[RESOLVED] adds in ie 11 can't find the virus .... :( - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 32

Thread: [RESOLVED] adds in ie 11 can't find the virus .... :(

  1. #16
    Join Date
    Dec 2006
    Location
    belgium
    Posts
    272
    OTL logfile created on: 11/01/2014 12:47:06 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gebruiker\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16428)
    Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

    15,98 Gb Total Physical Memory | 14,10 Gb Available Physical Memory | 88,20% Memory free
    31,96 Gb Paging File | 30,02 Gb Available in Paging File | 93,92% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 491,96 Gb Total Space | 213,26 Gb Free Space | 43,35% Space Free | Partition Type: NTFS
    Drive D: | 439,45 Gb Total Space | 82,78 Gb Free Space | 18,84% Space Free | Partition Type: NTFS
    Drive E: | 74,51 Gb Total Space | 20,67 Gb Free Space | 27,75% Space Free | Partition Type: FAT32
    Drive F: | 74,51 Gb Total Space | 12,32 Gb Free Space | 16,54% Space Free | Partition Type: FAT32
    Drive I: | 1,08 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
    Drive J: | 524,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
    Drive K: | 1862,98 Gb Total Space | 1534,93 Gb Free Space | 82,39% Space Free | Partition Type: NTFS

    Computer Name: GEBRUIK-R3TI979 | User Name: Gebruiker | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/01/11 12:22:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gebruiker\Desktop\OTL.exe
    PRC - [2013/12/19 12:20:16 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2013/12/10 03:22:32 | 002,279,712 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    PRC - [2013/12/10 03:21:14 | 001,494,304 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    PRC - [2013/09/05 15:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/07/25 17:47:00 | 001,985,824 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    PRC - [2012/12/17 21:23:05 | 000,366,576 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
    PRC - [2012/12/17 21:23:05 | 000,264,176 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
    PRC - [2012/11/30 12:56:09 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2012/08/28 14:52:56 | 003,671,904 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    PRC - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
    PRC - [2012/01/23 18:19:32 | 001,858,048 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
    PRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/07/24 09:24:52 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
    MOD - [2012/12/17 21:23:06 | 000,268,272 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll
    MOD - [2012/12/17 21:23:06 | 000,133,104 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll
    MOD - [2012/12/17 21:23:06 | 000,108,448 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\PMC.dll
    MOD - [2012/12/17 21:23:06 | 000,079,856 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImAppRU.dll
    MOD - [2012/12/17 21:23:06 | 000,071,664 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll
    MOD - [2012/12/17 21:23:06 | 000,032,680 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/12/10 03:20:28 | 015,129,376 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
    SRV:64bit: - [2013/11/26 10:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2013/10/10 23:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2012/01/11 13:51:18 | 000,161,048 | --S- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Kinect\Service\KinectManagementService.exe -- (KinectManagement)
    SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2013/12/24 17:04:06 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/12/19 12:20:16 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2013/12/11 18:18:25 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/12/10 03:21:14 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
    SRV - [2013/10/25 23:45:12 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
    SRV - [2013/10/15 05:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
    SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2013/09/05 15:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/11/30 12:56:09 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012/11/03 17:07:21 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
    SRV - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2012/05/03 11:27:58 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2012/01/23 18:19:32 | 001,858,048 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
    SRV - [2011/04/26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
    SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2005/04/06 15:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Adobe creative Suite 2\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/12/26 19:38:16 | 000,276,256 | ---- | M] (Digiarty Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys -- (DigiartyVirtualCDBus)
    DRV:64bit: - [2013/12/05 09:42:30 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
    DRV:64bit: - [2013/11/28 14:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2013/10/23 11:00:56 | 000,454,168 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
    DRV:64bit: - [2013/10/09 01:31:54 | 000,489,568 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
    DRV:64bit: - [2013/10/08 05:47:30 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
    DRV:64bit: - [2013/10/02 03:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2013/07/17 02:02:06 | 000,177,760 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
    DRV:64bit: - [2013/07/17 02:02:04 | 007,717,984 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
    DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/11/15 21:06:06 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
    DRV:64bit: - [2012/10/06 00:04:08 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2012/09/26 17:18:06 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2012/08/23 15:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/16 12:42:00 | 000,676,968 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/10/25 08:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2011/10/25 08:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2011/09/23 09:49:56 | 000,056,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2011/09/17 12:38:21 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/09/17 12:38:21 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/05/06 09:56:02 | 000,182,576 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
    DRV:64bit: - [2011/03/18 21:05:20 | 000,070,928 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ifP60x64.sys -- (IFCoEVB)
    DRV:64bit: - [2011/03/18 21:05:18 | 000,349,968 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ifM60x64.sys -- (IFCoEMP)
    DRV:64bit: - [2011/02/22 19:21:54 | 000,404,584 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
    DRV:64bit: - [2011/02/01 07:19:44 | 002,444,880 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2011/01/14 17:39:10 | 000,157,288 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\XenoVa64.sys -- (BFNVis64)
    DRV:64bit: - [2011/01/14 17:39:10 | 000,157,288 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Xeno7x64.sys -- (BFN7x64)
    DRV:64bit: - [2011/01/06 16:04:22 | 000,527,912 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2010/12/16 16:15:54 | 000,088,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxdiaga.sys -- (b06diag)
    DRV:64bit: - [2010/12/10 18:28:08 | 000,533,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxois.sys -- (BXOIS)
    DRV:64bit: - [2010/11/21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
    DRV:64bit: - [2010/11/21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
    DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/11/16 12:45:26 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2)
    DRV:64bit: - [2009/11/16 12:45:22 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
    DRV:64bit: - [2009/10/19 10:37:50 | 000,250,928 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2007/04/11 22:30:04 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTVE.sys -- (IAMTVE)
    DRV:64bit: - [2007/04/11 22:29:58 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTXPE.sys -- (IAMTXPE)
    DRV - [2012/11/14 14:18:24 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\AFS.SYS -- (AFS)
    DRV - [2010/01/29 10:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2005/11/02 15:47:26 | 000,010,368 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.artevent2005.tk/
    IE - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-BE
    IE - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 79 0D E9 98 C8 F6 CE 01 [binary data]
    IE - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\..\SearchScopes,DefaultScope = {07EEDBE5-FDFF-4D1C-B26B-1FDBD898AF7D}
    IE - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\..\SearchScopes\{07EEDBE5-FDFF-4D1C-B26B-1FDBD898AF7D}: "URL" = http://www.google.be/search?hl=nl&q={searchTerms}&sourceid=ie8&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\..\SearchScopes\{61430A33-7A62-4A6F-A7A6-A2A8D0E70C59}: "URL" = http://www.kapaza.be/results/?country=&lang0=vl&q={searchTerms}
    IE - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    IE - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\..\SearchScopes\DEVIANTART_SEARCH: "URL" = http://search.deviantart.com/?qh=boost%3Apopular&q={searchTerms}
    IE - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\..\SearchScopes\Event_ID_SEARCH: "URL" = http://www.eventid.net/display.asp?eventid={searchTerms}&source=
    IE - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\..\SearchScopes\GOOGLE_SEARCH: "URL" = http://www.google.be/search?hl=nl&q={searchTerms}&sourceid=ie8&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=
    IE - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\..\SearchScopes\MSDN_ENHANCED_SEARCH: "URL" = http://search.msdn.microsoft.com/search/default.aspx?siteId=0&tab=0&query={searchTerms}
    IE - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\..\SearchScopes\MSDOWNLOADCENTER: "URL" = http://www.microsoft.com/downloads/results.aspx?pocId=&freetext={SearchTerms}&DisplayLang=nl
    IE - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\..\SearchScopes\MSHELP: "URL" = http://support.microsoft.com/?kbid={SearchTerms}
    IE - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\..\SearchScopes\MSTECHNET: "URL" = http://social.technet.microsoft.com/Search/nl-NL?query={SearchTerms}
    IE - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\..\SearchScopes\NEOWIN_FORUM: "URL" = http://www.neowin.net/forum/index.php?act=Search&CODE=01&keywords={searchTerms}&forums=all
    IE - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\..\SearchScopes\WIKIPEDIA_SEARCH: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\..\SearchScopes\YOUTUBE_SEARCH: "URL" = http://www.youtube.com/results?search_query={searchTerms}&search=Search
    IE - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: ""
    FF - prefs.js..browser.search.defaulturl: ""
    FF - prefs.js..browser.search.selectedEngine,S: S", ""
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledAddons: donottrack%40checkpoint.com:2.2.5.1213
    FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.4.2
    FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.5
    FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
    FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/24 17:04:04 | 000,000,000 | ---D | M]

    [2013/01/13 15:21:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\Extensions
    [2012/11/04 23:58:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\Firefox\extensions
    [2012/11/04 23:59:29 | 000,000,000 | ---D | M] (uTorrentBar_NL) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\Firefox\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}
    [2014/01/11 12:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\Firefox\Profiles\yfxh34yb.default\extensions
    [2013/08/28 17:01:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\Firefox\Profiles\yfxh34yb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2013/01/13 15:23:11 | 000,000,000 | ---D | M] (ZoneAlarm Do Not Track) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\Firefox\Profiles\yfxh34yb.default\extensions\donottrack@checkpoint.com
    [2013/11/14 14:20:51 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\Firefox\Profiles\yfxh34yb.default\extensions\https-everywhere@eff.org
    [2013/11/24 19:25:07 | 000,340,499 | ---- | M] () (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\yfxh34yb.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
    [2013/11/14 14:17:37 | 001,338,622 | ---- | M] () (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\yfxh34yb.default\extensions\firefox@ghostery.com.xpi
    [2013/11/14 14:22:37 | 000,534,744 | ---- | M] () (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\yfxh34yb.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    [2013/10/27 16:47:06 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\yfxh34yb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/11/14 14:14:20 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\yfxh34yb.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
    [2013/01/04 12:17:07 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\yfxh34yb.default\extensions\donottrack@checkpoint.com\chrome\content\ff\view_expiry.js
    [2013/01/13 15:23:01 | 000,000,000 | -H-- | M] () -- C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\yfxh34yb.default\searchplugins\searchplugins.event
    [2013/12/24 17:04:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/12/24 17:04:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2013/12/24 17:04:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2010/12/27 11:03:32 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchvsl.xml

    O1 HOSTS File: ([2014/01/10 11:30:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
    O2:64bit: - BHO: (no name) - {11111111-1111-1111-1111-110311301136} - No CLSID value found.
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
    O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Adobe creative Suite 2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItIEAddin64.dll (TechSmith Corporation)
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Adobe creative Suite 2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
    O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
    O4 - HKU\S-1-5-21-2359379116-2292543063-101763817-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-2359379116-2292543063-101763817-1000..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
    O4 - HKU\S-1-5-21-2359379116-2292543063-101763817-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\5a7dd1d8-74f4-4424-a808-d6223d806b18.com (SUPERAntiSpyware)
    O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer File not found
    O4 - Startup: C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Startup.event ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
    O7 - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
    O7 - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O7 - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
    O7 - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
    O7 - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8:64bit: - Extra context menu item: Converteren naar Adobe PDF - C:\Adobe creative Suite 2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Converteren naar bestaand PDF-bestand - C:\Adobe creative Suite 2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - C:\Adobe creative Suite 2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - C:\Adobe creative Suite 2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - C:\Adobe creative Suite 2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - C:\Adobe creative Suite 2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Selectie converteren naar Adobe PDF - C:\Adobe creative Suite 2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - C:\Adobe creative Suite 2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Converteren naar Adobe PDF - C:\Adobe creative Suite 2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - C:\Adobe creative Suite 2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - C:\Adobe creative Suite 2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - C:\Adobe creative Suite 2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - C:\Adobe creative Suite 2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - C:\Adobe creative Suite 2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Selectie converteren naar Adobe PDF - C:\Adobe creative Suite 2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - C:\Adobe creative Suite 2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\..Trusted Domains: 4game.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\..Trusted Ranges: Range1 ([https] in Trusted sites)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_27)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.9.2)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts.../ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.131.5 195.130.130.133
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBE51427-2AA9-409C-BBAA-1C518FB79AB7}: DhcpNameServer = 195.130.131.5 195.130.130.133
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2001/11/26 11:58:38 | 000,150,560 | ---- | M] () - F:\AUTO.PAT -- [ FAT32 ]
    O32 - AutoRun File - [2001/11/26 11:58:38 | 000,053,856 | ---- | M] () - F:\AUTO.PST -- [ FAT32 ]
    O32 - AutoRun File - [2013/12/17 19:02:38 | 000,000,043 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
    O32 - AutoRun File - [2002/05/07 20:36:14 | 000,000,212 | R--- | M] () - J:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
    I don't bite,
    So be Nice.

  2. #17
    Join Date
    Dec 2006
    Location
    belgium
    Posts
    272
    ========== Files/Folders - Created Within 30 Days ==========

    [2014/01/11 12:37:38 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/01/11 12:24:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/01/11 12:22:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gebruiker\Desktop\OTL.exe
    [2014/01/11 12:22:00 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\Gebruiker\Desktop\JRT.exe
    [2014/01/10 12:40:26 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\Documents\MGR
    [2014/01/10 11:32:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/01/10 11:32:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2014/01/10 11:23:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/01/10 11:23:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/01/10 11:23:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/01/10 11:23:35 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/01/10 11:23:20 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2014/01/09 21:44:58 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\Documents\Wondershare Video Editor
    [2014/01/09 11:46:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2014/01/09 11:46:16 | 000,117,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/01/09 11:44:43 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/01/09 11:17:47 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\VirtualStore
    [2014/01/09 11:12:06 | 000,157,288 | ---- | C] (Bigfoot Networks, Inc.) -- C:\Windows\SysNative\drivers\XenoVa64.sys.bak
    [2014/01/09 11:12:05 | 000,157,288 | ---- | C] (Bigfoot Networks, Inc.) -- C:\Windows\SysNative\drivers\Xeno7x64.sys.bak
    [2014/01/09 11:11:52 | 000,560,184 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys.bak
    [2014/01/09 11:11:50 | 000,404,584 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rtlh64.sys.bak
    [2014/01/09 11:11:49 | 000,676,968 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys.bak
    [2014/01/09 11:11:42 | 000,213,504 | ---- | C] (Renesas Electronics Corporation) -- C:\Windows\SysNative\drivers\nusb3xhc.sys.bak
    [2014/01/09 11:11:42 | 000,096,768 | ---- | C] (Renesas Electronics Corporation) -- C:\Windows\SysNative\drivers\nusb3hub.sys.bak
    [2014/01/09 11:11:39 | 000,182,576 | ---- | C] (Marvell Semiconductor, Inc.) -- C:\Windows\SysNative\drivers\mv61xx.sys.bak
    [2014/01/09 11:11:39 | 000,014,128 | ---- | C] (Marvell Semiconductor Inc.) -- C:\Windows\SysNative\drivers\mv61xxmm.sys.bak
    [2014/01/09 11:11:36 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys.bak
    [2014/01/09 11:11:30 | 000,065,600 | ---- | C] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys.bak
    [2014/01/09 11:11:27 | 000,177,760 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys.bak
    [2014/01/09 11:11:27 | 000,054,104 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kltdi.sys.bak
    [2014/01/09 11:11:26 | 000,489,568 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys.bak
    [2014/01/09 11:11:26 | 000,029,792 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klim6.sys.bak
    [2014/01/09 11:11:25 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys.bak
    [2014/01/09 11:11:24 | 007,717,984 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys.bak
    [2014/01/09 11:11:21 | 000,031,232 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys.bak
    [2014/01/09 11:11:19 | 000,038,288 | ---- | C] (ESET) -- C:\Windows\SysNative\drivers\EpfwLWF.sys.bak
    [2014/01/09 11:11:18 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys.bak
    [2014/01/09 11:11:18 | 000,276,256 | ---- | C] (Digiarty Software, Inc.) -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys.bak
    [2014/01/09 11:11:13 | 000,194,128 | ---- | C] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys.bak
    [2014/01/09 01:04:26 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\MAGIX_AG
    [2014/01/08 01:55:33 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\Magix
    [2014/01/08 01:55:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Shared
    [2014/01/07 21:02:25 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\NVIDIA Corporation
    [2014/01/07 20:59:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
    [2014/01/07 20:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    [2014/01/06 21:46:29 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Roaming\DigiStudio
    [2014/01/06 21:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DigiStudio
    [2014/01/06 21:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DigiStudio
    [2014/01/05 11:41:17 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\Documents\SEGA
    [2014/01/04 02:11:06 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\DoNotTrackPlus
    [2014/01/03 12:07:27 | 000,177,760 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
    [2014/01/03 12:07:26 | 000,054,104 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kltdi.sys
    [2014/01/03 12:07:01 | 000,029,792 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klim6.sys
    [2014/01/03 12:06:57 | 007,717,984 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys
    [2014/01/03 12:06:53 | 000,489,568 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
    [2014/01/03 12:06:53 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
    [2014/01/03 12:06:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
    [2014/01/03 12:02:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Check Point Software Technologies LTD
    [2014/01/03 12:02:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
    [2014/01/03 12:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
    [2013/12/31 12:17:00 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\Documents\MAGIX Downloads
    [2013/12/31 12:09:53 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\Documents\MAGIX_MusicEditor
    [2013/12/31 12:09:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MAGIX
    [2013/12/31 12:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
    [2013/12/31 12:06:40 | 000,000,000 | R--D | C] -- C:\Users\Gebruiker\Documents\MAGIX
    [2013/12/31 12:06:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
    [2013/12/30 01:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
    [2013/12/30 01:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
    [2013/12/29 12:38:45 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Roaming\tixati
    [2013/12/29 12:38:26 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
    [2013/12/29 12:38:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\tixati
    [2013/12/26 19:41:37 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\Documents\StreamingStar
    [2013/12/26 19:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamingStar
    [2013/12/26 19:41:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StreamingStar
    [2013/12/26 19:38:16 | 000,276,256 | ---- | C] (Digiarty Software, Inc.) -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys
    [2013/12/26 19:38:15 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Roaming\Digiarty
    [2013/12/26 19:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
    [2013/12/26 19:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
    [2013/12/24 17:04:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/12/15 16:02:30 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Propellerhead
    [2013/12/15 16:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Propellerhead
    [2013/12/15 16:02:15 | 000,000,000 | ---D | C] -- C:\audio
    [2013/12/15 16:01:33 | 000,025,088 | ---- | C] (Propellerhead Software) -- C:\Windows\ReWire.dll
    [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
    [2 C:\*.tmp files -> C:\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/01/11 12:37:37 | 000,019,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/01/11 12:37:37 | 000,019,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/01/11 12:30:02 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/01/11 12:29:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/01/11 12:22:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gebruiker\Desktop\OTL.exe
    [2014/01/11 12:22:00 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\Gebruiker\Desktop\JRT.exe
    [2014/01/11 12:21:41 | 001,233,962 | ---- | M] () -- C:\Users\Gebruiker\Desktop\adwcleaner.exe
    [2014/01/11 12:18:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/01/11 12:06:34 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/01/10 23:58:00 | 000,000,558 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task b6cad04d-b984-441b-bcef-c91b5343c104.job
    [2014/01/10 12:40:01 | 000,001,730 | ---- | M] () -- C:\Users\Gebruiker\Desktop\METAL GEAR RISING REVENGEANCE.exe - Snelkoppeling.lnk
    [2014/01/10 11:30:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2014/01/10 11:07:59 | 005,116,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2014/01/09 11:46:16 | 000,117,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/01/09 11:44:43 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/01/09 11:12:06 | 000,157,288 | ---- | M] (Bigfoot Networks, Inc.) -- C:\Windows\SysNative\drivers\XenoVa64.sys.bak
    [2014/01/09 11:12:06 | 000,157,288 | ---- | M] (Bigfoot Networks, Inc.) -- C:\Windows\SysNative\drivers\Xeno7x64.sys.bak
    [2014/01/09 11:11:52 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys.bak
    [2014/01/09 11:11:50 | 000,404,584 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rtlh64.sys.bak
    [2014/01/09 11:11:49 | 000,676,968 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys.bak
    [2014/01/09 11:11:42 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) -- C:\Windows\SysNative\drivers\nusb3xhc.sys.bak
    [2014/01/09 11:11:42 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) -- C:\Windows\SysNative\drivers\nusb3hub.sys.bak
    [2014/01/09 11:11:39 | 000,182,576 | ---- | M] (Marvell Semiconductor, Inc.) -- C:\Windows\SysNative\drivers\mv61xx.sys.bak
    [2014/01/09 11:11:39 | 000,014,128 | ---- | M] (Marvell Semiconductor Inc.) -- C:\Windows\SysNative\drivers\mv61xxmm.sys.bak
    [2014/01/09 11:11:36 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys.bak
    [2014/01/09 11:11:31 | 000,065,600 | ---- | M] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys.bak
    [2014/01/09 11:11:27 | 000,177,760 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys.bak
    [2014/01/09 11:11:27 | 000,054,104 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kltdi.sys.bak
    [2014/01/09 11:11:27 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klim6.sys.bak
    [2014/01/09 11:11:26 | 000,489,568 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys.bak
    [2014/01/09 11:11:26 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys.bak
    [2014/01/09 11:11:25 | 007,717,984 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys.bak
    [2014/01/09 11:11:21 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys.bak
    [2014/01/09 11:11:19 | 000,038,288 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\EpfwLWF.sys.bak
    [2014/01/09 11:11:18 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys.bak
    [2014/01/09 11:11:18 | 000,276,256 | ---- | M] (Digiarty Software, Inc.) -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys.bak
    [2014/01/09 11:11:13 | 000,194,128 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys.bak
    [2014/01/06 20:55:24 | 000,002,134 | ---- | M] () -- C:\Users\Gebruiker\Desktop\HT2.exe.lnk
    [2014/01/03 20:37:40 | 000,000,132 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
    [2014/01/02 17:08:51 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
    [2013/12/26 19:38:16 | 000,276,256 | ---- | M] (Digiarty Software, Inc.) -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys
    [2013/12/26 17:20:45 | 000,000,797 | ---- | M] () -- C:\Users\Gebruiker\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2013/12/23 23:04:36 | 000,063,289 | -H-- | M] () -- C:\Windows\SysWow64\BTImages.dat
    [2013/12/19 21:33:31 | 000,023,754 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
    [2013/12/19 06:01:48 | 003,539,040 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
    [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
    [2 C:\*.tmp files -> C:\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/01/11 12:21:41 | 001,233,962 | ---- | C] () -- C:\Users\Gebruiker\Desktop\adwcleaner.exe
    [2014/01/10 12:40:01 | 000,001,730 | ---- | C] () -- C:\Users\Gebruiker\Desktop\METAL GEAR RISING REVENGEANCE.exe - Snelkoppeling.lnk
    [2014/01/10 11:23:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/01/10 11:23:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/01/10 11:23:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/01/10 11:23:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/01/10 11:23:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2014/01/06 20:55:24 | 000,002,134 | ---- | C] () -- C:\Users\Gebruiker\Desktop\HT2.exe.lnk
    [2014/01/04 16:17:16 | 000,000,558 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task b6cad04d-b984-441b-bcef-c91b5343c104.job
    [2014/01/03 12:07:37 | 000,000,132 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
    [2013/12/30 01:31:20 | 000,001,182 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoStage Slideshow Producer.lnk
    [2013/12/15 16:01:33 | 000,041,216 | -H-- | C] () -- C:\rb20crk.dat
    [2013/08/26 23:43:36 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
    [2013/06/29 10:35:30 | 000,001,262 | RHS- | C] () -- C:\Users\Gebruiker\ntuser.pol
    [2013/05/10 14:03:37 | 000,001,456 | ---- | C] () -- C:\Users\Gebruiker\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2013/02/15 20:29:42 | 001,318,912 | ---- | C] () -- C:\Windows\SysWow64\glide3x.dll
    [2013/02/13 20:47:30 | 000,006,438 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/02/13 12:51:08 | 000,000,132 | ---- | C] () -- C:\Users\Gebruiker\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2012/12/19 16:49:06 | 000,000,036 | ---- | C] () -- C:\Users\Gebruiker\AppData\Local\housecall.guid.cache
    [2012/12/14 12:38:42 | 000,063,289 | -H-- | C] () -- C:\Windows\SysWow64\BTImages.dat
    [2012/11/30 12:56:19 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/11/30 12:56:09 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2012/11/10 23:34:33 | 000,000,040 | ---- | C] () -- C:\Users\Gebruiker\AppData\Roaming\burnaware.ini
    [2012/11/03 01:04:26 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\nglide_config.exe
    [2012/10/24 17:37:47 | 000,007,642 | ---- | C] () -- C:\Users\Gebruiker\AppData\Local\Resmon.ResmonCfg
    [2012/10/21 17:10:08 | 000,000,022 | ---- | C] () -- C:\Windows\WET.INI
    [2012/09/30 18:59:08 | 000,000,117 | ---- | C] () -- C:\Windows\SysWow64\service.exe.config
    [2012/09/28 17:50:10 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
    [2012/09/28 16:15:03 | 000,003,584 | ---- | C] () -- C:\Users\Gebruiker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/09/26 22:33:43 | 000,000,000 | -H-- | C] () -- C:\Users\Gebruiker\n
    [2012/09/26 21:18:54 | 000,000,979 | ---- | C] () -- C:\Windows\eReg.dat
    [2012/09/26 20:30:38 | 000,000,000 | -H-- | C] () -- C:\Users\Gebruiker\AppData\Roaming\Roaming.event
    [2012/09/26 20:30:37 | 000,000,000 | -H-- | C] () -- C:\Users\Gebruiker\AppData\Local\Local.event
    [2012/09/26 20:30:36 | 000,000,000 | -H-- | C] () -- C:\Users\Gebruiker\Gebruiker.event
    [2012/09/26 19:20:07 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
    [2012/09/26 19:02:23 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\pxhpinst.exe

    ========== ZeroAccess Check ==========

    [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/05/27 14:39:28 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Activision
    [2012/11/04 23:57:16 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\AlcaTech
    [2012/12/19 16:01:03 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Anvisoft
    [2012/09/26 20:30:44 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Ashampoo
    [2014/01/11 12:25:52 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\CheckPoint
    [2013/05/01 23:42:26 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Cobra Mobile
    [2013/05/14 14:15:55 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Command and Conquer 3 Tiberium Wars
    [2012/11/04 23:57:17 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Convivea
    [2013/01/13 15:22:34 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Curiolab
    [2012/11/04 23:57:17 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\DAEMON Tools
    [2013/02/18 22:12:37 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\DAEMON Tools Lite
    [2012/12/21 11:36:17 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\DAEMON Tools Pro
    [2012/11/04 23:57:17 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\DeadMage
    [2013/12/26 19:38:15 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Digiarty
    [2014/01/06 21:46:29 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\DigiStudio
    [2013/05/01 23:42:26 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Doublefine
    [2012/11/04 23:57:17 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Eltima Software
    [2012/09/26 20:30:44 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\ESET
    [2013/05/14 14:15:56 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\FEZ
    [2012/11/04 23:57:18 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\GlobalSCAPE
    [2013/03/14 21:41:39 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\ImgBurn
    [2012/11/04 23:57:18 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\ImTOO
    [2013/11/24 22:43:21 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Injustice
    [2012/09/26 20:30:44 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\InterTrust
    [2012/09/26 20:30:44 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\IrfanView
    [2013/10/05 20:53:45 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Kalypso Media
    [2013/05/01 23:42:27 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\log
    [2014/01/09 01:01:02 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\MAGIX
    [2012/09/26 20:30:45 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\MailFrontier
    [2012/11/04 23:57:18 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Milestone
    [2013/07/14 21:35:27 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\MKKE
    [2012/09/26 20:30:45 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\No Company Name
    [2013/12/26 14:33:19 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Omerta
    [2013/08/26 23:45:07 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\PD Design Studio
    [2012/11/04 23:57:19 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Red Alert 3
    [2013/10/16 19:38:16 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\sc68
    [2012/11/04 23:57:19 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Smith Micro
    [2013/05/01 23:42:27 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\StarDrive
    [2013/05/01 23:42:27 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\StarTrekPC
    [2013/12/10 21:26:39 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\SUPERAntiSpyware.5.6.1040
    [2013/09/04 21:57:59 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\The Creative Assembly
    [2013/08/27 21:55:49 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\The First Templar
    [2013/01/13 15:22:35 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Theta
    [2013/12/29 13:01:43 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\tixati
    [2013/11/03 21:23:14 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Tropico 4
    [2012/09/26 20:30:50 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Ulead Systems
    [2014/01/11 12:25:41 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\uTorrent
    [2013/01/13 15:22:35 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Verzendmap van Share-to-Web
    [2012/09/26 20:30:45 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Virtual Mechanics
    [2013/05/24 11:26:24 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Vso
    [2013/08/26 21:16:57 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Wayforward Technologies
    [2013/05/01 23:42:27 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\ZOO Digital Publishing

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:07BF512B

    < End of report >
    Last edited by sitewizard; January 11th, 2014 at 08:03 AM.
    I don't bite,
    So be Nice.

  3. #18
    Join Date
    Dec 2006
    Location
    belgium
    Posts
    272
    OTL Extras logfile created on: 11/01/2014 12:47:06 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gebruiker\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16428)
    Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

    15,98 Gb Total Physical Memory | 14,10 Gb Available Physical Memory | 88,20% Memory free
    31,96 Gb Paging File | 30,02 Gb Available in Paging File | 93,92% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 491,96 Gb Total Space | 213,26 Gb Free Space | 43,35% Space Free | Partition Type: NTFS
    Drive D: | 439,45 Gb Total Space | 82,78 Gb Free Space | 18,84% Space Free | Partition Type: NTFS
    Drive E: | 74,51 Gb Total Space | 20,67 Gb Free Space | 27,75% Space Free | Partition Type: FAT32
    Drive F: | 74,51 Gb Total Space | 12,32 Gb Free Space | 16,54% Space Free | Partition Type: FAT32
    Drive I: | 1,08 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
    Drive J: | 524,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
    Drive K: | 1862,98 Gb Total Space | 1534,93 Gb Free Space | 82,39% Space Free | Partition Type: NTFS

    Computer Name: GEBRUIK-R3TI979 | User Name: Gebruiker | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2359379116-2292543063-101763817-1000\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [Create slideshow with PhotoStage Slideshow Producer] -- "C:\Program Files (x86)\NCH Software\PhotoStage\photostage.exe" "%L"
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Open Command Prompt Here] -- cmd.exe /T:4F /K cd %1 (Microsoft Corporation)
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [Create slideshow with PhotoStage Slideshow Producer] -- "C:\Program Files (x86)\NCH Software\PhotoStage\photostage.exe" "%L"
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Open Command Prompt Here] -- cmd.exe /T:4F /K cd %1 (Microsoft Corporation)
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0073B58B-54DA-4B4D-A052-92E0C45F2A1B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{1855880C-A1F2-4382-8BBC-07F3F227BE30}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
    "{42AEF53E-0518-4016-A044-7C190C83D6EC}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{4E7D6804-1866-4B16-B011-420FC23BA8B2}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
    "{5D5F3DCC-5CE0-4712-AFA3-95D7E084E0C7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
    "{5E1CA198-EAEE-4E42-BF68-59CDD5366102}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{656D4A3C-137D-4DE1-8953-ADAA75D945B9}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{6D9F9728-AAB1-4F55-A0A3-815ACCBBC90C}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
    "{7741F605-56AA-463C-818D-E648FC892B78}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
    "{B4CB6194-B80D-49E9-9889-61716DF590F6}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{B886D00A-69C0-45D3-8967-8EC6F9F6BE0E}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{D18A3B5A-19AF-4DC5-B10E-CCCA52C1A9DA}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{D200F42B-AA3A-4A87-80FC-F23A90075FD0}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{D687BFFF-8099-42A7-9B49-7138B3705FFE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
    "{E24F40A4-2C57-4389-83D5-51F064B63088}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
    "{ECB58D1D-796F-4EC4-83EF-AAD10A23A6F1}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00E2BC73-13DA-4333-81BC-BFEF3FDD40EC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{0A20CBAA-DEE9-4C56-9876-A20CA831577F}" = protocol=6 | dir=in | app=c:\program files\smith micro\anime studio pro 9\anime studio pro.exe |
    "{0D689F7D-2F78-4C03-A67E-8435F65FC275}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{1425356C-1C24-48E7-A341-3271B7FA4A9B}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{1D58D26A-3A87-459C-B384-3B3C64EEF20F}" = protocol=17 | dir=in | app=c:\users\gebruiker\downloads\expressfiles\expressfiles.exe |
    "{2E7D3AF0-2EDB-4784-BF6F-A489BEB4536C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x. 2\support\gameupdater\gu_dx9\gu.exe |
    "{33FAC9DE-0AD6-4896-A3ED-41902082D8EA}" = protocol=17 | dir=in | app=c:\adobe creative suite 2\adobe version cue cs2\bin\versioncuecs2.exe |
    "{40273ACD-271A-4365-B6A7-9549DDF0C53A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
    "{43B9C3DB-CE47-420A-AFD4-B8C18060B7D5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x. 2\support\gameupdater\gu_dx11\gu.exe |
    "{50413150-5DE6-4CA5-8B4E-C6E66F8D8489}" = protocol=17 | dir=in | app=c:\program files\smith micro\anime studio pro 9\anime studio pro.exe |
    "{58A20979-01A2-49DE-A1AD-46ECBD472FBB}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |
    "{58E0C302-7D76-4FA4-8D3D-B0C173FE0ED1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{5CD80C6D-AEBE-4B99-BDDF-AC7271AC712B}" = protocol=6 | dir=in | app=c:\users\gebruiker\downloads\expressfiles\expressdl.exe |
    "{6086D2B4-C861-4FA8-9091-A235AFBA08D2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{6CFF0F86-33A8-412A-9605-9E7C4051F22E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{8043A164-2181-4D2B-80A6-C9AEC7603AFF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{82A5938F-430E-46B7-8904-6DC1C43FC514}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp software update\hpwucli.exe |
    "{8E56231B-AFC2-4478-AB2D-311961D19784}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpqscnvw.exe |
    "{95D1A459-6FBA-48FA-B785-53566034952D}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |
    "{993E2CD0-B7B7-4792-9CCF-ABBDF8701B7E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
    "{A7970284-6971-4A63-A263-8185F5FAFF83}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
    "{AE24155B-C84F-41F4-B820-CFAC2E70C856}" = protocol=17 | dir=in | app=c:\users\gebruiker\downloads\expressfiles\expressdl.exe |
    "{B706CCD5-EDE9-4E9B-933F-0754D0DFA508}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
    "{BDB8A6B2-37A0-43CE-B095-03C5374F87CC}" = protocol=6 | dir=in | app=c:\adobe creative suite 2\adobe version cue cs2\bin\versioncuecs2.exe |
    "{C76A18AA-F4A1-4A5C-A3A5-8479D68D1BBF}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{E26AF571-3293-41EA-86A9-79B005A7211C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x. 2\support\gameupdater\gu_dx9\gu.exe |
    "{EBA18383-5C76-488F-AB26-A41CCA7D7B1B}" = protocol=6 | dir=in | app=c:\program files (x86)\smith micro\anime studio pro 9\anime studio pro.exe |
    "{EFDD1E70-80C4-497D-8874-43BBF4C6CA55}" = dir=out | app=c:\utorent downloads\pc_starcraft.ii.heart.of.the.swarm.full-rip.-tptb\starcraft ii heart of the swarm\versions\base24944\sc2.exe |
    "{F2A8857A-DA42-4DB2-8AF7-A7C7011FF1CA}" = protocol=6 | dir=in | app=c:\users\gebruiker\downloads\expressfiles\expressfiles.exe |
    "{F595651E-A31A-40F2-93B8-8FE0CC06FC46}" = protocol=17 | dir=in | app=c:\program files (x86)\smith micro\anime studio pro 9\anime studio pro.exe |
    "{F876F85C-8BB4-4D31-9BA6-62B38750217B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x. 2\support\gameupdater\gu_dx11\gu.exe |
    "{FC996E60-7DBE-4695-A510-17F90539AD34}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpqkygrp.exe |
    "TCP Query User{1D0D511A-A856-46F7-8C93-BBD573717B36}C:\utorent downloads\zombie.tycoon.2.brainhov's.revenge-tptb\zombie tycoon 2 brainhov's revenge\binaries\win32\zombiegame.exe" = protocol=6 | dir=in | app=c:\utorent downloads\zombie.tycoon.2.brainhov's.revenge-tptb\zombie tycoon 2 brainhov's revenge\binaries\win32\zombiegame.exe |
    "TCP Query User{349FCD71-AE90-4294-AB1F-5B8A5E8A2110}C:\utorent downloads\renegade.ops.collection-tptb\renegade ops colleciton\renegadeops.exe" = protocol=6 | dir=in | app=c:\utorent downloads\renegade.ops.collection-tptb\renegade ops colleciton\renegadeops.exe |
    "TCP Query User{40B085D9-C072-4CDE-981C-1EF266F6317B}C:\utorent downloads\pc_god.mode.full-rip.-tptb\god mode\bin\godmode.exe" = protocol=6 | dir=in | app=c:\utorent downloads\pc_god.mode.full-rip.-tptb\god mode\bin\godmode.exe |
    "TCP Query User{4E421E4C-7E8E-4D77-A71F-A9568A6C8BF1}C:\utorent downloads\pc-dead space-teamcrossfire\dead spcae\dead space.exe" = protocol=6 | dir=in | app=c:\utorent downloads\pc-dead space-teamcrossfire\dead spcae\dead space.exe |
    "TCP Query User{A37BA5C8-5EC6-47CF-9419-27BC7D465756}C:\utorent downloads\pc_sniper.ghost.warrior.2.full-rip.-tptb\sniper.ghost.warrior.2\bin32\sniperghostwarrior2.exe" = protocol=6 | dir=in | app=c:\utorent downloads\pc_sniper.ghost.warrior.2.full-rip.-tptb\sniper.ghost.warrior.2\bin32\sniperghostwarrior2.exe |
    "TCP Query User{BEABFFB0-2927-4BCF-8D73-F5B85A32A4B0}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
    "TCP Query User{C94B9808-132A-4B1C-9D50-41251DED4B7C}C:\utorent downloads\pc_saints.row.iv.rip.-tptb\saints row iv\saintsrowiv.exe" = protocol=6 | dir=in | app=c:\utorent downloads\pc_saints.row.iv.rip.-tptb\saints row iv\saintsrowiv.exe |
    "TCP Query User{D3BA41A1-D192-4512-A21B-88306761706C}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
    "TCP Query User{D5BF8CEA-9E68-4B40-B256-B329B7167A54}C:\program files (x86)\tixati\tixati.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tixati\tixati.exe |
    "TCP Query User{D9793E53-677B-4DD7-A3BC-555C3263A076}C:\utorent downloads\pc_borderlands.2.game.of.the.year.edition.rip.-tptb\borderlands 2 game of the year edition\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\utorent downloads\pc_borderlands.2.game.of.the.year.edition.rip.-tptb\borderlands 2 game of the year edition\binaries\win32\borderlands2.exe |
    "TCP Query User{F73BFD96-26E6-4D8A-9A30-AD83BECF19EA}C:\utorent downloads\pc-saints row the third complete collection-teamcrossfire\saintsrowthethird.exe" = protocol=6 | dir=in | app=c:\utorent downloads\pc-saints row the third complete collection-teamcrossfire\saintsrowthethird.exe |
    "UDP Query User{0690FC15-D45F-4691-A349-972177A66448}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
    "UDP Query User{40DDBACC-24A3-4D7D-B4AA-6D11636A2657}C:\utorent downloads\pc_borderlands.2.game.of.the.year.edition.rip.-tptb\borderlands 2 game of the year edition\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\utorent downloads\pc_borderlands.2.game.of.the.year.edition.rip.-tptb\borderlands 2 game of the year edition\binaries\win32\borderlands2.exe |
    "UDP Query User{5A103FFB-B151-42DE-9BA5-4834C5D2B8F0}C:\utorent downloads\pc_saints.row.iv.rip.-tptb\saints row iv\saintsrowiv.exe" = protocol=17 | dir=in | app=c:\utorent downloads\pc_saints.row.iv.rip.-tptb\saints row iv\saintsrowiv.exe |
    "UDP Query User{89DABE10-9550-45C0-998E-8BC21C4B9CD1}C:\utorent downloads\renegade.ops.collection-tptb\renegade ops colleciton\renegadeops.exe" = protocol=17 | dir=in | app=c:\utorent downloads\renegade.ops.collection-tptb\renegade ops colleciton\renegadeops.exe |
    "UDP Query User{904700B4-D024-4D0E-B17A-87B99A995117}C:\utorent downloads\pc_god.mode.full-rip.-tptb\god mode\bin\godmode.exe" = protocol=17 | dir=in | app=c:\utorent downloads\pc_god.mode.full-rip.-tptb\god mode\bin\godmode.exe |
    "UDP Query User{9D7C6BA5-7C0D-4D57-8F19-1CA49F6548E5}C:\utorent downloads\pc-dead space-teamcrossfire\dead spcae\dead space.exe" = protocol=17 | dir=in | app=c:\utorent downloads\pc-dead space-teamcrossfire\dead spcae\dead space.exe |
    "UDP Query User{D909A1D1-D269-4D5C-B4D3-C532D2228FD3}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
    "UDP Query User{DC91935E-4F8B-4378-A650-7721A726ADB8}C:\utorent downloads\zombie.tycoon.2.brainhov's.revenge-tptb\zombie tycoon 2 brainhov's revenge\binaries\win32\zombiegame.exe" = protocol=17 | dir=in | app=c:\utorent downloads\zombie.tycoon.2.brainhov's.revenge-tptb\zombie tycoon 2 brainhov's revenge\binaries\win32\zombiegame.exe |
    "UDP Query User{E1EDBB29-88A7-42FA-8C89-5CA8DB67D054}C:\utorent downloads\pc_sniper.ghost.warrior.2.full-rip.-tptb\sniper.ghost.warrior.2\bin32\sniperghostwarrior2.exe" = protocol=17 | dir=in | app=c:\utorent downloads\pc_sniper.ghost.warrior.2.full-rip.-tptb\sniper.ghost.warrior.2\bin32\sniperghostwarrior2.exe |
    "UDP Query User{F6D4CD5A-3240-4511-AD6D-11BD0361E474}C:\program files (x86)\tixati\tixati.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tixati\tixati.exe |
    "UDP Query User{FE5324CF-851F-4849-9C43-BBFD35B08D17}C:\utorent downloads\pc-saints row the third complete collection-teamcrossfire\saintsrowthethird.exe" = protocol=17 | dir=in | app=c:\utorent downloads\pc-saints row the third complete collection-teamcrossfire\saintsrowthethird.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{021B6358-4373-3FC0-A0B4-4709B7E0D3E5}" = Microsoft .NET Framework 4 Extended NLD Language Pack
    "{056913A2-B256-4C31-8884-8AB78AF764F4}" = MAGIX Speed burnR (MSI)
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable - x64 8.0.56336 False
    "{088A4B09-8FB2-48D0-932A-7F90BE050543}" = MAGIX Music Maker 2014 Premium
    "{095A41CD-2500-4783-AE28-87E05653CDE7}" = MAGIX Music Maker 2014 Premium Soundpools
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{1EA1B671-0720-431A-94BC-4474F1B7D99B}" = Xara Designer Pro X
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
    "{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
    "{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64
    "{2C26196F-28C9-4DE0-9683-F630788DA057}" = Microsoft Kinect Runtime v1.0
    "{2DFD8316-9EF1-3210-908C-4CB61961C1AC}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 False
    "{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 False
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.0 False
    "{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
    "{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}" = Microsoft Server Speech Platform Runtime (x64)
    "{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 False
    "{3CAD92B3-6BA0-44A4-A546-162520A80BB3}" = Vita Pop Brass
    "{4567EA14-6BCA-3EF9-859B-92CE48B1D704}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 False
    "{4BA5297E-60A6-4F18-9AAC-25A878C4E38C}" = MAGIX Music Maker 2014 Premium (Introductory videos)
    "{4F6B2EA9-4598-4653-B13A-E27AA387DC9B}" = Vita Vintage Organ
    "{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 False
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{65444C65-5D63-4D20-82EC-F182656B0786}" = Vita Drum Engine
    "{6BE8D68C-4C81-423F-8C83-D779F801F1D1}" = Share64
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable - x64 8.0.59192 False
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable - x64 8.0.50727.42 False
    "{6F1F7E62-A579-434C-9610-F6FE2930C02E}" = MAGIX Music Maker 2014 Soundpools
    "{712D74A5-4C3D-41E6-A850-1696E54B28CD}" = MAGIX Burn routines
    "{7147EBDC-A663-4BCA-9E18-EFF6E439A361}" = driver.ghenius.x64okee
    "{72510287-CB56-494C-A719-683B051F76EC}" = MAGIX Movie Edit Pro 2014 Premium
    "{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 False
    "{773A4DDC-3B52-42C7-8B7A-52369B9A390B}" = MAGIX Music Maker 2014 Premium (Synthesizer and effects)
    "{77C4AF18-19ED-489E-84D3-203E3862F6BC}" = Extra inhoud Vita 2
    "{7A22C523-501D-4FD2-B9AD-BBEE8AFAED44}" = Vita Jazz Drums
    "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
    "{806DD11F-26DB-470D-86A0-EE9E506E6139}" = Microsoft Kinect Drivers v1.0
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 False
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.5570 False
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2007
    "{91415F19-4C22-3609-A105-92ED3522D83C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 False
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
    "{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 False
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{A6A5590A-0FF9-4FD9-AD8D-17B5BCBE06F5}" = MAGIX Music Maker 2014 Premium (Visuals)
    "{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable - x64 8.0.51011 False
    "{ABEC907D-8E0F-48A5-9ED6-8EEA09077AC6}" = Microsoft Kinect SDK v1.0
    "{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 False
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision stuurprogramma 332.21
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA-configuratiescherm 332.21
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafisch stuurprogramma 332.21
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.1
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision controllerstuurprogramma 332.21
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX systeemsoftware 9.13.0725
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 10.11.15
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio-stuurprogramma 1.3.30.1
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 10.11.15
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.19
    "{B4477203-41E1-40CE-9B31-1EA0E22E7084}" = Vita 2
    "{B5145D63-8F03-40B0-A337-43C005438B5B}" = Vita Power Guitar
    "{B807FEBE-E253-4B7E-B23F-364873478065}" = MAGIX Music Maker 2014 Premium (Demo songs)
    "{BBBE35B2-9349-3C48-BD3D-F574B17C7924}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 False
    "{C1ED55D0-8C1A-4E62-8B11-73A55B001041}" = MAGIX Video deluxe 2014 Premium Update
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
    "{D04659D1-EB2D-3DE5-A833-837A623CCCF7}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 False
    "{D93AC9C8-B6CF-391E-BD2F-48AF4727476C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411 False
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 Redistributable - x64 10.0.30319 False
    "{f45b48a7-f616-4211-b927-17cab6a96613}" = Microsoft Visual C++ 2005 Redistributable - x64 8.0.58298 False
    "{FA28DEC6-ECC8-4787-B551-93F0C2778579}" = Vita Electric Piano
    "{FA7FF0B9-7F88-4C02-AA4A-B500467EDAF1}" = MAGIX Music Maker 2014 Premium Update
    "ASP900_is1" = Anime Studio Pro 9.0
    "CCleaner" = CCleaner
    "Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
    "Microsoft .NET Framework 4 Extended NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Extended - NLD
    "Sniper Elite: Nazi Zombie Army_is1" = Sniper Elite: Nazi Zombie Army
    "WinX DVD Copy Pro_is1" = WinX DVD Copy Pro 3.5.0
    I don't bite,
    So be Nice.

  4. #19
    Join Date
    Dec 2006
    Location
    belgium
    Posts
    272
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{0B995C72-758B-4A21-BF9B-44E6FE268313}" = Corel Digital Studio 2010
    "{0071820F-09B0-4998-8320-F89629DCBC99}" = Nero BackItUp
    "{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
    "{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}" = Adobe Audition 2.0
    "{01db25f3-1b76-4d97-88c8-1c90634d88fb}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 False
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media
    "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False
    "{05C6B128-1B40-4495-9CB9-090B368BFA0A}" = Nero Video Samples
    "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
    "{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM)
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0A64AA64-B438-49F0-9C14-5E465C617372}" = Setup
    "{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM)
    "{0B995C72-758B-4A21-BF9B-44E6FE268313}" = ICA
    "{0f12c81f-93ef-46ec-bc94-d952c1a775d4}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 False
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{0F99457D-9D88-4CB8-8E7D-5B7C464CA8CE}}_is1" = TBS Cover Editor 2.1
    "{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
    "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
    "{150D88F1-40AF-4678-A39D-BCE2332F34E5}" = Nero Abstract Themes
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19023B3C-00D0-4BBD-A753-C0B068B10798}" = Gadget
    "{1943C3BD-4462-4612-92C3-D36DD917C447}" = Nero Recode
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic
    "{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM)
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False
    "{20DFB114-5520-4BEE-B276-4A4204E1FBB4}" = PureHD
    "{22856BC3-F893-4CBF-95F2-E1F63CD2B1AB}" = Nero Video Transitions 1
    "{22CB8ED7-DF57-4864-BD04-F63B9CE4B494}" = Microsoft Server Speech Platform Runtime (x86)
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{236BB7C4-4419-42FD-0413-1E257A25E34D}" = Adobe Photoshop CS2
    "{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
    "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
    "{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM)
    "{29E2C1C6-D76A-41D3-980F-6E346AA9A6A8}" = Nero Cliparts
    "{29F67D84-3A70-456E-806A-52301B02070B}" = Nero Effects Basic
    "{2A780209-2A41-4C75-932A-F6F0390D430A}" = Adobe Photoshop CS2 Functional Content
    "{2af972c7-13b0-4978-92a8-fee26a4fb4e9}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{2DD9C2F1-CC6E-449D-935B-4111396EF19F}" = MLE
    "{2ECE7ECE-D15B-4999-8B8D-01C998F489D5}" = Adobe Encore DVD 2.0
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
    "{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 False
    "{334AB98D-DE72-4A9E-A486-2F12AC2FA111}" = SiteSpinner Pro V2
    "{35459b22-19a6-44ec-8d34-27eb3131acac}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 False
    "{355BCF4B-A2A6-46F1-A33E-FA8D6B1794C7}" = SiteSpinner V2
    "{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}" = Firebird SQL Server - MAGIX Edition
    "{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
    "{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 False
    "{3F380A3D-695A-4199-B026-A811A9FC6D91}" = Nero CoverDesigner
    "{414212D5-6E70-4CF1-97E7-B2AB77D131EA}" = DVDF10
    "{46548E80-0413-0000-7E8A-45000F855001}" = Adobe GoLive CS2
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4D25D881-7183-462F-95C8-990CA1944E0B}" = Nero PiP Effects 1
    "{4E52D627-F326-40DB-A74F-8C91BA6D88C6}" = Nero CoverDesigner
    "{4E7AC009-5212-499F-942F-A5AA42AE359E}" = Nero 12 Content Pack
    "{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 voor Windows
    "{504D84ED-AE75-4F85-A68B-BB3D4CB3E169}" = Nero Holiday and Sports Themes
    "{51adbf11-493f-431c-a862-967a0fae2944}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
    "{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.1.0.1
    "{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{55938E68-F7B3-42B1-9317-60D44067869C}" = ZoneAlarm Antivirus
    "{560FC78C-A4B2-461D-9B47-820C1EEF87B8}" = Nero 12
    "{57922B53-02D4-4DFC-AC24-A3519DC1F49A}" = Adobe Premiere Pro FC
    "{5963F4B4-D138-47CD-ADEF-470E87E185BD}" = Nero Burning ROM
    "{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False
    "{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM)
    "{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD 2010
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{615bc16d-60f5-482e-91b3-b51d8130963b}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 False
    "{624885E1-2458-4F12-A975-EA368C3523FA}" = DeviceIO
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{652BCEE6-463A-4A8E-A6E3-FCFED88345E0}" = VDS10
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{6BCD1560-6292-4A70-A808-C0FE414A7DB4}" = Contents
    "{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 False
    "{6c95b50e-cb5a-4a1f-a7b4-8a6004f8dd6a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 False
    "{6CC93102-135E-49E2-99A4-C431E671C12A}" = HP Photo and Imaging 2.0 - Scanners
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False
    "{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
    "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
    "{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
    "{7BD7A4BF-EA64-4BFE-A9D3-3FDC9B6EFC23}" = Nero Football (Soccer) Themes
    "{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
    "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
    "{828175FA-7307-4DBF-95AD-9CEE086B6F45}" = Welcome App (Start-up experience)
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False
    "{83A4E573-E2C2-46FB-9DA6-6A2BBBF5A588}" = Nero Retro Film Themes
    "{83FCCFCD-46E3-43FB-A397-78BFD5A8980A}" = Nero Video
    "{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express
    "{86847081-B387-4F49-AED1-C9B0A090D66C}" = Nero Recode Help (CHM)
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8AAA44BB-487E-4D01-AF76-484ACB90DBFE}" = Microsoft Kinect Speech Recognition Language Pack (en-US)
    "{8B5AD338-7ABC-4ECB-9C2C-687F84AEDDB1}" = Nero Platinum Effects 12
    "{8D853998-1055-4E45-B99E-F5039C502831}" = Photo Notifier and Animation Creator
    "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
    "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
    "{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
    "{90120000-0015-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
    "{90120000-0016-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
    "{90120000-0018-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
    "{90120000-0019-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
    "{90120000-001A-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
    "{90120000-001B-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
    "{90120000-001F-0413-0000-0000000FF1CE}_ENTERPRISE_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0413-1000-0000000FF1CE}_ENTERPRISE_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007
    "{90120000-0044-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
    "{90120000-006E-0413-0000-0000000FF1CE}_ENTERPRISE_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
    "{90120000-00A1-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2007
    "{90120000-00BA-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91B33C97-3197-5D05-4176-1BD0B43C7AD8}_is1" = Ashampoo Video Styler v.1.0.1
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{954146E0-49FF-4039-AF58-2257506C7D45}" = ZoneAlarm Firewall
    "{955BF340-C379-4375-AA2F-F3BCB2A498AB}" = Nero Family and Events Themes
    "{998AD896-5B25-466D-8D56-CC0CC9228A68}" = Adobe Audition 2.0 Loopology Content
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C7C04AB-4B97-49DB-88A0-454795349008}" = Nero CoverDesigner Help (CHM)
    "{9CCB8F6D-33FC-4E79-8616-7BE5DF32A955}" = BPM-Studio 4 Demo
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False
    "{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
    "{a2199617-3609-410f-a8e8-e8806c73545b}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
    "{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False
    "{a72ce741-1f32-4d79-bffb-a714375c678d}_is1" = Bigasoft Total Video Converter 3.5.18.4353
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
    "{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.5.128
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AAB061B3-99A6-4EE5-93F4-6EB1F60295C4}" = Adobe Production Studio
    "{AB18B0BA-A08F-48B8-8D0E-AA9DDDCA22EA}" = CuteFTP 6 Professional
    "{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
    "{AC76BA86-1030-D700-7760-100000000002}" = Adobe Acrobat 7.0 Professional - Dansk, Nederlands
    "{AC76BA86-7AD7-1043-7B44-AB0000000001}" = Adobe Reader XI (11.0.05) - Nederlands
    "{ACE49D50-19CD-44A6-B192-46F985283B26}" = Nero PiP Effects Basic
    "{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
    "{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
    "{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
    "{B128179D-A5E1-43AC-9422-12A109ECD2A0}" = Nero Video Help (CHM)
    "{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
    "{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
    "{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
    "{B3B7836C-A1AD-4A56-811C-C18ABDE5EAAD}" = Adobe Video Suite Extras
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B74D4E10-0000-0000-0000-EDED00000102}" = Adobe ExtendScript Toolkit 1.0
    "{B769E2BD-8A06-4B03-9496-5B991025A2C6}" = ZoneAlarm Security
    "{B953732D-B623-4E84-B369-CFFF7B1AE06F}" = Nero RescueAgent
    "{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
    "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
    "{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
    "{C4C6DF25-0E59-46EE-B24B-DF8749D8FF3A}" = Nero Image Samples
    "{C9736F27-3CFC-4AF9-B2A7-5B1A54B1A84F}" = SFV Checker
    "{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
    "{CDFF966D-6D05-4E17-B9E2-B1F2A9B92B4B}" = simplitec simplicheck
    "{CE675FBD-75C3-45F1-B6AF-8D250861D536}" = Nero Disc Menus 3
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1" = Bit Che
    "{DA0BF7AB-88EB-4675-8FA1-531EAD938821}" = SnagIt 8
    "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
    "{DCB46B42-723F-350E-B18A-449BC6C21636}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False
    "{DD362256-A7A2-4524-9457-213DDC2AFC2A}" = Adobe After Effects 7.0
    "{dde2682b-961a-41ea-8d44-6005991b7947}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 False
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{E0B7F981-EA26-491A-A975-E3AB4748E9FA}" = Share
    "{E0EF9C75-60EA-4DFB-A537-2A9E0C2E2056}" = PSPH10
    "{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}" = Nero Disc Menus Basic
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False
    "{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 False
    "{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 False
    "{EC1963C6-8EA9-40DF-8CD7-F63E174FCAEC}" = Adobe After Effects 7.0 Functional Content
    "{EE19A4C4-AA74-4AA7-9264-B322B877BFA7}" = IPM_SU
    "{EEBF1676-AF87-4266-93D8-0C14A34C4217}" = Nero Disc Menus 1
    "{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM)
    "{f0080ca2-80ae-4958-b6eb-e8fa916d744a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
    "{F3FA8952-2C42-452A-BA22-2F7BDEC8D310}" = VIO
    "{F6F6C08A-ED6F-4968-8292-A08E9F02584F}" = Adobe Encore DVD FC
    "{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
    "{F92064F6-BDE8-46FC-A19F-4E12D311BE3A}" = Windows 7 USB/DVD Download Tool
    "{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0
    "{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 False
    "{FDFE5E63-116A-4655-9B4D-29F4AFE441B3}" = IncrediMail
    "{FE81E6B5-652B-40E7-B3B2-7171C6F297DA}" = Nero Disc Menus 2
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False
    "7-Zip" = 7-Zip 9.20
    "ACPsoft PDF Converter" = ACPsoft PDF Converter
    "Add/Remove Pro (Freeware)_is1" = Add/Remove Pro (Freeware)
    "Adobe Acrobat 5.0" = Adobe Acrobat 5.0
    "Adobe AIR" = Adobe AIR
    "Adobe Audition 2.0" = Adobe Audition 2.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0
    "Adobe Shockwave Player" = Adobe Shockwave Player 12.0
    "Alcatech BPM Studio Professional v4.9.1" = Alcatech BPM Studio Professional v4.9.1
    "Ashampoo Burning Studio 2012 CBE_is1" = Ashampoo Burning Studio 2012 CBE v.11.0.4
    "ASP900_is1" = Anime Studio Pro 9.0 (x86)
    "BurnAware Free_is1" = BurnAware Free 5.3
    "CD Menu Studio_is1" = CD Menu Studio version 2.0
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Cool Edit Pro 2.0" = Cool Edit Pro 2.0
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "DigiStudio_is1" = DigiStudio 9.3.1
    "DivX Setup" = DivX Setup
    "DVD Menu Studio_is1" = DVD Menu Studio 1.1
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Extra Screen Capture Pro_is1" = Extra Screen Capture Pro 6.49
    "Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete
    "HijackThis" = HijackThis 2.0.2
    "ImgBurn" = ImgBurn
    "ImTOO DVD Creator 6" = ImTOO DVD Creator 6
    "IncrediMail" = IncrediMail 2.0
    "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "InstallShield_{AB18B0BA-A08F-48B8-8D0E-AA9DDDCA22EA}" = CuteFTP 6 Professional
    "InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
    "IrfanView" = IrfanView (remove only)
    "Kibisis_1.0" = Kibisis 1.0
    "MagicFlare_1.0" = Magic Flare 1.0
    "MAGIX_{056913A2-B256-4C31-8884-8AB78AF764F4}" = MAGIX Speed burnR (MSI)
    "MAGIX_{1EA1B671-0720-431A-94BC-4474F1B7D99B}" = Xara Designer Pro X
    "MAGIX_GlobalContent" = MAGIX Content en soundpools
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Matroska" = Matroska (remove only)
    "MKV Player_is1" = MKV Player 2.0
    "Mortal Kombat Komplete Ed._is1" = Mortal Kombat Komplete Ed. version 1.0.0
    "Mozilla Firefox 26.0 (x86 nl)" = Mozilla Firefox 26.0 (x86 nl)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "mv61xxDriver" = marvell 61xx
    "MX.{088A4B09-8FB2-48D0-932A-7F90BE050543}" = MAGIX Music Maker 2014 Premium
    "MX.{4BA5297E-60A6-4F18-9AAC-25A878C4E38C}" = MAGIX Music Maker 2014 Premium (Introductory videos)
    "MX.{72510287-CB56-494C-A719-683B051F76EC}" = MAGIX Movie Edit Pro 2014 Premium
    "MX.{773A4DDC-3B52-42C7-8B7A-52369B9A390B}" = MAGIX Music Maker 2014 Premium (Synthesizer and effects)
    "MX.{A6A5590A-0FF9-4FD9-AD8D-17B5BCBE06F5}" = MAGIX Music Maker 2014 Premium (Visuals)
    "MX.{B807FEBE-E253-4B7E-B23F-364873478065}" = MAGIX Music Maker 2014 Premium (Demo songs)
    "nGlide" = nGlide 1.01
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OpenAL" = OpenAL
    "Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
    "PhotoStage" = PhotoStage Slideshow Producer
    "QuickSFV" = QuickSFV (Remove only)
    "RADVideo" = RAD Video Tools
    "ReBirth Modpacker v1.0" = ReBirth Modpacker v1.0
    "ReBirth RB-338 2.0 fix1" = ReBirth RB-338 2.0 fix1
    "Sniper Elite N.Z Army 2_is1" = Sniper Elite N.Z Army 2 version 1.0.0
    "Sniper Elite: Nazi Zombie Army_is1" = Sniper Elite: Nazi Zombie Army
    "StreamingStar Video Capture_is1" = StreamingStarVideoCapture
    "SWF & FLV Player_is1" = SWF & FLV Player 3.0 (build 3.0.33.5106)
    "tixati" = Tixati
    "UltraISO_is1" = UltraISO Premium V9.52
    "uTorrent" = µTorrent
    "Winamp" = Winamp
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "WinRAR archiver" = WinRAR archiver
    "Wondershare Flash Gallery Factory Standard_is1" = Wondershare Flash Gallery Factory Standard 5.2.1.15
    "Wondershare Video Editor_is1" = Wondershare Video Editor(Build 3.5.1)
    "ZoneAlarm Do Not Track Add-on_is1" = ZoneAlarm Do Not Track Add-on 2.2.5.1213
    "ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2359379116-2292543063-101763817-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "uTorrent" = µTorrent
    "Winamp Detect" = Winamp Applicatie Detect

    ========== Last 20 Event Log Errors ==========

    [ OSession Events ]
    Error - 27/12/2013 19:09:47 | Computer Name = GEBRUIK-R3TI979 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 10/01/2014 6:22:07 | Computer Name = GEBRUIK-R3TI979 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 197
    seconds with 120 seconds of active time. This session ended with a crash.


    < End of report >
    I don't bite,
    So be Nice.

  5. #20
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    What's the story with your AV program?
    DDS indicated that you have ZoneAlarm Security Suite installed.
    Right now I can only see parts of it running and on a top of it I can see some Kaspersky's leftovers.

  6. #21
    Join Date
    Dec 2006
    Location
    belgium
    Posts
    272
    yes I use ZoneAlarm Security Suite.

    but I think OTL have made some changes in IE 11.

    I can't install google toolbar anymore it is like blocked ...
    I liked this one because off the popup blocker.
    I don't bite,
    So be Nice.

  7. #22
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    OTL is just a scanner. It doesn't make any changes.

    At this point I'd like to repost one of my rules:
    Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following


    Code:
    :OTL
    DRV:64bit: - [2013/10/09 01:31:54 | 000,489,568 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
    DRV:64bit: - [2013/10/08 05:47:30 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
    DRV:64bit: - [2013/07/17 02:02:06 | 000,177,760 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
    DRV:64bit: - [2013/07/17 02:02:04 | 007,717,984 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
    DRV:64bit: - [2012/11/15 21:06:06 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
    O2:64bit: - BHO: (no name) - {11111111-1111-1111-1111-110311301136} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O15 - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\..Trusted Domains: 4game.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-2359379116-2292543063-101763817-1000\..Trusted Ranges: Range1 ([https] in Trusted sites)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
    [2014/01/09 11:11:27 | 000,177,760 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys.bak
    [2014/01/09 11:11:27 | 000,054,104 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kltdi.sys.bak
    [2014/01/09 11:11:26 | 000,489,568 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys.bak
    [2014/01/09 11:11:26 | 000,029,792 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klim6.sys.bak
    [2014/01/09 11:11:25 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys.bak
    [2014/01/09 11:11:24 | 007,717,984 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys.bak
    [2014/01/03 12:07:27 | 000,177,760 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
    [2014/01/03 12:07:26 | 000,054,104 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kltdi.sys
    [2014/01/03 12:07:01 | 000,029,792 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klim6.sys
    [2014/01/03 12:06:57 | 007,717,984 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys
    [2014/01/03 12:06:53 | 000,489,568 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
    [2014/01/03 12:06:53 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:07BF512B
    
    :Services
    
    :Reg
    
    :Files
    C:\FRST
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.



    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.


    Last scans...

    Download Security Check from here or here and save it to your Desktop.

    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:

      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services

    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.



    Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.



    Please run a free online scan with the ESET Online Scanner


    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.

  8. #23
    Join Date
    Dec 2006
    Location
    belgium
    Posts
    272
    I needed to do it 2x,
    because the first time it had a error when it was making the log (I had a blank page)
    so but now here is the OTL log

    All processes killed
    ========== OTL ==========
    Error: No service named KLIF was found to stop!
    Service\Driver key KLIF not found.
    File C:\Windows\SysNative\drivers\klif.sys not found.
    Error: No service named KLIM6 was found to stop!
    Service\Driver key KLIM6 not found.
    File C:\Windows\SysNative\drivers\klim6.sys not found.
    Error: No service named kneps was found to stop!
    Service\Driver key kneps not found.
    File C:\Windows\SysNative\drivers\kneps.sys not found.
    Error: No service named KL1 was found to stop!
    Service\Driver key KL1 not found.
    File C:\Windows\SysNative\drivers\kl1.sys not found.
    Error: No service named kltdi was found to stop!
    Service\Driver key kltdi not found.
    File C:\Windows\SysNative\drivers\kltdi.sys not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311301136}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311301136}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
    Registry key HKEY_USERS\S-1-5-21-2359379116-2292543063-101763817-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\4game.com\ not found.
    Registry value HKEY_USERS\S-1-5-21-2359379116-2292543063-101763817-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\https not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ not found.
    File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ not found.
    File Protocol\Handler\ms-help - No CLSID value found not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    File C:\Windows\SysNative\drivers\kneps.sys.bak not found.
    File C:\Windows\SysNative\drivers\kltdi.sys.bak not found.
    File C:\Windows\SysNative\drivers\klif.sys.bak not found.
    File C:\Windows\SysNative\drivers\klim6.sys.bak not found.
    File C:\Windows\SysNative\drivers\klflt.sys.bak not found.
    File C:\Windows\SysNative\drivers\kl1.sys.bak not found.
    File C:\Windows\SysNative\drivers\kneps.sys not found.
    File C:\Windows\SysNative\drivers\kltdi.sys not found.
    File C:\Windows\SysNative\drivers\klim6.sys not found.
    File C:\Windows\SysNative\drivers\kl1.sys not found.
    File C:\Windows\SysNative\drivers\klif.sys not found.
    File C:\Windows\SysNative\drivers\klflt.sys not found.
    Unable to delete ADS C:\ProgramData\TEMP:07BF512B .
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\FRST not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Gebruiker
    ->Temp folder emptied: 5818 bytes
    ->Temporary Internet Files folder emptied: 295280 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 506 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 0,00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Gebruiker
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Gebruiker
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 01112014_224828

    Files\Folders moved on Reboot...
    C:\Users\Gebruiker\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


    here the log from screen317 Security Check

    Results of screen317's Security Check version 0.99.78
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    ZoneAlarm Internet Security Suite Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Out of date HijackThis installed!
    Malwarebytes Anti-Malware version 1.75.0.1300
    HijackThis 2.0.2
    Java 7 Update 9
    Java version out of Date!
    Adobe Flash Player 11.9.900.170
    Adobe Reader XI
    Mozilla Firefox (26.0)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    CheckPoint ZoneAlarm vsmon.exe
    CheckPoint ZoneAlarm zatray.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````

    here the FSS log

    Farbar Service Scanner Version: 08-01-2014
    Ran by Gebruiker (administrator) on 11-01-2014 at 23:05:36
    Running from "C:\Users\Gebruiker\Desktop"
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    here is the TFC log

    Getting user folders.

    Stopping running processes.

    Emptying Temp folders.


    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Gebruiker
    ->Temp folder emptied: 38590 bytes
    ->Temporary Internet Files folder emptied: 299851 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 506 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 256 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 5701736 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

    Emptying RecycleBin. Do not interrupt.

    RecycleBin emptied: 0 bytes
    Process complete!

    Total Files Cleaned = 6,00 mb
    Last edited by sitewizard; January 11th, 2014 at 06:14 PM.
    I don't bite,
    So be Nice.

  9. #24
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Eset?

  10. #25
    Join Date
    Dec 2006
    Location
    belgium
    Posts
    272
    scanning tomorrow Sir ..
    it is almost 00:00 hour here
    and a online scan takes a few hours ...

    tomorrow I post the log
    I don't bite,
    So be Nice.

  11. #26
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    No problem

  12. #27
    Join Date
    Dec 2006
    Location
    belgium
    Posts
    272
    ESET scan took 3:40 hours to scan the pc

    Sir, it don't give a log from.
    ESET did not find any virus or spyware on this computer

    so this computer is back clean like a baby

    thanks for the help to cleaning this nasty thing
    I don't bite,
    So be Nice.

  13. #28
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    1. Update your Java version here: http://www.java.com/en/download/manual.jsp
    Alternate download: http://www.filehippo.com/search?q=java

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

    Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.

    • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.



    =======================================

    Your computer is clean

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL


    • Under the Custom Scans/Fixes box at the bottom, paste in the following:



    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.



    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:


    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.



    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tuto...r-safe-online/

    14. Please, let me know, how your computer is doing.

  14. #29
    Join Date
    Dec 2006
    Location
    belgium
    Posts
    272
    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Gebruiker
    ->Temp folder emptied: 73648245 bytes
    ->Temporary Internet Files folder emptied: 4864265 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 41050089 bytes
    ->Flash cache emptied: 506 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1752 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 114,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Gebruiker
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0,00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Gebruiker
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0,00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 01142014_111100

    Files\Folders moved on Reboot...
    C:\Users\Gebruiker\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    C:\Windows\temp\ZLT02e75.TMP moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    I think the pc is all ok now
    I don't bite,
    So be Nice.

  15. #30
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Way to go!!
    Good luck and stay safe

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •