™ 6 Update 14 (64-bit)
"{601871C3-CAFA-4244-B67D-36EC9AFA67EC}" = HP 3D DriveGuard
"{62A20ECA-920E-4052-BF77-88C78DD20FAA}" = Validity Sensors DDK
"{82189AA3-7C75-41A1-B415-4D9EE254981E}" = Eraser 6.0.5.1114
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel« Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B812FCC0-6192-4BFA-A9C6-1E8578F255DA}" = iTunes
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DD3BF908-F6B0-45A5-BED3-79E8888DDA93}" = DigitalPersona Personal 4.10
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{10F5387D-1728-423A-A578-B00982CF2646}" = Windows Live Messenger
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1BD6AE96-4742-4498-9D03-9451C7E5A214}" = Windows Live aanmeldhulp
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 17
"{2869F5EA-93C3-48E5-80DF-DB696BC84A91}" = Windows Live Mail
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}" = Windows Live Call
"{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}" = HP User Guides 0153
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{3315B802-84C6-47BC-907A-9B77A4646197}_is1" = SWF to AVI 1.7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{35CA031C-D3CD-4A28-8D9B-C71466C4F045}" = Windows Live Writer
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{5158F1F5-FA1B-4D49-B546-55A5004B89BD}" = Microsoft Works
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{562B9CA4-6E52-4F87-ACEC-912FC004F1F0}" = Windows Live Essentials
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C11154F-3539-4CB5-979D-EF7913473E53}" = Prince of Persia
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0413-0000-0000000FF1CE}" = Compatibiliteitspakket voor het 2007 Microsoft Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0413-1000-0000000FF1CE}_HOMESTUDENTR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_HOMESTUDENTR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Dutch)
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = SkypeÖ 4.1
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"ESET Online Scanner" = ESET Online Scanner v3
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"Guild Wars" = Guild Wars
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IceChat_is1" = IceChat 7.63 (Build 20080417)
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Full)
"LimeWire" = LimeWire 4.16.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Pen Tablet Driver" = Pen Tablet
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = ÁTorrent
"Videora iPod touch Converter" = Videora iPod touch Converter 5.03
"VLC media player" = VLC media player 1.0.3
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"YouTube Downloader App" = YouTube Downloader App 2.03

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22-1-2010 14:52:05 | Computer Name = Mattias-PC | Source = SideBySide | ID = 16842815
Description = Kan activeringscontext voor 'c:\Program Files (x86)\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll' niet maken. Fout in manifest of beleidsbestand
'c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel
3. De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
van kenmerk version in element assemblyIdentity is ongeldig.

Error - 22-1-2010 18:14:15 | Computer Name = Mattias-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: firefox.exe, versie: 1.9.1.3593, tijdstempel:
0x4aef8082 Naam van module met fout: DpoSet.dll, versie: 5.0.0.3787, tijdstempel:
0x4a4c09d6 Uitzonderingscode: 0x40000015 Foutoffset: 0x0002e38f Id van proces met
fout: 0x18b0 Starttijd van toepassing met fout: 0x01ca9b8e144b31ac Pad naar toepassing
met fout: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pad naar module met
fout: C:\Program Files (x86)\DigitalPersona\Bin\DpoSet.dll Rapport-id: 79d9b9f3-07a3-11df-8f10-00269e3ba116

Error - 22-1-2010 18:57:17 | Computer Name = Mattias-PC | Source = Application Hang | ID = 1002
Description = Het programma firefox.exe, versie 1.9.1.3593 reageert niet meer op
Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem
beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum
in het Configuratiescherm. Proces-id: 2584 Starttijd: 01ca9bb03eafe29c Eindtijd: 21

Toepassingspad:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Rapport-id: 6e38e838-07a9-11df-8f10-00269e3ba116


Error - 23-1-2010 6:44:41 | Computer Name = Mattias-PC | Source = Application Hang | ID = 1002
Description = Het programma Explorer.EXE, versie 6.1.7600.16404 reageert niet meer
op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem
beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum
in het Configuratiescherm. Proces-id: ee4 Starttijd: 01ca9c18e1d4eeee Eindtijd: 15

Toepassingspad:
C:\Windows\Explorer.EXE Rapport-id: 468e03ab-080c-11df-b1be-00269e3ba116

Error - 23-1-2010 7:34:20 | Computer Name = Mattias-PC | Source = Application Hang | ID = 1002
Description = Het programma firefox.exe, versie 1.9.1.3593 reageert niet meer op
Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem
beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum
in het Configuratiescherm. Proces-id: 1be0 Starttijd: 01ca9c191ef6dcf5 Eindtijd: 31

Toepassingspad:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Rapport-id: 3b39eea0-0813-11df-b1be-00269e3ba116


Error - 23-1-2010 10:50:11 | Computer Name = Mattias-PC | Source = SideBySide | ID = 16842815
Description = Kan activeringscontext voor 'c:\Program Files (x86)\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll' niet maken. Fout in manifest of beleidsbestand
'c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel
3. De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
van kenmerk version in element assemblyIdentity is ongeldig.

Error - 24-1-2010 11:26:18 | Computer Name = Mattias-PC | Source = SideBySide | ID = 16842815
Description = Kan activeringscontext voor 'c:\Program Files (x86)\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll' niet maken. Fout in manifest of beleidsbestand
'c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel
3. De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
van kenmerk version in element assemblyIdentity is ongeldig.

Error - 24-1-2010 11:53:10 | Computer Name = Mattias-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: firefox.exe, versie: 1.9.1.3593, tijdstempel:
0x4aef8082 Naam van module met fout: DpoSet.dll, versie: 5.0.0.3787, tijdstempel:
0x4a4c09d6 Uitzonderingscode: 0x40000015 Foutoffset: 0x0002e38f Id van proces met
fout: 0x14b4 Starttijd van toepassing met fout: 0x01ca9ce2ba8a98ec Pad naar toepassing
met fout: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pad naar module met
fout: C:\Program Files (x86)\DigitalPersona\Bin\DpoSet.dll Rapport-id: 9186d608-0900-11df-ad0b-00269e3ba116

Error - 25-1-2010 19:34:11 | Computer Name = Mattias-PC | Source = Application Hang | ID = 1002
Description = Het programma firefox.exe, versie 1.9.1.3593 reageert niet meer op
Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem
beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum
in het Configuratiescherm. Proces-id: 14e0 Starttijd: 01ca9de3fe1a1d14 Eindtijd: 16

Toepassingspad:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Rapport-id: 1bb61fe7-0a0a-11df-be74-00269e3ba116


Error - 27-1-2010 14:15:31 | Computer Name = Mattias-PC | Source = SideBySide | ID = 16842815
Description = Kan activeringscontext voor 'c:\Program Files (x86)\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll' niet maken. Fout in manifest of beleidsbestand
'c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel
3. De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
van kenmerk version in element assemblyIdentity is ongeldig.

[ DigitalPersona Pro Events ]
Error - 23-1-2010 9:44:36 | Computer Name = Mattias-PC | Source = DigitalPersona Pro | ID = 17827841
Description = EÚn-op-ÚÚn vingerafdrukovereenkomst mislukt.

Error - 23-1-2010 9:44:38 | Computer Name = Mattias-PC | Source = DigitalPersona Pro | ID = 17827841
Description = EÚn-op-ÚÚn vingerafdrukovereenkomst mislukt.

[ System Events ]
Error - 31-1-2010 18:55:19 | Computer Name = Mattias-PC | Source = Disk | ID = 262159
Description = Kan apparaat \Device\Harddisk2\DR3 niet benaderen.

Error - 31-1-2010 18:55:19 | Computer Name = Mattias-PC | Source = Disk | ID = 262159
Description = Kan apparaat \Device\Harddisk2\DR3 niet benaderen.

Error - 31-1-2010 18:55:19 | Computer Name = Mattias-PC | Source = Disk | ID = 262159
Description = Kan apparaat \Device\Harddisk2\DR3 niet benaderen.

Error - 31-1-2010 18:55:19 | Computer Name = Mattias-PC | Source = Disk | ID = 262159
Description = Kan apparaat \Device\Harddisk2\DR3 niet benaderen.

Error - 31-1-2010 18:55:19 | Computer Name = Mattias-PC | Source = Disk | ID = 262159
Description = Kan apparaat \Device\Harddisk2\DR3 niet benaderen.

Error - 1-2-2010 13:15:23 | Computer Name = Mattias-PC | Source = Service Control Manager | ID = 7009
Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
deze service: Windows Media Player Network Sharing Service.

Error - 1-2-2010 13:15:41 | Computer Name = Mattias-PC | Source = Service Control Manager | ID = 7000
Description = De Windows Media Player Network Sharing Service-service kan vanwege
de volgende fout niet worden gestart: %%1053

Error - 7-2-2010 13:58:24 | Computer Name = Mattias-PC | Source = Service Control Manager | ID = 7031
Description = De Mobiel Apple apparaat-service is onverwacht gestopt. Dit is 1 keer
gebeurd. De volgende herstelbewerking zal over 60000 milliseconden worden uitgevoerd:
Service opnieuw starten.

Error - 7-2-2010 13:59:25 | Computer Name = Mattias-PC | Source = DCOM | ID = 10010
Description =

Error - 7-2-2010 14:04:37 | Computer Name = Mattias-PC | Source = Service Control Manager | ID = 7031
Description = De Mobiel Apple apparaat-service is onverwacht gestopt. Dit is 2 keer
gebeurd. De volgende herstelbewerking zal over 60000 milliseconden worden uitgevoerd:
Service opnieuw starten.


< End of report >

#14 Wolf2510

Wolf2510
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 19 February 2010 - 04:18 PM

And this is OTL.txt

OTL logfile created on: 19-2-2010 22:01:47 - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Mattias\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000413 | Country: BelgiŰ | Language: NLB | Date Format: d/MM/yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449,47 Gb Total Space | 337,05 Gb Free Space | 74,99% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 340,11 Gb Free Space | 73,02% Space Free | Partition Type: NTFS
Drive E: | 16,00 Gb Total Space | 2,61 Gb Free Space | 16,32% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MATTIAS-PC
Current User Name: Mattias
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Mattias\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
PRC - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)


========== Modules (SafeList) ==========

MOD - C:\Users\Mattias\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV:64bit: - (TabletServicePen) -- C:\Windows\SysNative\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (iPod Service) -- C:\Program Files (x86)\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (avg9emc) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (VSS) -- C:\Windows\Vss [2009-07-14 04:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009-07-14 04:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (HP Health Check Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
SRV - (DpHost) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Com4QLBEx) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.)
SRV - (hpqwmiex) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (Bonjour Service) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (usbvideo) USB-videoapparaat (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation)
DRV:64bit: - (BthPan) Bluetooth-apparaat (Personal Area Network) -- C:\Windows\SysNative\drivers\bthpan.sys (Microsoft Corporation)
DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\drivers\bthport.sys (Microsoft Corporation)
DRV:64bit: - (RFCOMM) Bluetooth-apparaat (RFCOMM Protocol TDI) -- C:\Windows\SysNative\drivers\rfcomm.sys (Microsoft Corporation)
DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\drivers\bthenum.sys (Microsoft Corporation)
DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\drivers\BTHUSB.SYS (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (usbaudio) Stuurprogramma voor USB-audio (WDM) -- C:\Windows\SysNative\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV:64bit: - (WinUSB) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Dot4Scan) -- C:\Windows\SysNative\drivers\Dot4Scan.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\96C8.tmp (Sophos Plc)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinUSB) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.be/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.3787
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:0.4.3
FF - prefs.js..extensions.enabledItems: {15973e1b-3a95-258b-7a16-2d5d361d4bfd}:4.6.6.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5


FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2009-09-24 01:49:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2009-12-29 14:56:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009-12-29 14:58:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009-12-22 17:21:08 | 000,000,000 | ---D | M]

[2009-11-16 23:32:18 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\mozilla\Extensions
[2009-11-14 05:18:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mattias\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-11-16 23:32:18 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010-02-19 00:36:58 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\mozilla\Firefox\Profiles\684bkwt2.default\extensions
[2009-11-15 11:05:47 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Mattias\AppData\Roaming\mozilla\Firefox\Profiles\684bkwt2.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009-12-29 19:22:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mattias\AppData\Roaming\mozilla\Firefox\Profiles\684bkwt2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009-12-29 19:22:22 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Mattias\AppData\Roaming\mozilla\Firefox\Profiles\684bkwt2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-01-10 16:57:08 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Mattias\AppData\Roaming\mozilla\Firefox\Profiles\684bkwt2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010-02-02 00:02:15 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\mozilla\Firefox\Profiles\684bkwt2.default\extensions\netvideohunter@netvideohunter.com
[2009-12-27 22:45:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009-12-27 22:45:08 | 000,000,000 | ---D | M] (z) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{15973e1b-3a95-258b-7a16-2d5d361d4bfd}
[2009-11-14 05:18:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-12-20 22:40:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009-11-03 04:39:30 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2009-11-03 04:39:30 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2007-04-10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
[2009-10-11 04:17:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
[2009-11-03 04:39:30 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2009-12-07 02:24:19 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2009-12-07 02:24:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2009-12-07 02:24:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2009-12-07 02:24:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2009-12-07 02:24:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2009-12-07 02:24:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2009-12-07 02:24:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2009-11-03 02:43:40 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2009-11-03 02:43:40 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2009-11-03 02:43:40 | 000,004,558 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2009-11-03 02:43:40 | 000,001,111 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\vandale-nl.xml
[2009-11-03 02:43:40 | 000,001,049 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2009-11-03 02:43:40 | 000,000,802 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Aanmelden - Help) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: E&xporteren naar Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Verzenden naar &Bluetooth-apparaat... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.5 195.130.131.5
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1f3c397a-03b0-11df-aded-00269e3ba116}\Shell - "" = AutoRun
O33 - MountPoints2\{1f3c397a-03b0-11df-aded-00269e3ba116}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-02-19 22:00:20 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Mattias\Desktop\OTL.exe
[2010-02-18 20:58:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010-02-17 22:34:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010-02-16 06:44:18 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Desktop\Archive 2
[2010-02-16 06:44:10 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Desktop\Archive
[2010-02-16 06:39:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Desktop\sending
[2010-02-09 20:51:48 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010-02-09 20:51:48 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010-02-09 20:51:48 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010-02-09 20:51:48 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010-02-09 20:51:48 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010-02-09 20:51:48 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010-02-09 20:51:48 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010-02-09 20:51:48 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010-02-09 20:51:47 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010-02-09 20:51:47 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010-02-09 20:51:47 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010-02-09 20:51:47 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010-02-09 20:51:47 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010-02-09 20:51:47 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010-02-09 20:51:47 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010-02-09 20:51:47 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010-02-09 20:51:45 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010-02-09 20:51:45 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010-02-09 20:51:45 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010-02-09 20:51:45 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010-02-09 20:51:45 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010-02-09 20:51:45 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010-02-09 20:51:45 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010-02-09 20:51:45 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010-02-09 20:51:45 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010-02-07 18:59:35 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010-02-07 18:59:35 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010-02-07 18:59:35 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010-02-07 18:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010-02-07 18:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010-02-07 18:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iPod
[2010-02-07 18:57:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2010-01-27 18:29:56 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010-01-27 18:29:56 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010-01-27 18:29:55 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010-01-23 14:49:13 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\Downloaded Installations
[2010-01-22 19:12:57 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010-01-22 19:12:57 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010-01-22 19:12:57 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010-01-22 19:12:57 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010-01-22 19:12:57 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010-01-22 19:12:57 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-02-19 22:02:57 | 005,505,024 | -HS- | M] () -- C:\Users\Mattias\ntuser.dat
[2010-02-19 22:00:20 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Mattias\Desktop\OTL.exe
[2010-02-19 18:52:26 | 000,000,000 | ---- | M] () -- C:\Users\Mattias\AppData\Local\prvlcl.dat
[2010-02-19 18:32:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-02-19 18:23:10 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-02-19 18:23:10 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-02-19 18:21:27 | 055,899,862 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010-02-19 18:15:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-02-19 18:15:46 | 3214,041,088 | -HS- | M] () -- C:\hiberfil.sys
[2010-02-19 01:11:06 | 003,705,800 | -H-- | M] () -- C:\Users\Mattias\AppData\Local\IconCache.db
[2010-02-16 22:37:13 | 073,179,330 | ---- | M] () -- C:\Users\Mattias\Desktop\Lamb pics and vids.zip
[2010-02-16 18:11:20 | 001,523,502 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010-02-16 18:11:20 | 000,691,728 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2010-02-16 18:11:20 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010-02-16 18:11:20 | 000,130,232 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2010-02-16 18:11:20 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010-02-07 23:53:06 | 002,502,389 | ---- | M] () -- C:\Users\Mattias\Desktop\3407501487_b167c71416_o.jpg
[2010-02-07 21:43:53 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMattias.job
[2010-01-23 17:43:07 | 000,524,288 | -HS- | M] () -- C:\Users\Mattias\ntuser.dat{1cfad245-0825-11df-8ed9-00269e3ba116}.TMContainer00000000000000000002.regtrans-ms
[2010-01-23 17:43:07 | 000,524,288 | -HS- | M] () -- C:\Users\Mattias\ntuser.dat{1cfad245-0825-11df-8ed9-00269e3ba116}.TMContainer00000000000000000001.regtrans-ms
[2010-01-23 17:43:07 | 000,065,536 | -HS- | M] () -- C:\Users\Mattias\ntuser.dat{1cfad245-0825-11df-8ed9-00269e3ba116}.TM.blf
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-02-16 22:37:07 | 073,179,330 | ---- | C] () -- C:\Users\Mattias\Desktop\Lamb pics and vids.zip
[2010-01-23 14:54:02 | 000,524,288 | -HS- | C] () -- C:\Users\Mattias\ntuser.dat{1cfad245-0825-11df-8ed9-00269e3ba116}.TMContainer00000000000000000002.regtrans-ms
[2010-01-23 14:54:02 | 000,524,288 | -HS- | C] () -- C:\Users\Mattias\ntuser.dat{1cfad245-0825-11df-8ed9-00269e3ba116}.TMContainer00000000000000000001.regtrans-ms
[2010-01-23 14:54:02 | 000,065,536 | -HS- | C] () -- C:\Users\Mattias\ntuser.dat{1cfad245-0825-11df-8ed9-00269e3ba116}.TM.blf
[2010-01-01 21:33:46 | 000,000,000 | ---- | C] () -- C:\Users\Mattias\AppData\Local\prvlcl.dat
[2009-12-12 11:54:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009-11-14 20:35:44 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009-11-14 20:35:44 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009-11-14 20:35:43 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009-11-14 20:35:43 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009-11-14 20:35:42 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009-11-14 20:35:42 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009-11-14 04:15:55 | 000,000,000 | ---- | C] () -- C:\Users\Mattias\AppData\Local\QSwitch.txt
[2009-11-14 04:15:55 | 000,000,000 | ---- | C] () -- C:\Users\Mattias\AppData\Local\DSwitch.txt
[2009-11-14 04:15:55 | 000,000,000 | ---- | C] () -- C:\Users\Mattias\AppData\Local\AtStart.txt
[2009-11-14 04:15:53 | 000,000,186 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009-11-06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009-09-24 01:45:24 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009-09-24 01:45:15 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009-09-24 01:44:56 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009-09-24 01:44:30 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009-09-24 01:43:48 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009-09-06 06:52:22 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009-09-06 06:49:22 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009-09-06 06:47:46 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009-09-06 06:47:03 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009-07-15 16:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010-01-18 00:50:20 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\DAEMON Tools Lite
[2009-11-14 04:15:51 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\DigitalPersona
[2009-12-26 13:28:46 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\IrfanView
[2010-02-02 18:17:48 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\LimeWire
[2009-12-15 00:33:26 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Red Kawa
[2009-12-22 19:48:30 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Ubisoft
[2010-02-17 20:16:09 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\uTorrent
[2009-12-27 22:31:13 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\WTouch
[2010-02-16 17:22:46 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >


#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:22 AM

Posted 19 February 2010 - 05:27 PM

No sign of anything on OTL so let's reset Firefox

Let's clear your history.

In Firefox (this differs but if you get to the Privacy window you should see the tabs/buttons required. Just look for Cookies and Cache and clear them)

1. Select "Tools"
2. Select "Options".
3. Select "Privacy".
4. In Private area click "Clear Now".
5. In "Clear Private Data" window put the check mark for "Cookies" and click "Clear Private Data Now".
6. Click OK.


This will remove the cookie that's the cause of the problem. Now you need to set some defaults on Firefox itself.

Please click this link and take a look at chaslang's Firefox reset instructions for Firefox.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users