Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

strange problem, Pc running slow


  • This topic is locked This topic is locked
7 replies to this topic

#1 fonziesponzie

fonziesponzie

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 30 May 2010 - 03:37 AM

Hi,

First of all I've been redirected to here form windows 7 forum,
Here's a quick overview of what has happend,

My pc suddeny was working very slow, even when no programs where running, CPU was going in between 90 and 100 %
After a lot of sanning ( spybot, prevx, AVG, Hitman, Malwarebyte's Hijac) I found torjans and malware, which I all deleted, INcludinh ah really heeavy process that was running called

ATI_MAINBOARD.EXE also know as DH8FBPYRBXUF.EXE

The AV i used on this pc (which i have 1 year) is AVG , i learned now that this is not a good AV, the trojans apperntly made it stop working, so im probably iffected with more trojans and malware

After 2 days of deleting scanning en eliminating things with Hijack, my CPU now runs steady at round 70%, which i think is alot, and the number of processes is 70

My quistion is know, what would be the best thing to do to find most of the infected files and get rid of them,


One of the trojans the people in the other thread found was ' back door trojan, in my Hijack Log, called C:\windows\upd.exe, How do i get rid of this, cause it has acces to passwords and stuff like that.

Heres my Hijack log

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:28:27, on 30/05/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [0x017] 0x017
O4 - HKCU\..\Run: [upd.exe] C:\windows\upd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Verzenden naar &Bluetooth-apparaat... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET-statusservice (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel« Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit (mi-raysat_3dsMax2009_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13863 bytes





ANd heres Screenshot of my taskmanager


http://dyp.im/h2bkPJ


And i'll give you the link to he WIN7 topic aswell

http://www.sevenforums.com/system-security...-processes.html



Thanks for anyhelp

Edited by elise025, 30 May 2010 - 07:44 AM.
Since a log is posted, I am moving this from the Windows 7 to the Malware Removal forum ~ Elise


BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:54 PM

Posted 01 June 2010 - 01:15 PM

Hi fonziesponzie, and welcome to Bleeping Computer.

Ok, please do the following:

Firstly,
  • Please launch Malwarebytes' Anti-Malware, click the Update tab, and then Check for Updates.
  • Then choose the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Secondly,
Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 fonziesponzie

fonziesponzie
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 03 June 2010 - 02:19 AM

Hi, thanks for the help,

Malware bytes scan came up clean,

Here's the log

"Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Databaseversie: 4166

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/06/2010 9:07:09
mbam-log-2010-06-03 (09-07-09).txt

Scantype: Snelle scan
Objecten gescand: 133486
Verstreken tijd: 4 minuut/minuten, 20 seconde(n)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 0
Registerwaarden ge´nfecteerd: 0
Registerdata ge´nfecteerd: 0
Mappen ge´nfecteerd: 0
Bestanden ge´nfecteerd: 0

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)






The OTL Log files, 'OTL.txt'

OTL logfile created on: 3-6-2010 9:07:36 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Felix\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000413 | Country: BelgiŰ | Language: NLB | Date Format: d/MM/yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,58 Gb Total Space | 248,97 Gb Free Space | 54,77% Space Free | Partition Type: NTFS
Drive D: | 465,75 Gb Total Space | 452,19 Gb Free Space | 97,09% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FELIX-VAIO
Current User Name: Felix
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-06-03 09:03:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Felix\Desktop\OTL.exe
PRC - [2010-04-01 20:05:22 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010-01-08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2009-11-24 15:49:26 | 000,079,360 | ---- | M] (Autodesk) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2009-11-12 22:28:21 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009-08-29 08:56:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009-07-27 17:58:40 | 000,091,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
PRC - [2009-07-27 17:58:38 | 000,075,048 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
PRC - [2009-07-27 17:58:38 | 000,070,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
PRC - [2009-07-26 17:44:30 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009-07-23 11:39:38 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009-07-23 11:39:36 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009-07-22 16:03:04 | 000,642,920 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009-07-01 18:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009-07-01 12:49:34 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009-07-01 12:49:34 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009-06-26 15:56:10 | 000,357,672 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
PRC - [2009-06-26 15:35:04 | 000,468,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2009-06-04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009-06-04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009-05-26 10:23:14 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2009-03-04 12:25:12 | 000,621,056 | ---- | M] (Nokia.) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009-02-17 11:37:10 | 000,128,000 | ---- | M] () -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2009-02-06 18:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2009-02-06 14:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2008-12-08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008-11-26 13:35:00 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008-09-18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008-03-10 01:08:42 | 000,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
PRC - [2007-01-04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2010-06-03 09:03:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Felix\Desktop\OTL.exe
MOD - [2009-07-14 03:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009-07-14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010-05-21 03:00:55 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009-11-22 15:31:36 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009-08-13 00:11:54 | 000,522,240 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2009-07-31 22:02:00 | 000,382,976 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\SysNative\yk62x64.dll -- (yksvc)
SRV:64bit: - [2009-07-16 10:36:56 | 000,411,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009-07-14 03:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009-07-14 03:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009-07-14 03:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009-07-14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009-07-14 03:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009-07-14 03:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009-07-14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009-07-14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009-07-14 03:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009-07-14 03:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009-07-14 03:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 03:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009-07-14 03:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009-07-14 03:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009-07-14 03:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009-07-14 03:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009-07-14 03:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009-07-14 03:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009-07-14 03:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009-07-14 03:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009-07-14 03:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009-07-14 03:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009-07-01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009-06-26 15:56:10 | 000,357,672 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2009-06-26 15:35:04 | 000,468,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009-06-17 19:50:30 | 000,110,888 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2009-02-06 14:27:10 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EHttpSrv)
SRV:64bit: - [2009-02-06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2008-03-10 01:08:42 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe -- (mi-raysat_3dsMax2009_64)
SRV - [2010-01-08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009-11-24 15:49:26 | 000,079,360 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009-11-12 22:28:21 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009-11-12 12:08:29 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-07-27 17:58:40 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009-07-27 17:58:38 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009-07-27 17:58:38 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009-07-27 17:58:38 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009-07-27 17:58:36 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009-07-23 11:39:38 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009-07-23 11:39:38 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009-07-23 11:39:36 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009-07-22 16:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009-07-14 05:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009-07-14 05:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009-07-14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-07-14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009-07-13 22:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009-07-01 12:49:34 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009-06-10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009-06-04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009-03-04 12:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009-02-06 18:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008-12-08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008-10-25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008-09-18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008-06-13 05:05:48 | 001,539,224 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
SRV - [2007-05-31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007-05-31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007-01-04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009-12-11 12:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009-11-12 20:37:02 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009-09-26 08:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009-08-28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009-08-04 04:22:32 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009-08-03 22:07:34 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009-08-03 22:07:33 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009-08-03 22:07:33 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009-08-03 22:07:04 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009-08-03 22:04:18 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009-07-31 22:21:43 | 000,073,128 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr_cfs.sys -- (JMCR_CFS)
DRV:64bit: - [2009-07-31 22:14:14 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2009-07-31 22:13:51 | 000,086,528 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2009-07-31 22:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009-07-14 03:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 03:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009-07-14 03:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009-07-14 03:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 03:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009-07-14 03:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009-07-14 03:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009-07-14 02:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009-07-14 02:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009-07-14 02:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009-07-14 02:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009-07-14 02:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009-07-14 02:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009-07-14 02:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009-07-14 02:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009-07-14 02:07:00 | 000,184,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo) USB-videoapparaat (WDM)
DRV:64bit: - [2009-07-14 02:07:00 | 000,118,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bthpan.sys -- (BthPan) Bluetooth-apparaat (Personal Area Network)
DRV:64bit: - [2009-07-14 02:06:57 | 000,551,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthport.sys -- (BTHPORT)
DRV:64bit: - [2009-07-14 02:06:56 | 000,158,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rfcomm.sys -- (RFCOMM) Bluetooth-apparaat (RFCOMM Protocol TDI)
DRV:64bit: - [2009-07-14 02:06:53 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bthenum.sys -- (BthEnum)
DRV:64bit: - [2009-07-14 02:06:52 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BTHUSB.SYS -- (BTHUSB)
DRV:64bit: - [2009-07-14 02:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009-07-14 02:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009-07-14 02:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009-07-14 02:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009-07-14 02:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009-07-14 02:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009-07-14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009-07-14 01:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009-07-14 01:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009-07-14 01:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009-07-14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009-07-14 01:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009-07-14 01:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009-07-14 01:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009-07-14 01:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009-06-29 22:39:38 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009-06-11 22:19:09 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009-06-10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009-06-10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009-06-10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-06-05 22:04:10 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009-05-26 15:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009-05-20 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009-05-18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-02-06 14:24:48 | 000,044,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2009-02-06 14:24:44 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2009-02-06 14:24:42 | 000,163,400 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2009-02-06 14:23:20 | 000,132,464 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009-02-06 14:19:56 | 000,141,728 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2008-08-28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008-03-13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2007-04-16 21:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-14 03:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009-07-14 03:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009-06-10 23:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009-06-10 23:15:18 | 000,003,066 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2008-02-20 16:26:00 | 000,425,984 | ---- | M] (Autodesk, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Autodesk\Backburner\monitor.exe -- (monitor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...A&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...A&bmod=EU01
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010-01-05 15:20:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-04-06 11:47:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-05-28 11:15:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010-05-30 10:59:11 | 000,000,000 | ---D | M]

[2009-11-12 19:36:56 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\mozilla\Extensions
[2010-06-02 11:16:25 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\828e2oyd.default\extensions
[2010-02-18 12:58:21 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\828e2oyd.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2010-01-24 17:51:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\828e2oyd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-03-26 23:04:47 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\828e2oyd.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010-05-30 14:54:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010-04-01 19:27:57 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010-04-01 19:27:57 | 000,004,558 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010-04-01 19:27:57 | 000,001,111 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010-04-01 19:27:57 | 000,001,049 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2010-04-01 19:27:57 | 000,001,106 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2009-12-18 12:17:16 | 000,001,053 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Aanmelden - Help) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe File not found
O4 - HKCU..\Run: [0x017] File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Verzenden naar &Bluetooth-apparaat... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.131.130 195.130.130.2
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-12-02 15:06:32 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009-01-23 18:53:43 | 000,005,560 | ---- | M] () - D:\AutoCADConfig.pit -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:07:38 | 000,000,000 | ---D | M] - D:\AUTODESK.REVIT.ARCHITECTURE.V2009 -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:14:06 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part01.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part01.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:14:10 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part02.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part02.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:14:14 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part03.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part03.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:14:20 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part04.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part04.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:14:24 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part05.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part05.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:14:28 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part06.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part06.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:14:34 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part07.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part07.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:14:38 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part08.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part08.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:14:42 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part09.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part09.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:14:46 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part10.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part10.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:14:50 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part11.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part11.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:14:54 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part12.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part12.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:14:58 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part13.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part13.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:15:04 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part14.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part14.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:15:08 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part15.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part15.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:15:12 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part16.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part16.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:15:16 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part17.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part17.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:15:20 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part18.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part18.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:15:24 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part19.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part19.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:15:28 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part20.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part20.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:15:34 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part21.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part21.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:15:38 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part22.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part22.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:15:42 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part23.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part23.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:15:46 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part24.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part24.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:15:50 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part25.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part25.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:15:54 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part26.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part26.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:15:58 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part27.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part27.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:16:02 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part28.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part28.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:16:06 | 102,350,000 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part29.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 102,350,188 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part29.zip -- [ NTFS ]
O32 - AutoRun File - [2008-04-13 06:16:10 | 092,774,732 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part30.rar -- [ NTFS ]
O32 - AutoRun File - [2009-11-24 13:23:12 | 092,774,920 | ---- | M] () - D:\AUTODESK.REVIT.ARCHITECTURE.V2009.part30.zip -- [ NTFS ]
O32 - AutoRun File - [2002-02-22 10:35:36 | 000,000,043 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{278bc203-e63f-11de-bc55-002643ac205e}\Shell - "" = AutoRun
O33 - MountPoints2\{278bc203-e63f-11de-bc55-002643ac205e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{3da15366-1f9f-11df-a470-c67ec9a60c52}\Shell - "" = AutoRun
O33 - MountPoints2\{3da15366-1f9f-11df-a470-c67ec9a60c52}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{76dba742-00e6-11df-a44d-002643ac205e}\Shell - "" = AutoRun
O33 - MountPoints2\{76dba742-00e6-11df-a44d-002643ac205e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f20fc6ac-fab8-11de-9867-002643ac205e}\Shell - "" = AutoRun
O33 - MountPoints2\{f20fc6ac-fab8-11de-9867-002643ac205e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009-07-14 05:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010-06-03 09:02:56 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Felix\Desktop\OTL.exe
[2010-06-03 09:02:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010-06-03 09:01:23 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Felix\Desktop\mbam-setup-1.46.exe
[2010-05-30 14:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2010-05-30 14:54:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar
[2010-05-30 14:53:17 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
[2010-05-30 14:53:16 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[2010-05-30 14:53:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2010-05-30 11:05:16 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\ESET
[2010-05-30 11:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\UlisesSoft
[2010-05-30 11:00:09 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\ESET
[2010-05-30 10:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2010-05-30 10:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010-05-29 19:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010-05-29 19:01:29 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010-05-29 19:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hitman Pro 3.5
[2010-05-29 17:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010-05-29 17:44:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010-05-29 17:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2010-05-29 15:54:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010-05-28 11:14:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010-05-27 20:24:47 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\Roxio Log Files
[2010-05-27 20:03:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010-05-27 09:21:59 | 000,000,000 | ---D | C] -- C:\output
[2010-05-24 23:35:33 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\Malwarebytes
[2010-05-24 23:35:28 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010-05-24 23:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010-05-24 23:09:24 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\qqvngswlh
[2010-05-24 23:08:59 | 000,000,000 | RHSD | C] -- C:\Users\Felix\AppData\Local\ATI Drivers
[2010-05-24 13:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010-05-24 13:43:31 | 000,127,488 | ---- | C] (Zenographics, Inc.) -- C:\Windows\SysNative\ZSPOOL.DLL
[2010-05-24 13:43:31 | 000,115,200 | ---- | C] (Zenographics, Inc.) -- C:\Windows\SysNative\ZLhp1018.DLL
[2010-05-24 13:43:31 | 000,061,952 | ---- | C] (Zenographics, Inc.) -- C:\Windows\SysNative\ZIMF.DLL
[2010-05-24 13:43:31 | 000,049,664 | ---- | C] (Zenographics, Inc.) -- C:\Windows\SysNative\ZTAG.DLL
[2010-05-21 16:51:37 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\Skype
[2010-05-21 16:51:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010-05-21 16:51:31 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010-05-21 03:00:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010-05-21 03:00:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010-05-15 11:25:12 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010-05-15 11:24:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2010-05-15 11:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010-05-15 11:19:15 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\Downloaded Installations
[2010-05-12 16:31:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free M4a to MP3 Converter
[2010-05-12 16:22:41 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\River Past G5
[2010-05-12 16:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\River Past G5
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-06-03 09:10:32 | 005,242,880 | -HS- | M] () -- C:\Users\Felix\NTUSER.DAT
[2010-06-03 09:03:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Felix\Desktop\OTL.exe
[2010-06-03 09:03:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-06-03 09:02:24 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-06-03 09:01:56 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Felix\Desktop\mbam-setup-1.46.exe
[2010-06-03 08:34:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-06-03 08:25:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-06-02 20:31:44 | 001,229,840 | ---- | M] () -- C:\Users\Felix\Desktop\BijlokeA2-2 copy.jpg
[2010-06-02 20:31:23 | 001,342,057 | ---- | M] () -- C:\Users\Felix\Desktop\BijlokeA2-1.jpg
[2010-06-02 20:31:06 | 001,259,275 | ---- | M] () -- C:\Users\Felix\Desktop\BijlokeA2-3.jpg
[2010-06-02 12:24:28 | 001,552,290 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010-06-02 12:24:28 | 000,701,830 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2010-06-02 12:24:28 | 000,615,958 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010-06-02 12:24:28 | 000,135,152 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2010-06-02 12:24:28 | 000,107,594 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010-06-01 11:21:35 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-06-01 11:21:35 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-05-31 09:36:59 | 014,425,904 | ---- | M] () -- C:\Users\Felix\Desktop\Monosurround - Cocked Locked Ready To Rock (Fukkk Offf Remix).mp3
[2010-05-31 09:36:53 | 000,790,016 | ---- | M] () -- C:\Users\Felix\Desktop\Louis Isadore Kahn.doc
[2010-05-30 18:53:34 | 000,000,999 | ---- | M] () -- C:\Users\Felix\Desktop\NodLogin Force.lnk
[2010-05-30 18:53:34 | 000,000,985 | ---- | M] () -- C:\Users\Felix\Desktop\NodLogin normal.lnk
[2010-05-30 12:36:14 | 001,478,144 | ---- | M] () -- C:\Users\Felix\Documents\AVG CD SCAN.pdf
[2010-05-30 12:23:29 | 080,324,321 | ---- | M] () -- C:\Users\Felix\avg_arl_cd_en_90_100429.rar
[2010-05-30 10:41:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-05-30 10:41:22 | 3195,318,272 | -HS- | M] () -- C:\hiberfil.sys
[2010-05-30 10:40:27 | 002,182,041 | -H-- | M] () -- C:\Users\Felix\AppData\Local\IconCache.db
[2010-05-30 10:31:39 | 000,007,596 | ---- | M] () -- C:\Users\Felix\AppData\Local\Resmon.ResmonCfg
[2010-05-29 19:09:16 | 000,019,016 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010-05-28 22:57:12 | 000,533,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010-05-28 12:23:38 | 000,037,070 | -HS- | M] () -- C:\Users\Felix\Desktop\Folder.jpg
[2010-05-28 12:23:38 | 000,007,424 | -HS- | M] () -- C:\Users\Felix\Desktop\AlbumArtSmall.jpg
[2010-05-27 20:27:48 | 000,157,384 | ---- | M] () -- C:\Users\Felix\AppData\Local\GDIPFONTCACHEV1.DAT
[2010-05-27 20:25:55 | 000,000,181 | ---- | M] () -- C:\Windows\WININIT.INI
[2010-05-27 20:03:35 | 000,001,889 | ---- | M] () -- C:\Users\Felix\Desktop\CCleaner.lnk
[2010-05-25 20:29:44 | 000,146,944 | ---- | M] () -- C:\Users\Felix\AppData\Local\tondat.exe
[2010-05-25 12:41:07 | 000,000,903 | ---- | M] () -- C:\Users\Felix\iexplore - Snelkoppeling.lnk
[2010-05-24 23:10:14 | 000,000,243 | --S- | M] () -- C:\Users\Felix\AppData\Local\4186869769.dat
[2010-05-21 15:14:23 | 000,036,767 | -HS- | M] () -- C:\Users\Felix\Desktop\AlbumArt_{117D4929-A9BB-49CB-88D3-2000523C0065}_Large.jpg
[2010-05-21 15:14:23 | 000,008,557 | -HS- | M] () -- C:\Users\Felix\Desktop\AlbumArt_{117D4929-A9BB-49CB-88D3-2000523C0065}_Small.jpg
[2010-05-15 22:23:28 | 000,002,019 | ---- | M] () -- C:\Users\Felix\Desktop\Crysis - Snelkoppeling.lnk
[2010-05-15 11:25:12 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010-05-13 16:59:55 | 000,008,663 | -HS- | M] () -- C:\Users\Felix\Desktop\AlbumArt_{B94D7522-1529-4A48-9B9D-EFB29ED04A46}_Large.jpg
[2010-05-13 16:59:55 | 000,002,465 | -HS- | M] () -- C:\Users\Felix\Desktop\AlbumArt_{B94D7522-1529-4A48-9B9D-EFB29ED04A46}_Small.jpg
[2010-05-09 22:37:48 | 018,499,623 | ---- | M] () -- C:\Users\Felix\Documents\vlc-1.0.5-win32.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-06-03 09:02:24 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-06-02 20:31:37 | 001,229,840 | ---- | C] () -- C:\Users\Felix\Desktop\BijlokeA2-2 copy.jpg
[2010-06-02 20:31:19 | 001,342,057 | ---- | C] () -- C:\Users\Felix\Desktop\BijlokeA2-1.jpg
[2010-06-02 20:30:54 | 001,259,275 | ---- | C] () -- C:\Users\Felix\Desktop\BijlokeA2-3.jpg
[2010-05-31 09:36:57 | 014,425,904 | ---- | C] () -- C:\Users\Felix\Desktop\Monosurround - Cocked Locked Ready To Rock (Fukkk Offf Remix).mp3
[2010-05-31 09:36:12 | 000,790,016 | ---- | C] () -- C:\Users\Felix\Desktop\Louis Isadore Kahn.doc
[2010-05-30 18:53:34 | 000,000,999 | ---- | C] () -- C:\Users\Felix\Desktop\NodLogin Force.lnk
[2010-05-30 18:53:34 | 000,000,985 | ---- | C] () -- C:\Users\Felix\Desktop\NodLogin normal.lnk
[2010-05-30 14:53:17 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll
[2010-05-30 12:36:14 | 001,478,144 | ---- | C] () -- C:\Users\Felix\Documents\AVG CD SCAN.pdf
[2010-05-30 12:23:39 | 002,211,200 | ---- | C] () -- C:\Users\Felix\vmlinuz
[2010-05-30 12:23:39 | 000,028,160 | ---- | C] () -- C:\Users\Felix\syslinux.exe
[2010-05-30 12:23:39 | 000,000,966 | ---- | C] () -- C:\Users\Felix\syslinux.cfg
[2010-05-30 12:23:39 | 000,000,944 | ---- | C] () -- C:\Users\Felix\makeboot.bat
[2010-05-30 12:23:37 | 077,807,270 | ---- | C] () -- C:\Users\Felix\initrd.lzm
[2010-05-30 12:23:37 | 000,160,280 | ---- | C] () -- C:\Users\Felix\memtest
[2010-05-30 12:23:37 | 000,054,964 | ---- | C] () -- C:\Users\Felix\menu.c32
[2010-05-30 12:23:37 | 000,015,218 | ---- | C] () -- C:\Users\Felix\ldlinux.sys
[2010-05-30 12:23:37 | 000,002,853 | ---- | C] () -- C:\Users\Felix\CHANGELOG
[2010-05-30 12:23:37 | 000,001,041 | ---- | C] () -- C:\Users\Felix\README
[2010-05-30 12:23:37 | 000,000,825 | ---- | C] () -- C:\Users\Felix\f1.msg
[2010-05-30 12:23:37 | 000,000,026 | ---- | C] () -- C:\Users\Felix\arl-version
[2010-05-30 12:22:59 | 080,324,321 | ---- | C] () -- C:\Users\Felix\avg_arl_cd_en_90_100429.rar
[2010-05-30 10:31:39 | 000,007,596 | ---- | C] () -- C:\Users\Felix\AppData\Local\Resmon.ResmonCfg
[2010-05-29 19:01:35 | 000,019,016 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010-05-27 20:25:54 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI
[2010-05-27 20:03:35 | 000,001,889 | ---- | C] () -- C:\Users\Felix\Desktop\CCleaner.lnk
[2010-05-25 20:15:27 | 000,146,944 | ---- | C] () -- C:\Users\Felix\AppData\Local\tondat.exe
[2010-05-25 12:41:07 | 000,000,903 | ---- | C] () -- C:\Users\Felix\iexplore - Snelkoppeling.lnk
[2010-05-24 23:09:13 | 000,000,243 | --S- | C] () -- C:\Users\Felix\AppData\Local\4186869769.dat
[2010-05-24 13:43:31 | 000,567,296 | ---- | C] () -- C:\Windows\SysNative\ZSHP1018.EXE
[2010-05-24 13:43:31 | 000,128,380 | ---- | C] () -- C:\Windows\SysNative\hp1018.img
[2010-05-24 13:43:31 | 000,010,632 | ---- | C] () -- C:\Windows\SysNative\ZSHP1018.CHM
[2010-05-21 15:14:23 | 000,036,767 | -HS- | C] () -- C:\Users\Felix\Desktop\AlbumArt_{117D4929-A9BB-49CB-88D3-2000523C0065}_Large.jpg
[2010-05-21 15:14:23 | 000,008,557 | -HS- | C] () -- C:\Users\Felix\Desktop\AlbumArt_{117D4929-A9BB-49CB-88D3-2000523C0065}_Small.jpg
[2010-05-15 22:22:45 | 000,002,019 | ---- | C] () -- C:\Users\Felix\Desktop\Crysis - Snelkoppeling.lnk
[2010-05-13 16:59:55 | 000,008,663 | -HS- | C] () -- C:\Users\Felix\Desktop\AlbumArt_{B94D7522-1529-4A48-9B9D-EFB29ED04A46}_Large.jpg
[2010-05-13 16:59:55 | 000,002,465 | -HS- | C] () -- C:\Users\Felix\Desktop\AlbumArt_{B94D7522-1529-4A48-9B9D-EFB29ED04A46}_Small.jpg
[2010-04-02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009-12-13 11:58:43 | 000,000,031 | ---- | C] () -- C:\Windows\SysWow64\winddows2.dll
[2009-12-02 17:43:31 | 000,651,264 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2009-12-02 17:43:31 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll
[2009-11-25 20:32:59 | 000,059,904 | ---- | C] () -- C:\Windows\zlib1.dll
[2009-11-25 20:32:58 | 003,817,472 | ---- | C] () -- C:\Windows\SketchUpReader.dll
[2009-11-14 19:07:10 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009-11-12 22:31:04 | 001,579,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009-11-12 12:31:00 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010-04-18 12:16:49 | 000,394,808 | ---- | M] () -- C:\boltest.xml
[2010-05-30 10:41:22 | 3195,318,272 | -HS- | M] () -- C:\hiberfil.sys
[2009-11-12 12:15:16 | 000,000,187 | ---- | M] () -- C:\Installer_Setup.log
[2010-05-24 13:43:54 | 000,017,892 | ---- | M] () -- C:\M1319.log
[2010-05-30 10:41:22 | 4260,425,728 | -HS- | M] () -- C:\pagefile.sys
[2009-08-21 11:23:19 | 000,002,212 | ---- | M] () -- C:\RHDSetup.log
[2009-11-12 12:12:23 | 000,488,652 | ---- | M] () -- C:\vcredist_x86.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:46E7580F
< End of report >


And the OTL extras

OTL Extras logfile created on: 3-6-2010 9:07:36 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Felix\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000413 | Country: BelgiŰ | Language: NLB | Date Format: d/MM/yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,58 Gb Total Space | 248,97 Gb Free Space | 54,77% Space Free | Partition Type: NTFS
Drive D: | 465,75 Gb Total Space | 452,19 Gb Free Space | 97,09% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FELIX-VAIO
Current User Name: Felix
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\River Past\Audio Converter\AudioConverter.exe" = C:\Program Files\River Past\Audio Converter\AudioConverter.exe:*:Enabled:River Past Audio Converter -- File not found
"C:\Program Files\River Past\Audio Converter\AudioConverter.exe" = C:\Program Files\River Past\Audio Converter\AudioConverter.exe:*:Enabled:River Past Audio Converter -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java™ 6 Update 14 (64-bit)
"{2A8EEE2F-4A9E-43D8-AA07-EC8A316B2DEB}" = Autodesk Revit Architecture 2010 x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5783F2D7-8001-0409-0102-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1102-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{5783F2D7-8004-0409-0102-0060B0CE6BBA}" = AutoCAD Architecture 2010
"{5783F2D7-8004-0409-1102-0060B0CE6BBA}" = AutoCAD Architecture 2010 Language Pack - English
"{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}" = Regi
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84BC87D4-0480-4E10-B15D-1E7886D55180}" = iTunes
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel« Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EF3602-4C70-408A-8A78-B409716374A0}" = ESET Smart Security
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center
"{EC2280DF-BBAF-0409-9359-BCCD15545FFB}" = Autodesk 3ds Max 2009 64-bit
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"AutoCAD Architecture 2010" = AutoCAD Architecture 2010
"Autodesk Revit Architecture 2010 x64" = Autodesk Revit Architecture 2010 x64
"D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Windows-stuurprogrammapakket - Nokia Modem (02/24/2009 4.0)
"E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Windows-stuurprogrammapakket - Nokia Modem (02/23/2009 7.01.0.2)
"FBX Plugin 2009.0 for Max 2009 64" = FBX Plugin 2009.0 for Max 2009 64
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-stuurprogrammapakket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2™
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{0A5F02E5-1A52-4F85-892C-A35227641C75}" = VAIO Content Metadata Intelligent Analyzing Manager
"{10F5387D-1728-423A-A578-B00982CF2646}" = Windows Live Messenger
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Ondersteuning voor Weergave
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236135FC-78F2-44e7-883D-1D5671C8F4C7}" = JMicron JMB368 CF Host Controller Driver
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Instellingen voor het controleren van inhoud VAIO
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}" = Windows Live Call
"{2BE51320-174A-44EC-8041-50E35E091283}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{377F5472-544F-4055-A470-4EDA319BA1F3}" = V-Ray for SketchUp 7
"{3B1168DE-1F8C-471C-AC49-0CA52F096170}" = VAIO Content Metadata Intelligent Network Service Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{48E15C9C-E25C-40AD-A46B-AB270729B9B9}" = Google SketchUp Pro 7
"{48E91AD2-2A80-4E70-98E6-450A189F6048}" = VAIO Movie Story
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{5158F1F5-FA1B-4D49-B546-55A5004B89BD}" = Microsoft Works
"{51BEF30C-58E4-490F-BA40-A2F12AB8B5F9}" = VAIO Content Metadata Manager Settings
"{51CFD8DC-5C66-42ec-9598-72E28FD62ED5}" = MusicStation
"{5511C07D-A83C-45AD-92B6-42DF99729A3C}" = Adobe Photoshop Elements 7.0
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{562B9CA4-6E52-4F87-ACEC-912FC004F1F0}" = Windows Live Essentials
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{57AABF73-E17F-4212-A103-13A9794F0869}" = VAIO Content Metadata XML Interface Library
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = Ondersteuning voor VAIO Transfer
"{5F2D882B-A663-4EB5-9851-48CC6C75FD2D}" = VAIO Content Metadata Intelligent Network Service Manager
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energiebeheer
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{68E733D9-1E1E-480C-AA30-D90DD6D432F9}" = V-Ray for SketchUp 7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{7395DD51-0D1A-47A7-9993-742073ECF4CE}" = VAIO Content Metadata Manager Settings
"{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A512C74-7780-43A1-93DA-29C23D0DF374}" = VAIO Content Metadata XML Interface Library
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7E1FBCB0-500C-4A0D-AC9C-B1B76E75666B}" = Windows Live aanmeldhulp
"{7E8DE539-B044-48B3-BC76-4F0A089ABE2F}" = VAIO Content Metadata Intelligent Analyzing Manager
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8F47B673-8D71-49E3-98B6-BCF547C82F57}" = Click to Disc
"{8FA6F936-E10C-4AE6-A28F-5C943B75780E}" = V-Ray for SketchUp
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_ENTERPRISE_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0413-0000-0000000FF1CE}" = Compatibiliteitspakket voor het 2007 Microsoft Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0413-1000-0000000FF1CE}_ENTERPRISE_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_ENTERPRISE_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2007
"{90120000-00BA-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{949419DF-F4AF-4693-B60A-522B24F233C6}" = VAIO Content Metadata XML Interface Library
"{95120000-00AF-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Dutch)
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D912275-85FD-45F6-9AF3-388A0F8AADB2}" = VAIO Content Metadata Intelligent Network Service Manager
"{9E39EA0D-38CD-4739-9E28-DEA4A1155522}" = Sony Home Network Library
"{A3A37DA6-70C0-497C-BCB1-148E9EC1D32E}" = Revit Architecture 2009
"{A568DFBD-4A04-484E-86BB-165AA6C53E2B}" = VAIO Content Monitoring Settings
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Oorspronkelijke functie-instellingen
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1043-7B44-A93000000001}" = Adobe Reader 9.3.1 - Nederlands
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEEE0DB3-44BC-4B94-A54A-A23E1C38490F}" = V-Ray for SketchUp
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{BD4E788B-B668-4C37-B277-C5AD52FF6299}" = V-Ray for SketchUp 7
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = SkypeÖ 4.2
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D8AE7D4E-BA8B-4F7B-BF50-8D2F090034F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{D9432306-513A-4695-977E-FC6AD9C3ED98}" = IDX Renditioner
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E0724276-6980-47E2-8FF2-88F473805773}_is1" = WinUndelete 3.50
"{E31ABA95-B5A8-4373-AABF-BAC8CD34E217}" = V-Ray for SketchUp 7
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FBBF5D9C-1989-4933-AE4E-19EE368385B4}" = VAIO Entertainment Platform
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"CCleaner" = CCleaner
"Computer Alarm Clock" = Computer Alarm Clock
"Crysis WARHEAD®" = Crysis WARHEAD®
"DWG Export for SketchUp_is1" = DWG Export for SketchUp
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fallout 3: Operation AnchorageÖ" = Fallout 3: Operation AnchorageÖ
"FileZilla Client" = FileZilla Client 3.3.0.1
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.2
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"GameSpy Arcade" = GameSpy Arcade
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"MarketingTools" = VAIO Marketing Tools
"MFU Module" =
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3
"Nokia PC Suite" = Nokia PC Suite
"PremElem70" = Adobe Premiere Elements 7.0
"PunkBusterSvc" = PunkBuster Services
"Telemeter" = Telemeter 3.5h
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO AW screensaver" = VAIO AW screensaver
"VAIO Help and Support" =
"VAIO Premium Partners 1.00" = VAIO Premium Partners 1.00
"VLC media player" = VLC media player 1.0.3
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20-5-2010 5:59:41 | Computer Name = Felix-VAIO | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 20-5-2010 9:52:02 | Computer Name = Felix-VAIO | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 20-5-2010 15:47:09 | Computer Name = Felix-VAIO | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 20-5-2010 21:01:19 | Computer Name = Felix-VAIO | Source = Google Update | ID = 20
Description =

Error - 21-5-2010 1:48:17 | Computer Name = Felix-VAIO | Source = Google Update | ID = 20
Description =

Error - 21-5-2010 9:13:00 | Computer Name = Felix-VAIO | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 21-5-2010 10:57:31 | Computer Name = Felix-VAIO | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: Skype.exe, versie: 4.2.0.169, tijdstempel:
0x4bebfa84 Naam van module met fout: RPCRT4.dll, versie: 6.1.7600.16385, tijdstempel:
0x4a5bdb3b Uitzonderingscode: 0xc0000005 Foutoffset: 0x0003b565 Id van proces met
fout: 0xe78 Starttijd van toepassing met fout: 0x01caf8f51c95243d Pad naar toepassing
met fout: C:\Program Files (x86)\Skype\Phone\Skype.exe Pad naar module met fout:
C:\Windows\syswow64\RPCRT4.dll Rapport-id: 2db74ca5-64e9-11df-9ee6-c75a972b385c

Error - 21-5-2010 14:01:18 | Computer Name = Felix-VAIO | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 22-5-2010 8:01:10 | Computer Name = Felix-VAIO | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: SketchUp.exe, versie: 7.0.8657.0, tijdstempel:
0x491c67d1 Naam van module met fout: ntdll.dll, versie: 6.1.7600.16385, tijdstempel:
0x4a5bdb3b Uitzonderingscode: 0xc015000f Foutoffset: 0x00084401 Id van proces met
fout: 0x1234 Starttijd van toepassing met fout: 0x01caf9a546333273 Pad naar toepassing
met fout: C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe Pad naar
module met fout: C:\Windows\SysWOW64\ntdll.dll Rapport-id: b5d1830c-6599-11df-959f-c7113f984a23

Error - 22-5-2010 8:01:11 | Computer Name = Felix-VAIO | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: SketchUp.exe, versie: 7.0.8657.0, tijdstempel:
0x491c67d1 Naam van module met fout: ntdll.dll, versie: 6.1.7600.16385, tijdstempel:
0x4a5bdb3b Uitzonderingscode: 0xc0150010 Foutoffset: 0x000845bb Id van proces met
fout: 0x1234 Starttijd van toepassing met fout: 0x01caf9a546333273 Pad naar toepassing
met fout: C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe Pad naar
module met fout: C:\Windows\SysWOW64\ntdll.dll Rapport-id: b6742e0e-6599-11df-959f-c7113f984a23

[ System Events ]
Error - 27-5-2010 3:08:58 | Computer Name = Felix-VAIO | Source = Disk | ID = 262155
Description = Het stuurprogramma heeft een controllerfout gevonden in \Device\Harddisk4\DR5.

Error - 27-5-2010 3:08:58 | Computer Name = Felix-VAIO | Source = Disk | ID = 262155
Description = Het stuurprogramma heeft een controllerfout gevonden in \Device\Harddisk4\DR5.

Error - 27-5-2010 3:08:59 | Computer Name = Felix-VAIO | Source = Disk | ID = 262155
Description = Het stuurprogramma heeft een controllerfout gevonden in \Device\Harddisk4\DR5.

Error - 27-5-2010 3:22:35 | Computer Name = Felix-VAIO | Source = Disk | ID = 262155
Description = Het stuurprogramma heeft een controllerfout gevonden in \Device\Harddisk4\DR6.

Error - 27-5-2010 3:22:35 | Computer Name = Felix-VAIO | Source = Disk | ID = 262155
Description = Het stuurprogramma heeft een controllerfout gevonden in \Device\Harddisk4\DR6.

Error - 27-5-2010 3:22:36 | Computer Name = Felix-VAIO | Source = Disk | ID = 262155
Description = Het stuurprogramma heeft een controllerfout gevonden in \Device\Harddisk4\DR6.

Error - 27-5-2010 3:22:36 | Computer Name = Felix-VAIO | Source = Disk | ID = 262155
Description = Het stuurprogramma heeft een controllerfout gevonden in \Device\Harddisk4\DR6.

Error - 27-5-2010 8:31:30 | Computer Name = Felix-VAIO | Source = Service Control Manager | ID = 7009
Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
deze service: Roxio Upnp Server 10.

Error - 27-5-2010 11:58:32 | Computer Name = Felix-VAIO | Source = DCOM | ID = 10010
Description =

Error - 27-5-2010 12:42:30 | Computer Name = Felix-VAIO | Source = Service Control Manager | ID = 7009
Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
deze service: Roxio Upnp Server 10.


< End of report >




#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:54 PM

Posted 03 June 2010 - 09:58 AM

Hi again fonziesponzie!!.. smile.gif

There are only some leftovers to remove... After performing all the steps below, tell me how your computer is running now!..

Also, your logs indicate that you use cracked/illegal software on your computer... Most of our Helpers don't help such victims, until illegal software is uninstalled... I suggest you uninstall all of the cracked products now and stop stealing software!...

Please do the following:

Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    SRV - [2010-01-08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
    IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
    FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll File not found
    O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll File not found
    O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll File not found
    O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe File not found
    O4 - HKCU..\Run: [0x017] File not found
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
    [2010-05-24 23:09:24 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\qqvngswlh
    [2010-05-25 20:29:44 | 000,146,944 | ---- | M] () -- C:\Users\Felix\AppData\Local\tondat.exe
    [2010-05-24 23:10:14 | 000,000,243 | --S- | M] () -- C:\Users\Felix\AppData\Local\4186869769.dat
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


How is your system running now?..
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 fonziesponzie

fonziesponzie
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 03 June 2010 - 10:52 AM

Hi,

OTL aksed for a reboot, which normaly takes a while, now it rebooted in 2 mins,
Amazing, its going faster again,



I still have round 80 processes running just after booting, ( is this normal?)

thanks !

here's the log
All processes killed
========== OTL ==========
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: pdfforge@mybrowserbar.com:1.1.2 removed from extensions.enabledItems
Prefs.js: searchsettings@spigot.com:1.2.3 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\0x017 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL deleted successfully.
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
C:\Users\Felix\AppData\Local\qqvngswlh folder moved successfully.
C:\Users\Felix\AppData\Local\tondat.exe moved successfully.
C:\Users\Felix\AppData\Local\4186869769.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Felix
->Temp folder emptied: 499548353 bytes
->Temporary Internet Files folder emptied: 18596002 bytes
->Java cache emptied: 84603452 bytes
->FireFox cache emptied: 92392004 bytes
->Flash cache emptied: 9834 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 130078 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50562 bytes
RecycleBin emptied: 14164912 bytes

Total Files Cleaned = 677,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Felix
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.5.3 log created on 06032010_174458

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
C:\Users\Felix\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...



Bout the illigal software,

those would be Autocad 3DS max and photoshop, since im still studying i cant afford this software, so i use the Student version of it.

#6 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:54 PM

Posted 03 June 2010 - 11:56 AM

Hi again fonziesponzie!!.. smile.gif.

QUOTE
Amazing, its going faster again,

Good to see that!.. thumbup2.gif

QUOTE
those would be Autocad 3DS max and photoshop, since im still studying i cant afford this software, so i use the Student version of it.

Ok, just be aware of the fact that using cracks and keygens is one of the easiest ways of getting infected!..

QUOTE
I still have round 80 processes running just after booting, ( is this normal?)

If these are all processes, I'd not call it something extraordinary... On my system, I have currently 67 processes running - just after a boot-up there would be more, as some applications launch "update checkers"...

Your computer came with a lot of programs from Sony preinstalled - you may want to uninstall those you don't use...

If there are no remaining problems:

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Then,
We need to update outdated programs (with security vulnerabilities) on your machine:

- Adobe Acrobat Reader:

You're using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities...
Run Adobe Reader --> Help --> Check for updates - let it update to the newest version - 9.3.2

- Java

Go to Start -> Control Panel -> Programs and Features, highlight a program to see the available option on the toolbar for it. Choose Uninstall for:
JavaÖ 6 Update 14 (64-bit)
JavaÖ 6 Update 14


Then,
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "JDK 6 Update 20 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select Windows, your Language, check the "agree" box and click Continue.
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe that you downloaded to install the newest version.

- Adobe Flash Player:

To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger.
3. Double-click on the file you've downloaded to uninstall Flash.
4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

Please set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:
  • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Click "OK" to select the partition or drive you desire.
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows Vista can be found here and for Windows 7 here.


Please check my site - snemelk.hekko.pl:
Also, I recommend you to read Grinler's excellent article: How did I get infected?, With steps so it does not happen again!
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#7 fonziesponzie

fonziesponzie
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 03 June 2010 - 03:19 PM

Man your The BEST

Everything isexplained so clear easy and nice,

really, thanks thanks for al the effort you put in this, even in the layout of your posts,
MS should use you for there 'help opions' :D

I updated java and acrobat already,

will do Flash player tommorow, got some drawings to finnish for sketch class, got to do those first :D

Thanks alot for everything!,

Btw, I've put your site in favorits, from now on you'll be my first source when i have a problem :D

Thanks again for all the help !


#8 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:54 PM

Posted 03 June 2010 - 06:23 PM

Hi again fonziesponzie and thank you for these kind words!!.. smile.gif

QUOTE(fonziesponzie @ Jun 3 2010, 10:19 PM) View Post
Btw, I've put your site in favorits, from now on you'll be my first source when i have a problem :D

Thanks again for all the help !

thumbup2.gif

Glad we could help. smile.gif

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users