Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
7 replies to this topic

#1 ray020

ray020

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 14 April 2012 - 09:06 AM

Hello :)

Could somebody check my log and see if there's anything I could fix?
My computer itself (no problems with games/online poker) isn't running slow, but mainly internet explorer and google chrome give me a lot of problems.
It's slow, a lot of pages I can't open because the browser closes down and I cannot send any emails with Hotmail (if i click send, the button goes grey but nothing happens, same with all email adresses and doesn't happen on other computers)
I wasn't sure how to fix this, as I do not know much about this subject, so I thought I'd try this.
If you have any other suggestions I would be very happy to hear them.

Thanks in advance.

My log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:02:41, on 14-4-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ESET\UpdateReminder.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\ManyCam\Bin\ManyCam.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\win7\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\win7\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\win7\Downloads\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\dfrgui.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.msn.com/?ocid=OIE9HP
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=bf2&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door MSN and Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do-Not-Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Ant.com browser helper (video detector) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\download.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll
O2 - BHO: FaceCons - {B2A44031-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files\Facecons\facecons.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Flash and Media Capture Helper - {E8803722-A7F5-45C5-B39A-A8B244486EC2} - C:\Program Files\MetaProducts Flash & Media Capture\FMCapt.dll
O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O2 - BHO: Codecv - {FD154E98-54DC-4032-A234-03AB2CB7089E} - C:\ProgramData\Codecv\bhoclass.dll
O3 - Toolbar: Flash and Media Capture Bar - {650EB965-8A1D-41C9-A941-0578F5CFC569} - C:\Program Files\MetaProducts Flash & Media Capture\FMCapt.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Ant.com Video Downloader toolbar - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\anttoolbar.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe /RegAll
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [UpdateReminder] C:\Program Files\Eset\UpdateReminder.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam\Bin\ManyCam.exe" /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\win7\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [© Skype Technologies S.A.] C:\Users\win7\AppData\Roaming\Sidebar\sidebar.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [adobeupdate] "C:\Users\win7\AppData\Roaming\2 8\l3.lnk"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: cfe.lnk = win7\AppData\Roaming\2 3\rundll32.exe
O4 - Startup: cwcwer.lnk = C:\Users\win7\AppData\Roaming\2 3\j.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download FLV by WinAVI... - C:\Program Files\WinAVI FLV Converter\flv_link.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Bewaar &Afbeeldingen met Flash and Media Capture - res://C:\Program Files\MetaProducts Flash & Media Capture\FMCapt.dll/saveimg.htm
O8 - Extra context menu item: Bewaar &media bestanden met Flash and Media Capture - res://C:\Program Files\MetaProducts Flash & Media Capture\FMCapt.dll/savemedia.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\download.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\win7\Desktop\PartyPoker.lnk
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\win7\Desktop\PartyPoker.lnk
O9 - Extra button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Save Media files - {F6F76DF4-FD65-4DE7-942F-4BD5DE9B1C6B} - C:\Program Files\MetaProducts Flash & Media Capture\FMCapt.dll
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\StreamingStar\HiDownload_Platinum\HiDownloadPlatinum.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ant Toolbar updater service (AntUpdaterService) - Ant.com - C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: webcamXP Service (wxpSvc) - Unknown owner - C:\Program Files\wLite\wService.exe

--
End of file - 14741 bytes


Edited by ray020, 14 April 2012 - 11:43 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:54 AM

Posted 16 April 2012 - 07:26 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
And

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#3 ray020

ray020
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 17 April 2012 - 04:57 AM

Hello,

I expected it to take five days so it is no problem at all. I greatly appreciate that you're doing this.
I have not taken any steps since that last time I posted. And I would like to add that some problems have been resolved.
- Google Chrome previously couldn't open hotmail, it closed down when I tried to open it. This has been fixed. And so have any other problems with Google Chrome.
- I can send emails in Internet Explorer again.

However, Internet Explorer is still refusing to open some websites, gets slow and closes itself down often.

The OTL.txt file:

OTL logfile created on: 17-4-2012 11:38:53 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\win7\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1,96 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 50,14% Memory free
3,93 Gb Paging File | 2,26 Gb Available in Paging File | 57,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,20 Gb Total Space | 12,76 Gb Free Space | 8,61% Space Free | Partition Type: NTFS

Computer Name: WIN7-PC | User Name: win7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\win7\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ESET\UpdateReminder.exe (ESET, spol. s r.o.)
PRC - C:\Program Files\ESET\nod32kui.exe (Eset )
PRC - C:\Program Files\ESET\nod32krn.exe (Eset )
PRC - C:\Users\win7\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe (Ant.com)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)
PRC - C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)
PRC - C:\Program Files\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.)
PRC - C:\Users\win7\AppData\Roaming\2 3\j.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\ESET\nod32rui.dll ()
MOD - C:\Program Files\ESET\pr_emon.dll ()
MOD - C:\Program Files\ESET\pr_upd.dll ()
MOD - C:\Program Files\ESET\pr_imon.dll ()
MOD - C:\Program Files\ESET\pr_dmon.dll ()
MOD - C:\ProgramData\Codecv\bhoclass.dll ()
MOD - C:\Program Files\ManyCam\Bin\cximagecrt.dll ()
MOD - C:\Program Files\ManyCam\Bin\CrashRpt.dll ()
MOD - C:\Users\win7\AppData\Roaming\2 3\j.exe ()


========== Win32 Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NOD32krn) -- C:\Program Files\ESET\nod32krn.exe (Eset )
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_6c825ce.dll ()
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AntUpdaterService) -- C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe (Ant.com)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (wxpSvc) -- C:\Program Files\wLite\wService.exe (Moonware Studios)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (npf) -- system32\drivers\npf.sys File not found
DRV - (cpuz132) -- C:\Users\win7\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (akv6j7xo) -- File not found
DRV - (AMON) -- C:\Windows\System32\drivers\amon.sys (Eset )
DRV - (nod32drv) -- C:\Windows\System32\drivers\nod32drv.sys ()
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\Windows\System32\drivers\avgidsehx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (androidusb) -- C:\Windows\System32\drivers\androidusb.sys (Google Inc)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (k57nd60x) Broadcom NetLink ™ -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (Blfp) -- C:\Windows\System32\drivers\basp.sys (Broadcom Corporation)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=bf2&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2604146
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 73 39 41 AA 2D CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=111363&babsrc=SP_ss&mntrId=50fd9fc6000000000000002564bdf04a
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=50fd9fc6000000000000002564bdf04a&tlver=1.4.19.19&affID=17896
IE - HKCU\..\SearchScopes\{7F8E9E9C-D741-4B4D-AF85-237A0FB87654}: "URL" = http://www.ant.com/web/{searchTerms}/
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2604146
IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = http://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKCU\..\SearchScopes\Bing: "URL" = http://www.bing.com/?scope=web&setmkt=nl-NL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\win7\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010-07-29 02:08:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-01-10 10:29:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012-04-14 13:00:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012-04-14 12:59:35 | 000,000,000 | ---D | M]

[2011-05-03 15:14:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\win7\AppData\Roaming\mozilla\Extensions
[2011-05-03 15:14:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\win7\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011-03-06 05:42:18 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011-10-11 18:13:17 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

========== Chrome ==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\win7\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\win7\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Zoeken = C:\Users\win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: DealPly = C:\Users\win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: Codecv = C:\Users\win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpilclpacieflhmobalmaccogiioldoo\1.0_0\
CHR - Extension: AVG Safe Search = C:\Users\win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2111_0\
CHR - Extension: AVG Do-Not-Track = C:\Users\win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2126_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Facecons = C:\Users\win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiabdeiamlolpdknhnpflnijogclooij\2.0_0\
CHR - Extension: Gmail = C:\Users\win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-03-10 18:00:07 | 000,000,043 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 http://www.avast.com/index.html
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (FACECONS Class) - {B2A44031-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files\Facecons\Facecons.dll (Facecons)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Flash and Media Capture Helper) - {E8803722-A7F5-45C5-B39A-A8B244486EC2} - C:\Program Files\MetaProducts Flash & Media Capture\FMCapt.dll (MetaProducts corp.)
O2 - BHO: (WinAVI FLVSense) - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O2 - BHO: (Codecv Class) - {FD154E98-54DC-4032-A234-03AB2CB7089E} - C:\ProgramData\Codecv\bhoclass.dll ()
O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKLM\..\Toolbar: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll (TODO: <Company name>)
O3 - HKLM\..\Toolbar: (Flash and Media Capture Bar) - {650EB965-8A1D-41C9-A941-0578F5CFC569} - C:\Program Files\MetaProducts Flash & Media Capture\FMCapt.dll (MetaProducts corp.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll (TODO: <Company name>)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdateReminder] C:\Program Files\ESET\UpdateReminder.exe (ESET, spol. s r.o.)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKCU..\Run: [© Skype Technologies S.A.] C:\Users\win7\AppData\Roaming\Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [adobeupdate] C:\Users\win7\AppData\Roaming\2 8\l3.lnk ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\win7\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [BrandClearStubs] C:\Windows\System32\iedkcs32.dll (Microsoft Corporation)
O4 - Startup: C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cwcwer.lnk = C:\Users\win7\AppData\Roaming\2 3\j.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download FLV by WinAVI... - C:\Program Files\WinAVI FLV Converter\flv_link.htm ()
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Bewaar &Afbeeldingen met Flash and Media Capture - C:\Program Files\MetaProducts Flash & Media Capture\FMCapt.dll (MetaProducts corp.)
O8 - Extra context menu item: Bewaar &media bestanden met Flash and Media Capture - C:\Program Files\MetaProducts Flash & Media Capture\FMCapt.dll (MetaProducts corp.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
O9 - Extra Button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\win7\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\win7\Desktop\PartyPoker.lnk ()
O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O9 - Extra 'Tools' menuitem : WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Save Media files - {F6F76DF4-FD65-4DE7-942F-4BD5DE9B1C6B} - C:\Program Files\MetaProducts Flash & Media Capture\FMCapt.dll (MetaProducts corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\imon.dll (Eset )
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: facebook.com ([apps] https in Vertrouwde websites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{543D0D58-7E47-47F8-81AE-07907C85B33D}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-04-16 14:00:20 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{C383096D-BCE8-4FB5-AAED-E29AF1F239BF}
[2012-04-16 14:00:09 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{2EA86B6B-5865-454A-9FB9-E3361A4B7989}
[2012-04-15 15:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Everest Poker
[2012-04-15 15:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\Everest Poker
[2012-04-14 19:44:04 | 004,126,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012-04-14 13:01:22 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Roaming\AVG2012
[2012-04-14 13:00:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012-04-14 13:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012-04-14 12:58:46 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012-04-14 12:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012-04-14 12:58:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012-04-14 12:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012-04-14 12:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012-04-14 12:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012-04-14 12:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012-04-14 12:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012-04-13 20:29:23 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Roaming\2 8
[2012-04-13 19:54:47 | 000,512,096 | ---- | C] (Eset ) -- C:\Windows\System32\drivers\amon.sys
[2012-04-13 19:54:47 | 000,298,104 | ---- | C] (Eset ) -- C:\Windows\System32\imon.dll
[2012-04-13 19:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv
[2012-04-13 19:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Codecv
[2012-04-13 19:32:53 | 000,000,000 | ---D | C] -- C:\codec-info
[2012-04-13 18:57:27 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{2D8EC28C-AA0C-4FEA-885C-369F1F3BEAF2}
[2012-04-13 18:57:15 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{471FD447-64CE-423A-B607-78FE776551A2}
[2012-04-12 15:23:15 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012-04-12 15:23:14 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012-04-12 15:23:13 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012-04-12 15:23:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012-04-12 15:23:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012-04-12 15:23:13 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012-04-12 15:17:25 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012-04-12 15:17:24 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012-04-10 14:17:37 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{D82E0502-1050-494A-9ED9-8F1E8C1F5868}
[2012-04-10 14:17:27 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{C52DD22C-2545-4730-9B18-F7838EA4D5A0}
[2012-04-08 17:44:12 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{550C2CA3-05D1-4496-8F7B-A75770029E9B}
[2012-04-08 17:44:01 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{522F1E80-A765-452B-8B71-1AC560861CB1}
[2012-04-08 17:43:38 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012-04-08 17:17:58 | 000,000,000 | ---D | C] -- C:\Windows\nl
[2012-04-08 17:12:15 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{9D531F40-DAE5-4150-B833-9DAC4D5CB384}
[2012-04-08 17:12:04 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{DF0F7BF2-7CB2-47FD-BFC9-DABFDFF0B8B3}
[2012-04-08 14:31:40 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{20D1CBC5-21C8-4AC3-9A1E-AF2A3D6067B1}
[2012-04-08 14:31:29 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{5E01A99D-2B3D-484B-8B0E-AFF0BB5CD38A}
[2012-04-08 12:43:05 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{7FD0CA02-1E33-42F8-B598-49E8F5DD53E6}
[2012-04-08 12:42:55 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{9B8E36F6-2764-43DB-AA88-50A94B5B87E4}
[2012-04-07 21:22:39 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{8A6AE045-9BC3-4C12-AB0C-A4953F8E982D}
[2012-04-07 11:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows
[2012-04-05 22:36:44 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{EF500F54-15E1-4FA7-AB4E-A8BD247CBDE3}
[2012-04-05 22:36:27 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{63A2FA78-5865-4307-8A23-06A975DFA367}
[2012-04-04 14:27:34 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Roaming\2 3
[2012-04-03 17:09:58 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{393488C1-418C-4582-9A16-85B78E657A3B}
[2012-04-02 14:12:56 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Roaming\Sidebar
[2012-04-02 14:07:05 | 000,748,336 | ---- | C] (Microsoft Corporation) -- C:\Users\win7\AppData\Roaming\Toolbar.exe
[2012-03-29 15:48:00 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{40BF819D-C375-4D43-8B3A-925EEDA33425}
[2012-03-29 03:47:49 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{C7BFE8D6-D385-493B-B333-CAF69020944C}
[2012-03-28 15:47:35 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{A094570D-2A90-46BE-9356-5DB497AA2E65}
[2012-03-28 15:47:19 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{254997B6-58DF-4517-9795-34F3313F5B79}
[2012-03-27 16:26:12 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{FD196FA0-E9EE-4BCE-B305-4D99565F4F2B}
[2012-03-27 16:26:01 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{C87AF9C6-5E3F-44B7-8706-D7D1E551CB26}
[2012-03-26 05:50:49 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{450A77A4-486B-4AFD-9EB0-70AAE327985C}
[2012-03-25 17:23:21 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{6DD69B34-8E49-4C13-B719-8BA869C08BF8}
[2012-03-25 17:23:06 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{C6A6156D-5332-45BB-AE49-F2825B42B91D}
[2012-03-22 15:46:36 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{DB09EE36-245D-4B63-9234-7D301C4C734F}
[2012-03-22 03:46:05 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{25CD6AFD-0C24-4812-9529-D9F8F404F950}
[2012-03-21 15:45:36 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{4F4DDB8E-1B2D-484E-825D-AA55660D3B8B}
[2012-03-21 03:45:08 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{5C64BC1E-BC5F-4ACD-9583-7B6BCAA7C720}
[2012-03-20 15:44:40 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{7E2B579F-595A-4D17-ABD2-48239BEFC455}
[2012-03-20 15:44:27 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{4A33912D-B6F5-4499-8889-5253C2688B3E}
[2012-03-19 16:30:24 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{4C0F5B29-AF96-4B1F-8188-9AEBD04FA2A6}
[2012-03-19 16:30:14 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{E284D896-329B-452E-89CF-B7216423828C}
[2012-03-18 23:10:00 | 000,000,000 | ---D | C] -- C:\Users\win7\AppData\Local\{05156403-3D75-4343-B29B-9617B6CF2091}
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-04-17 11:44:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-04-17 11:41:01 | 000,001,040 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-04-17 09:12:12 | 095,263,939 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012-04-17 05:11:04 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-04-17 05:11:04 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-04-17 05:08:23 | 000,743,092 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2012-04-17 05:08:23 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-04-17 05:08:23 | 000,152,208 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2012-04-17 05:08:23 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-04-17 05:03:21 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-04-17 05:03:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-04-17 05:03:15 | 1582,022,656 | -HS- | M] () -- C:\hiberfil.sys
[2012-04-16 21:49:37 | 000,000,010 | ---- | M] () -- C:\Windows\popcinfo.dat
[2012-04-16 17:20:15 | 000,056,757 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012-04-16 09:10:31 | 000,000,012 | ---- | M] () -- C:\ProgramData\ReminderNextRun
[2012-04-15 15:44:46 | 000,001,908 | ---- | M] () -- C:\Users\Public\Desktop\Everest Poker.lnk
[2012-04-14 19:44:10 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012-04-14 19:44:10 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012-04-14 19:44:04 | 004,126,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012-04-14 16:10:24 | 000,017,407 | ---- | M] () -- C:\Users\win7\AppData\Local\dt.dat
[2012-04-14 13:00:20 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012-04-14 12:46:03 | 000,001,244 | ---- | M] () -- C:\Users\win7\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012-04-14 12:46:03 | 000,001,220 | ---- | M] () -- C:\Users\win7\Desktop\Spybot - Search & Destroy.lnk
[2012-04-14 08:37:42 | 000,007,418 | ---- | M] () -- C:\Users\win7\AppData\Roaming\vi.bin
[2012-04-13 19:54:36 | 000,512,096 | ---- | M] (Eset ) -- C:\Windows\System32\drivers\amon.sys
[2012-04-13 19:54:36 | 000,298,104 | ---- | M] (Eset ) -- C:\Windows\System32\imon.dll
[2012-04-13 19:54:35 | 000,015,424 | ---- | M] () -- C:\Windows\System32\drivers\nod32drv.sys
[2012-04-13 19:33:16 | 000,002,984 | ---- | M] () -- C:\user.js
[2012-04-10 13:01:59 | 000,001,399 | ---- | M] () -- C:\Users\win7\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012-04-09 14:11:44 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\Gold Miner Special Edition.lnk
[2012-04-09 14:11:44 | 000,000,137 | ---- | M] () -- C:\Users\win7\Desktop\More Games at GameHouse.com.url
[2012-04-08 19:57:56 | 000,001,051 | ---- | M] () -- C:\Users\Public\Desktop\Zuma Deluxe.lnk
[2012-04-05 04:09:23 | 000,001,720 | ---- | M] () -- C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cwcwer.lnk
[2012-04-02 22:19:01 | 000,001,490 | ---- | M] () -- C:\Users\win7\AppData\Roaming\win
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-04-17 09:12:12 | 095,263,939 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012-04-16 17:20:15 | 000,056,757 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012-04-16 09:11:54 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2012-04-14 16:10:24 | 000,017,407 | ---- | C] () -- C:\Users\win7\AppData\Local\dt.dat
[2012-04-14 13:00:20 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012-04-14 12:46:03 | 000,001,244 | ---- | C] () -- C:\Users\win7\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012-04-14 12:46:03 | 000,001,220 | ---- | C] () -- C:\Users\win7\Desktop\Spybot - Search & Destroy.lnk
[2012-04-13 19:54:47 | 000,015,424 | ---- | C] () -- C:\Windows\System32\drivers\nod32drv.sys
[2012-04-09 14:11:44 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\Gold Miner Special Edition.lnk
[2012-04-09 14:11:44 | 000,000,137 | ---- | C] () -- C:\Users\win7\Desktop\More Games at GameHouse.com.url
[2012-04-08 19:57:56 | 000,001,051 | ---- | C] () -- C:\Users\Public\Desktop\Zuma Deluxe.lnk
[2012-04-08 17:43:40 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-04-04 14:27:35 | 000,001,720 | ---- | C] () -- C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cwcwer.lnk
[2012-04-02 14:09:04 | 000,001,490 | ---- | C] () -- C:\Users\win7\AppData\Roaming\win
[2012-03-17 20:47:09 | 000,109,248 | ---- | C] () -- C:\Users\win7\AppData\Roaming\MSWINSCK.OCX
[2012-03-17 19:59:52 | 000,007,418 | ---- | C] () -- C:\Users\win7\AppData\Roaming\vi.bin
[2012-03-17 19:59:22 | 000,000,000 | -H-- | C] () -- C:\Users\win7\AppData\Roaming\j7MJ8kh66f66
[2011-11-21 02:02:39 | 000,000,017 | ---- | C] () -- C:\Users\win7\AppData\Local\resmon.resmoncfg
[2011-10-17 13:26:48 | 000,000,000 | -H-- | C] () -- C:\Users\win7\AppData\Roaming\EEyE7dd1G7eL
[2011-09-30 17:25:01 | 000,000,132 | ---- | C] () -- C:\Users\win7\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011-09-25 17:08:33 | 000,000,164 | ---- | C] () -- C:\Windows\System32\psconv.ini
[2011-09-25 16:37:34 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfmonnt.dll
[2011-09-25 16:31:19 | 000,000,031 | ---- | C] () -- C:\Windows\System32\wcsodsini.dll
[2011-09-25 16:30:50 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2011-08-31 13:22:03 | 008,676,883 | ---- | C] () -- C:\Windows\System32\mp3Media2.dll
[2011-07-18 20:50:36 | 000,000,012 | ---- | C] () -- C:\ProgramData\ReminderNextRun
[2011-04-25 23:03:55 | 000,000,000 | ---- | C] () -- C:\Users\win7\AppData\Local\{7A1168B2-399E-4EF5-A38F-C63F4826B1A8}
[2011-04-25 23:02:30 | 000,000,000 | ---- | C] () -- C:\Users\win7\AppData\Local\{B9AEB8C6-FB2A-4716-91B6-6739365F8BEC}
[2011-03-21 23:23:48 | 000,000,132 | ---- | C] () -- C:\Users\win7\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011-03-21 15:00:20 | 000,000,168 | RHS- | C] () -- C:\ProgramData\4162F5AE38.sys
[2011-03-21 15:00:18 | 000,010,022 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011-03-15 18:30:50 | 000,007,168 | ---- | C] () -- C:\Users\win7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-03-05 19:42:19 | 000,120,832 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011-03-03 22:15:59 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2011-03-01 16:39:28 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011-03-01 16:38:02 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011-01-26 20:15:01 | 000,000,015 | ---- | C] () -- C:\Windows\OverlayXP.ini
[2010-11-08 03:28:50 | 000,246,784 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2010-11-04 21:47:26 | 000,177,664 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2010-11-04 21:47:26 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2010-11-04 21:47:25 | 000,696,836 | ---- | C] () -- C:\Windows\System32\unins000.exe
[2010-11-04 21:47:25 | 000,043,441 | ---- | C] () -- C:\Windows\System32\unins000.dat
[2010-11-04 16:07:28 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010-11-04 16:06:46 | 000,006,289 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010-09-14 13:50:23 | 000,000,132 | ---- | C] () -- C:\Users\win7\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010-09-11 14:07:10 | 000,000,042 | ---- | C] () -- C:\Windows\System32\imon1.dat
[2010-08-30 16:13:00 | 000,000,392 | ---- | C] () -- C:\Windows\ODBC.INI
[2010-08-25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010-08-21 21:05:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-07-27 18:46:32 | 000,000,792 | ---- | C] () -- C:\Windows\_delis32.ini
[2010-06-15 18:06:38 | 000,456,192 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2010-06-15 18:05:02 | 003,591,168 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2010-06-15 17:43:58 | 001,641,574 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2010-05-24 21:39:50 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2010-05-24 21:38:34 | 000,962,008 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2010-05-24 21:38:22 | 000,710,656 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010-05-19 22:59:20 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2010-05-19 22:59:10 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2010-05-19 22:59:02 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2010-05-19 22:58:52 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2010-05-19 22:58:24 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2010-05-19 22:58:18 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2010-05-19 22:58:08 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2010-05-19 22:57:42 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2010-05-19 22:57:38 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2010-05-19 22:57:26 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2010-05-19 22:57:20 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2010-05-19 22:55:40 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2010-05-19 22:55:36 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2010-05-12 17:09:06 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010-05-11 23:26:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2010-05-11 23:22:22 | 000,023,552 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2010-05-11 00:10:04 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2010-05-11 00:09:50 | 000,172,032 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2010-05-11 00:09:42 | 000,052,224 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2010-05-11 00:09:30 | 000,397,312 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2010-05-11 00:07:24 | 000,135,168 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2010-05-11 00:05:28 | 000,102,912 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2010-05-11 00:05:06 | 000,056,832 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2010-05-11 00:03:56 | 000,119,296 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010-04-21 18:08:14 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010-04-21 18:08:14 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010-04-21 18:08:14 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010-04-21 17:29:46 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010-04-21 17:22:50 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010-04-21 17:22:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll

========== LOP Check ==========

[2011-04-08 16:53:42 | 000,000,000 | -HSD | M] -- C:\Users\win7\AppData\Roaming\.#
[2012-04-14 13:51:09 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\2 3
[2012-04-14 13:54:17 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\2 8
[2011-12-24 01:40:19 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\A2 Entertainment
[2011-03-30 19:59:50 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\aHisoft
[2011-11-13 18:18:03 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Alawar Stargaze
[2011-03-05 19:52:34 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Aleo Software
[2011-10-19 01:25:55 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Anarchy
[2011-03-09 14:50:38 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Anvsoft
[2011-03-30 21:56:18 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Apowersoft
[2012-04-14 13:01:22 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\AVG2012
[2011-01-27 11:57:00 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\BACS.exe
[2012-01-26 04:16:30 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\BitTorrent
[2011-12-03 18:03:15 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Boolat Games
[2012-01-05 14:42:56 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Boomzap
[2010-08-30 16:08:58 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\DAEMON Tools Lite
[2011-08-06 12:31:09 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\DivoGames
[2011-04-04 18:51:17 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\EBookSys
[2011-11-11 00:41:33 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Elephant Games
[2011-07-05 21:20:44 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\ERS Game Studios
[2011-03-09 16:30:34 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\FLIP Flash Album Deluxe 2
[2011-03-09 15:31:31 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\FLIPFlashAlbumDeluxe2
[2010-12-15 22:15:47 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Flood Light Games
[2011-09-07 23:51:52 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\FloodLightGames
[2012-02-18 23:21:32 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\GetRightToGo
[2012-01-05 09:27:54 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Gogii
[2011-03-30 20:52:34 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\GrabPro
[2011-11-07 21:24:04 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\HitPoint Studios
[2011-04-06 23:47:24 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\iJoysoft
[2011-07-15 16:47:37 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\iWin
[2011-06-06 17:29:33 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\LimeWire
[2010-11-04 21:01:28 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\LimeWirePlus
[2011-07-25 20:50:58 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\MAGIX
[2011-08-07 18:25:31 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Magnet's Story
[2010-08-08 15:10:29 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\ManyCam
[2012-01-05 14:33:31 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\MastersOfMystery2
[2012-04-14 13:54:17 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Media Player
[2011-04-04 19:00:22 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Mediaparts Interactive
[2010-12-22 04:02:43 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Meridian93
[2012-01-05 11:54:48 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Mobipocket
[2011-08-07 15:16:14 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\My Games
[2010-11-24 18:46:47 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\NewsLeecher
[2011-04-07 16:51:48 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Orbit
[2011-09-07 19:35:29 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Phantasmat_denda_ce
[2011-03-09 16:01:22 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Phototools
[2011-01-26 21:15:12 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\PlayFirst
[2011-05-30 18:33:02 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Playrix Entertainment
[2011-03-30 20:52:39 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\ProgSense
[2011-03-13 19:58:52 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\ProtectDisc
[2012-01-05 16:23:48 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\QB9
[2011-03-15 15:14:07 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Research In Motion
[2010-09-12 02:20:09 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\SecondLife
[2012-04-02 14:13:26 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Sidebar
[2011-07-26 05:44:08 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\SWF.max
[2011-07-21 13:39:49 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Thinstall
[2011-08-07 07:36:54 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\ThreeDays2
[2011-11-08 20:09:25 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\TOMI3
[2011-06-07 16:07:00 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\TuneUp Software
[2011-09-25 16:26:17 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\UDC Profiles
[2010-07-29 13:54:28 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Uniblue
[2011-03-09 15:41:23 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Up2date
[2011-10-17 21:00:30 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\URSE Games
[2012-02-22 02:40:26 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Usenet.nl
[2012-04-12 21:16:21 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\uTorrent
[2012-01-06 12:58:44 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\VampireSagaHL
[2012-01-17 17:48:20 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Vast Studios
[2011-04-06 23:59:50 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\WinAVI
[2011-01-31 17:37:14 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Windows Live Writer
[2011-01-27 10:39:59 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\YoudaGames
[2011-06-22 16:08:16 | 000,000,000 | ---D | M] -- C:\Users\win7\AppData\Roaming\Zylom
[2011-09-08 13:54:52 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:5EF72D85
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:0A8E2C33
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:A1460B2A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E6C6EB3B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:CAC06C34
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:73BDADA8
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C43C957E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:58E38390
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:D999FFD5
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:E81D9502
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:2F8138B7
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:6E86D926

< End of report >


The Extras.txt file:

OTL Extras logfile created on: 17-4-2012 11:38:53 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\win7\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1,96 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 50,14% Memory free
3,93 Gb Paging File | 2,26 Gb Available in Paging File | 57,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,20 Gb Total Space | 12,76 Gb Free Space | 8,61% Space Free | Partition Type: NTFS

Computer Name: WIN7-PC | User Name: win7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02014354-30AD-4F0D-851B-0223DD915312}" = Adobe Flash CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{069C1AD7-AC72-40E0-A156-7442EA6A48D7}" = AVG 2012
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1C5F707F-0943-4E21-9848-9C25CBC2A76E}" = Adobe Setup
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23170F69-40C1-2701-0920-000001000000}" = 7-Zip 9.20
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 29
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2B78F6F9-5C63-45AB-ABFD-DDB7946E4C39}" = Ant.com IE add-on
"{2CD65167-671F-49A3-B6C7-3B919DF028E2}_is1" = Streaming Video Recorder V2.2.1
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{2EF17083-57D4-4D64-AE4F-55F32A2C4571}" = Codecv
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37D0B3E0-A45F-4F7F-B331-4092C46B2EEF}" = Adobe Flash Video Encoder
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2D3995-1EC5-3C05-B7E5-3449F802E6DE}" = Microsoft .NET Framework 4 Extended NLD Language Pack
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5DB38141-CCA8-4870-8EC1-FB06871AF278}" = FlippingBook PDF Publisher
"{616D5CF8-FA5B-4219-B3FA-5CFA3E0AA477}" = uMark Lite 2.0
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6EA5BC35-833D-44C2-A139-FDB29E26DB55}" = MetaProducts Flash and Media Capture 1.9 SR2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{800778CB-4901-45E9-9B9E-5E3E822D9149}" = iSpQ VideoChat 9
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Editie 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90170413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Apparaatcentrum
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1043-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Nederlands
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B08D3D14-098C-4A95-A2BE-A114E36C3A88}" = TuneUp Utilities Language Pack (en-GB)
"{B0A92733-C870-415C-A494-DF72C2C58402}" = BlackBerry Device Software Updater
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam-software
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C86746FE-688D-45AA-988A-EDC059CF08E4}" = Garden Dreams
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D65F8E34-C050-4E6C-86DB-D2B9075749A0}" = Windows Live Sync ActiveX Control for Remote Connections
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF33FDAF-22DE-4E3E-AFF7-A8648B473596}" = Windows Live Family Safety
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E44CAFD2-E5A4-4906-A43C-2F81877E0C10}_is1" = Puzzle Park
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{FB0391C7-BB09-4403-BA3B-A232F9A4B109}" = AVG 2012
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"17767593cc0618f9660abafed978df2d" = Roads of Rome
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_893d493b790ce9f4aa22ca64b20a26b" = Adobe Flash CS3 Professional
"Akamai" = Akamai NetSession Interface Service
"Aleo Flash Intro Banner Maker_is1" = Aleo Flash Intro Banner Maker 3.0
"Aleo Flash MP3 Player Builder_is1" = Aleo Flash MP3 Player Builder 3.2
"All To AVI VCD SVCD DVD MPEG Converter_is1" = All To AVI VCD SVCD DVD MPEG Converter 7.7
"Ant.com IE add-on" = Ant.com IE add-on
"AnvSoft Photo Flash Maker Pro" = AnvSoft Photo Flash Maker Pro 5.16
"Atlantis Quest" = Atlantis Quest
"AVG" = AVG 2012
"BFGC" = Big Fish Games: Game Manager
"BFG-Nightfall Mysteries - Samenzweringen in het Gesticht" = Nightfall Mysteries: Samenzweringen in het Gesticht
"BitTorrent" = BitTorrent
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"Caricature Studio 6" = Caricature Studio 6
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"DealPly" = DealPly
"Denda Games Gardenscapes" = Gardenscapes
"DivX Setup" = DivX Setup
"DOC to Image Converter_is1" = DOC to Image Converter 4.00
"Doors of the Mind - Inner Mysteries_is1" = Doors of the Mind - Inner Mysteries nl
"Everest Poker" = Everest Poker (Remove Only)
"Facecons" = Facecons
"FBDBServer_2_5_is1" = Firebird 2.5.0.26074 (Win32)
"ffdshow_is1" = ffdshow [rev 2033] [2008-07-05]
"Flash Effect Maker_is1" = Flash Effect Maker Pro v4.0 Full (578 Templates/Unicode UTF8)
"Flash Menu Labs Pro v2_is1" = Flash Menu Labs Pro v2
"Free PS Convert driver_is1" = Free PS Convert driver 8.15
"Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter
"Fresco Wizard" = Fresco Wizard
"Galapago - NL" = Galapago - NL
"Gold Miner: Special Edition" = Gold Miner: Special Edition
"Google Chrome" = Google Chrome
"HiDownload Platinum_is1" = HiDownloadPlatinum
"iJoysoft FLV Converter" = iJoysoft FLV Converter
"Imikimi Plugin" = Imikimi Plugin
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"Jewel Quest III" = Jewel Quest III
"JPEG-resizer" = JPEG-resizer
"Jumbo Puzzel" = Jumbo Puzzel
"Kraken" = Kraken
"ManyCam" = ManyCam 2.5.48 (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Extended - NLD
"MixMeister Studio 7.1.1_is1" = MixMeister Studio 7.1.1
"MWSnap 3" = MWSnap 3
"Ncesoft Flip Book Maker_is1" = Ncesoft Flip Book Maker 2.5.0
"NewsLeecher_is1" = NewsLeecher v3.8 Final
"NOD32" = NOD32 antivirus systeem
"Orbit_is1" = Orbit Downloader
"PartyPoker" = PartyPoker
"PDFConverter Printer Driver_is1" = PDFConverter Printer Driver version 2.00
"PokerStars" = PokerStars
"PowerISO" = PowerISO
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"QuickPar" = QuickPar 0.9
"SAM3" = SAM Broadcaster v4
"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2
"Save Flash" = Save Flash 4.1
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Spin & Play" = Spin & Play (remove only)
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Usenet.nl_is1" = Usenet.nl
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"Watermark Image_is1" = Watermark Image software version 1.9.9.1
"Watermark Studio_is1" = Watermark Studio 2.11
"Web Album Generator_is1" = Web Album Generator 1.8.2
"WinAVI FLV Converter 1.0_is1" = WinAVI FLV Converter
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 2.6.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Zuma Deluxe" = Zuma Deluxe
"Zylom Games Player Plugin" = Zylom Games Player Plugin

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5a29740808d5a06e" = KLaverjas Trainer
"Akamai" = Akamai NetSession Interface
"Bejeweled 3 Deluxe" = Bejeweled 3 Deluxe
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


aswMBR file:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-17 11:55:03
-----------------------------
11:55:03.935 OS Version: Windows 6.1.7601 Service Pack 1
11:55:03.935 Number of processors: 2 586 0x170A
11:55:03.935 ComputerName: WIN7-PC UserName: win7
11:55:06.181 Initialize success
11:55:20.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:55:20.609 Disk 0 Vendor: WDC_WD1600AAJS-75M0A0 02.03E02 Size: 152587MB BusType: 3
11:55:20.625 Disk 0 MBR read successfully
11:55:20.640 Disk 0 MBR scan
11:55:20.640 Disk 0 Windows 7 default MBR code
11:55:20.656 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 151757 MB offset 1697792
11:55:20.656 Disk 0 scanning sectors +312496128
11:55:20.734 Disk 0 scanning C:\Windows\system32\drivers
11:55:29.096 Service scanning
11:55:41.778 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
11:55:46.755 Modules scanning
11:55:52.995 Disk 0 trace - called modules:
11:55:53.026 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85aff1f8]<<
11:55:53.042 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c775f8]
11:55:53.541 3 CLASSPNP.SYS[891a359e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84e72610]
11:55:53.541 \Driver\atapi[0x85b54368] -> IRP_MJ_CREATE -> 0x85aff1f8
11:55:53.541 Scan finished successfully
11:56:14.320 Disk 0 MBR has been saved successfully to "C:\Users\win7\Desktop\MBR.dat"
11:56:14.320 The log file has been saved successfully to "C:\Users\win7\Desktop\aswMBR.txt"




#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:54 AM

Posted 17 April 2012 - 04:32 PM

There's something in the aswMBR log that we need to pursue first.

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 ray020

ray020
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 19 April 2012 - 12:36 PM

There are two threats detected, both "Suspicious object, medium risk" and I can chose to Skip, Copy to quarantine or Delete. Since I don't see a cure option, is it safe to just delete?

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:54 AM

Posted 19 April 2012 - 06:57 PM

Quarantine them, post the log and then I can decide what to do with them. They could still be legitimate.
Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:54 AM

Posted 23 April 2012 - 06:16 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:54 AM

Posted 24 April 2012 - 07:09 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users