Text-Enhance

**Gio** · 13 April 2012, 14:34

Hallo

Ik gebruik Google Chrome op Windows 7 en heb sinds enkele dagen het probleem van Text-Enhance, een of ander programmatje dat ongewild hyperlinks steekt achter bepaalde woorden die ik lees in online teksten met reclame achter.

Hierbij mijn HT-logje, alvast bedankt!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:33:47, on 13/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\PLFSetI.exe
C:\Users\Giovanny\AppData\Local\Google\Update\Goog leUpdate.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Brownie\brpjp04a.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Giovanny\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Users\Giovanny\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Users\Giovanny\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Users\Giovanny\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Giovanny\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Users\Giovanny\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Twitter\TweetDeck\TweetDeck.exe
C:\Users\Giovanny\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Users\Giovanny\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Users\Giovanny\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Users\Giovanny\Desktop\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...8z145t57n1w617
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...8z145t57n1w617
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKCU\..\Run: [Google Update] "C:\Users\Giovanny\AppData\Local\Google\Update\Goo gleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5 B381380DB17F.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PokerStars.be - {878AC5FC-BE78-4bae-896C-7F75B790A71E} - C:\Program Files (x86)\PokerStars.BE\PokerStarsUpdate.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Unibet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\unibetpokerMPP\MPPoker.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15093 bytes

**Juisterr** · 14 April 2012, 20:03

Hallo en welkom,

Wil je onderstaande uitvoeren aub.
1.
Download OTL naar je Bureaublad

Dubbelklik op OTL.com om het programma te openen. Zorg ervoor dat all andere vensters gesloten zijn, en laat het programma ongestoord zijn werk doen.
Zet een vinkje bij Scan All Users.
Klik op de knop Quick Scan. Verander de instellingen van OTL niet, tenzij ik je hiervoor specifiek instructies geef. De scan zal niet heel erg lang duren.
- Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is. OTL.Txt en Extras.Txt. Deze bestanden zijn opgeslagen in dezelfde locatie als OTL.
- Kopieer (Bewerken->Alles selecteren, Bewerken->Kopiëren) en plak (Bewerken->Alles selecteren, Bewerken->Plakken) de inhoud van deze twee bestanden één voor één in je volgende bericht.

2.
Download TDSSKStarter naar het bureaublad.

"TDSSKStarter.exe" gebruiken:

Sluit nu eerst alle nog openstaande programmavensters!
- Windows 2000 en Windows XP: start het tool middels dubbelklik op "TDSSKStarter.exe".
- Windows Vista en Windows 7: start het tool middels rechtsklik op "TDSSKStarter.exe" en dan kiezen voor Als Administrator uitvoeren.
Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten.
Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.

**Gio** · 15 April 2012, 00:10

OTL.txtOTL logfile created on: 14/04/2012 23:42:22 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Giovanny\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

3,93 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 69,14% Memory free
7,86 Gb Paging File | 6,41 Gb Available in Paging File | 81,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220,09 Gb Total Space | 51,98 Gb Free Space | 23,62% Space Free | Partition Type: NTFS

Computer Name: GIOVANNY-PC | User Name: Giovanny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/14 23:34:46 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Giovanny\Desktop\OTL.com
PRC - [2012/04/04 05:17:30 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2010/02/05 13:29:02 | 002,056,192 | ---- | M] (Belgian Government) -- C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe
PRC - [2009/12/10 03:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009/12/10 03:37:16 | 003,690,496 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009/08/27 22:48:32 | 001,194,504 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/08/21 02:25:56 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/08/21 02:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/08/05 06:45:00 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009/08/04 23:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/08/01 02:29:12 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/07/01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2009/06/05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/06/04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2008/10/17 17:52:16 | 000,099,632 | ---- | M] (brother) -- C:\Program Files (x86)\Brownie\brpjp04a.exe
PRC - [2008/07/30 04:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007/05/21 01:37:36 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/14 15:05:40 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Belgium Identity Card\imageformats\qjpeg4.dll
MOD - [2009/08/14 14:53:52 | 007,495,680 | ---- | M] () -- C:\Program Files (x86)\Belgium Identity Card\QtGui4.dll
MOD - [2009/08/14 14:32:24 | 001,961,984 | ---- | M] () -- C:\Program Files (x86)\Belgium Identity Card\QtCore4.dll
MOD - [2009/07/01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
MOD - [2009/02/03 02:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2008/07/30 04:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/08/06 06:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/03/28 04:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2011/11/13 16:56:15 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/10 03:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2009/08/21 02:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/06/04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2008/04/07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/10/07 07:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 07:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 07:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 02:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 02:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 02:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 02:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/10/05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/02 18:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/20 13:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/06/20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/19 06:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/05 02:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/03 05:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/03 05:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/03 05:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/26 14:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/29 17:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009/04/07 03:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2007/09/17 16:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/31 10:39:36 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...8z145t57n1w617
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...8z145t57n1w617
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...8z145t57n1w617
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT2102399
IE - HKLM\..\SearchScopes\{F29B7C7D-5A51-498E-B948-F4583F67867C}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.micros oft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...8z145t57n1w617
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=a436648800000 00000000c60767e292b&tlver=1.4.19.19&affID=18606
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=00b4c125-0252-11e1-96d0-00262d521bbd&q={searchTerms}
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT2102399
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\..\SearchScopes\{F29B7C7D-5A51-498E-B948-F4583F67867C}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.micros oft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7ACAW_nlBE351BE353
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://startsear.ch/?aff=1"
FF - prefs.js..extensions.enabledItems: belgiumeid@eid.belgium.be:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {7E77F5DF-8022-40e3-9122-F03DEBEFC43B}:1.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=toolbar2&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Giovanny\AppData\Local\Google\Update\1.3. 21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Giovanny\AppData\Local\Google\Update\1.3. 21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/14 15:59:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/04 05:17:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/11 15:40:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/04 05:17:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/11 15:40:46 | 000,000,000 | ---D | M]

[2010/01/10 23:39:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Giovanny\AppData\Roaming\mozilla\Extensio ns
[2009/11/11 23:03:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Giovanny\AppData\Roaming\mozilla\Extensio ns\mozswing@mozswing.org
[2012/04/10 02:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Giovanny\AppData\Roaming\mozilla\Firefox\ Profiles\dp8lu0as.default\extensions
[2010/01/10 23:40:21 | 000,000,000 | ---D | M] ("PsicoTSI") -- C:\Users\Giovanny\AppData\Roaming\mozilla\Firefox\ Profiles\dp8lu0as.default\extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B}
[2012/04/10 02:04:54 | 000,000,000 | ---D | M] ("Codec-V") -- C:\Users\Giovanny\AppData\Roaming\mozilla\Firefox\ Profiles\dp8lu0as.default\extensions\crossriderapp 435@crossrider.com
[2011/07/11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Giovanny\AppData\Roaming\Mozilla\Firefox\ Profiles\dp8lu0as.default\searchplugins\startsear. xml
[2012/04/10 02:05:53 | 000,003,915 | ---- | M] () -- C:\Users\Giovanny\AppData\Roaming\Mozilla\Firefox\ Profiles\dp8lu0as.default\searchplugins\sweetim.xm l
[2012/03/15 00:37:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/09 23:50:09 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/23 17:27:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/31 15:07:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/07 09:24:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/28 00:59:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/21 19:39:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/09 00:23:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/03/15 00:37:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2010/04/24 00:05:51 | 000,000,000 | ---D | M] (eID BelgiÃ«) -- C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\GIOVANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\ PROFILES\DP8LU0AS.DEFAULT\EXTENSIONS\FFXTLBR@BABYL ON.COM.XPI
[2011/07/26 01:29:11 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/15 00:37:10 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2011/05/11 00:46:16 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml
[2010/01/01 10:00:00 | 000,004,558 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml
[2010/01/01 10:00:00 | 000,001,111 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\vandale-nl.xml
[2010/01/01 10:00:00 | 000,001,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-nl.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{google:originalQueryForSuggestion}{go ogle:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEnco ding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}{google:instantFieldTrialGroupParame ter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Giovanny\AppData\Local\Google\Chrome\Appl ication\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Giovanny\AppData\Local\Google\Chrome\Appl ication\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Giovanny\AppData\Local\Google\Chrome\Appl ication\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllec mejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_0\
CHR - Extension: Google Zoeken = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohch hpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohch hpekkn\1.0.0.0_0\
CHR - Extension: AVG Safe Search = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\12.0.0.1901_0\
CHR - Extension: Codec-V = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkf mfhlho\1.17.48_0\
CHR - Extension: vshare plugin = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllec mejgjj\1.3_0\
CHR - Extension: Skype Extension = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfg npldfl\5.0.0.6907_0\
CHR - Extension: Gmail = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\
CHR - Extension: YouTube = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_0\
CHR - Extension: Google Zoeken = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohch hpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohch hpekkn\1.0.0.0_0\
CHR - Extension: AVG Safe Search = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\12.0.0.1901_0\
CHR - Extension: Codec-V = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkf mfhlho\1.17.48_0\
CHR - Extension: vshare plugin = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllec mejgjj\1.3_0\
CHR - Extension: Skype Extension = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfg npldfl\5.0.0.6907_0\
CHR - Extension: Gmail = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [beid] C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe (Belgian Government)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2302494898-1542185371-737622800-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2302494898-1542185371-737622800-1003..\RunOnce: [avg_spchecker] "C:\Program Files (x86)\AVG\AVG9\Notification\SPChecker1.exe" /start File not found
O4 - HKU\S-1-5-21-2302494898-1542185371-737622800-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2302494898-1542185371-737622800-1003..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe ()
O4 - Startup: C:\Users\Giovanny\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5 B381380DB17F.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5 B381380DB17F.dll/cmsidewiki.html File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PokerStars.be - {878AC5FC-BE78-4bae-896C-7F75B790A71E} - C:\Program Files (x86)\PokerStars.BE\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary...n.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary...r.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.5 195.130.131.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{7515D58D-ED90-4C2F-A5F1-A8C67D9B4342}: DhcpNameServer = 195.130.130.5 195.130.131.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{A5B31564-9A8F-48FF-95AB-EA9E81EC5C3E}: DhcpNameServer = 172.16.254.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9f862c1b-c7a9-11de-b27d-00262d521bbd}\Shell - "" = AutoRun
O33 - MountPoints2\{9f862c1b-c7a9-11de-b27d-00262d521bbd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/14 23:34:53 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Giovanny\Desktop\OTL.com
[2012/04/14 23:09:48 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{5F2808E8-39AC-4391-A02C-45E08053C835}
[2012/04/14 23:09:44 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{99DB0A40-FBE4-4A41-9A7C-902EB401AA2F}
[2012/04/14 14:41:25 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{2A34AE36-EF21-4A6F-A6D6-ECE54F06161B}
[2012/04/14 14:40:47 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{8474F946-51CC-45E7-BE05-0F0B3F951FF0}
[2012/04/14 03:39:11 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{FC587CF5-5A86-4D0C-802F-C3D431B9A9C1}
[2012/04/14 03:39:05 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{51FCDE71-0938-4B38-BAF2-258BCBDA9895}
[2012/04/13 13:25:28 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{24D43287-A064-4C21-A9D4-D08E0FEC27F8}
[2012/04/13 01:15:33 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{2F04512A-EFBA-4B9A-B99D-65CD395AE941}
[2012/04/13 00:51:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/13 00:20:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/12 23:49:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/12 23:47:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/12 20:11:47 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{D34F0725-8C0C-4CC4-803D-04D524BA3617}
[2012/04/12 02:32:09 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{1D5A9A85-687D-4074-A6DA-6AB3CB27E50F}
[2012/04/11 15:22:14 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Roaming\Malwarebytes
[2012/04/11 15:22:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2012/04/11 15:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/11 15:22:06 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/11 15:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/11 15:22:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/11 15:20:47 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\Desktop\backups
[2012/04/11 14:31:55 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{C011BBA7-3A6C-40C3-979A-652ACFB1FC61}
[2012/04/11 02:31:40 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{3391C99D-8266-4269-978E-A1A25738D9B6}
[2012/04/11 00:39:32 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\twitter
[2012/04/11 00:29:04 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\TweetDeck
[2012/04/11 00:29:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Twitter
[2012/04/11 00:11:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/04/10 14:31:25 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{94AB1CE9-9EC4-4DDA-87FF-83429478906F}
[2012/04/10 02:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/04/10 02:04:54 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\Codec-V
[2012/04/10 02:04:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Codec-V
[2012/04/10 02:04:48 | 000,000,000 | ---D | C] -- C:\codec-info
[2012/04/10 02:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/04/09 22:30:35 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{5A0FA950-10CB-4E8B-8AE9-2EC136235D19}
[2012/04/08 13:38:29 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{FF916424-AB20-4C88-8B01-6661BBC0C06C}
[2012/04/08 00:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Graboid Inc
[2012/04/08 00:28:30 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\Geckofx
[2012/04/08 00:27:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012/04/07 23:24:22 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{A4A6CCA1-06A3-4706-B782-D54101C8004F}
[2012/04/06 16:55:05 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{DA34B789-C4A6-4472-8309-FE7C2B736DF9}
[2012/04/06 02:01:51 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{8C165B97-CA4B-4DAF-A1CC-0C80C6337082}
[2012/04/05 14:01:37 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{432B3E1B-E722-410D-8588-A1A65C7C6AA6}
[2012/04/04 16:03:23 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{30275E62-6643-414F-9286-A4EC5E91C679}
[2012/04/04 05:18:55 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Roaming\RealNetworks
[2012/04/04 05:17:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/04/04 05:17:32 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/04/04 05:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2012/04/04 05:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/04/04 05:17:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2012/04/04 05:16:56 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Roaming\Real
[2012/04/04 04:03:08 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{65CEF38E-B4F2-4ACA-839D-1A48742CDE70}
[2012/04/03 18:29:48 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\Documents\screen recorder
[2012/04/03 16:02:52 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{DC33C28C-32B9-48EF-AAFA-25D9716623BD}
[2012/04/03 02:36:07 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{B39E4BCA-0793-423B-9165-287098102BFE}
[2012/04/02 14:35:52 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{A7DDE14F-F129-4551-A25A-0377E70CEAA5}
[2012/04/01 23:45:26 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{A0BBB06A-541E-4BA0-96D7-2F374878B72D}
[2012/04/01 11:45:11 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{C302B0CA-303E-4B97-BA42-B4F81597738C}
[2012/03/31 12:13:44 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{551C2491-0758-445D-B4C8-9D486476886C}
[2012/03/31 00:01:23 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{2963EE44-E74B-47E9-AF4A-1220DFFB421B}
[2012/03/30 13:55:17 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{D8CE4B55-4BF5-4F9B-9DDD-81BC9E27D53A}
[2012/03/30 01:43:55 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{72D75F75-8987-4057-BE55-9AA16D579576}
[2012/03/29 13:43:31 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{FFA82EB7-D7C6-4283-911E-25ECB5EDA8B5}
[2012/03/28 21:42:01 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{9D30D9C1-52AB-48D7-B706-BC8446BF2D56}
[2012/03/28 21:42:00 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{E6F25188-C113-4FB5-9053-848376779B06}
[2012/03/28 18:22:09 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{1A86F6B0-C749-428D-B07F-268BEF8443C8}
[2012/03/28 13:10:52 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{41A005F4-5D29-4AD4-94B6-F5ECBEC8400A}
[2012/03/27 18:38:06 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{49756B0E-3C52-44D3-B71B-C1F8A7DFB7A1}
[2012/03/27 01:06:09 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{96CE4493-9CB0-4BF5-BB9F-A2231B3BEF6D}
[2012/03/26 02:35:24 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{2AF8CCD4-80D1-4747-9747-7D20E8F66C52}
[2012/03/26 02:35:23 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{64EE3970-CF99-4DF1-B651-6A0604BE63E0}
[2012/03/25 14:35:05 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{BA76A753-D875-46DD-BB12-A9863CF7530E}
[2012/03/25 14:35:03 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{08030F09-A575-4729-B9F8-57E2440EBC86}
[2012/03/25 02:34:33 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{5A825D12-1E6D-4B2E-BCAE-DE59D966EB38}
[2012/03/25 02:34:29 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{5E306B04-4CA0-4252-8EAE-1A0596E0AB69}
[2012/03/24 12:11:07 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{CE630A67-0311-47D1-9BEA-9C9DA13148BE}
[2012/03/24 12:10:44 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{C9AC8498-80D1-4836-A3E6-3D62B3783808}
[2012/03/23 18:26:22 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{C87A314D-0172-4071-82BF-AD1ADB6D007B}
[2012/03/23 18:26:21 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{593EBF14-6466-4A18-9782-EE0A626468E2}
[2012/03/23 13:00:51 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{306AA199-D2D8-44E7-A325-A11FBEDE387B}
[2012/03/23 03:00:31 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{5EBB894A-D827-40F6-8C28-95F705D98630}
[2012/03/22 18:12:28 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{79216373-7410-4441-8BB2-69E7B867B3FD}
[2012/03/22 18:07:58 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{3FBD8783-31EC-498E-99BD-529D51043089}
[2012/03/22 18:06:00 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{FCAC8565-BA30-475D-972C-6C74E95F99AF}
[2012/03/22 02:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dialang
[2012/03/22 02:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dialang
[2012/03/21 20:00:17 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{0C0663D1-2565-4A5A-B3B3-49A8BF72C291}
[2012/03/21 20:00:15 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{FB995BF6-F0F9-4FAE-B047-F79BA35EBB34}
[2012/03/20 18:30:25 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{F995C8FE-D679-4DAA-AE1A-20B25229EA19}
[2012/03/20 15:27:27 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{02DE60AA-6AB3-46F7-BED4-AB0FDC08252E}
[2012/03/20 13:53:59 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{354D3DD0-22E2-4735-81DD-01F3F82BD051}
[2012/03/20 13:42:35 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{072064C2-782D-4CF8-883A-D92FA2ADFF41}
[2012/03/20 03:03:29 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{5E80FB94-84A5-4FB0-9540-30B373832CA9}
[2012/03/19 21:20:38 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{806C8FC9-7B6C-4B33-821C-555F18995B64}
[2012/03/19 20:40:11 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{BDE80A82-C1B8-4D8D-AD93-A7B7FC2CA2F9}
[2012/03/19 20:30:21 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{B5ADFE5E-2B92-4F24-8005-B734FC587AF4}
[2012/03/19 14:06:33 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{D1B009D2-D7D4-4876-9DB4-90D5D22DA598}
[2012/03/19 14:03:41 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{7DC2C3D8-83C8-4704-B0C8-6CD1D99091BF}
[2012/03/19 01:35:46 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{17D2C697-84A8-4153-9024-3D175EB03CF1}
[2012/03/19 01:35:44 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{F96B5BB0-EC0F-4725-9285-011DF22004E2}
[2012/03/18 13:35:05 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{9662BED3-C596-44B9-B6C6-365DB27B6652}
[2012/03/18 13:35:03 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{02ABE63E-B601-4B9E-A5B1-C022B4A639B8}
[2012/03/18 01:34:37 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{CBA2867A-4430-4ABE-8857-E40BE8FA83C0}
[2012/03/18 01:34:34 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{9BB3F18F-3A99-4BFC-AC1B-57549B5DEC51}
[2012/03/17 13:08:18 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{CF47A446-8DEB-4B41-B48E-E3152F80DE1F}
[2012/03/17 13:08:16 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{0F34FF7C-BB2A-40F2-A55D-0180C514C37D}
[2012/03/16 21:23:03 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{DAC04374-9C3B-4E8A-AC70-EC0B917AAD73}
[2012/03/16 21:23:00 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{FC57B49A-B09B-45A9-BC0C-16722BDDD7A9}
[2012/03/16 05:02:28 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{E1702A87-BA71-479D-8E69-DA5EFD1AF55B}
[2012/03/16 05:02:26 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{8B3AD40E-56E1-498B-AB91-EFC5B0FAEE36}
[2012/03/16 01:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/16 01:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/16 01:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/16 01:15:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

========== Files - Modified Within 30 Days ==========

[2012/04/14 23:50:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2302494898-1542185371-737622800-1000UA.job
[2012/04/14 23:34:46 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Giovanny\Desktop\OTL.com
[2012/04/14 23:27:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/14 23:16:11 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/14 23:16:11 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/14 23:08:56 | 000,000,331 | ---- | M] () -- C:\Windows\Brownie.ini
[2012/04/14 23:08:30 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/14 23:07:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/14 23:07:11 | 3165,327,360 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/14 19:55:00 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2302494898-1542185371-737622800-1000Core.job
[2012/04/14 17:11:00 | 000,296,575 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/04/14 14:45:58 | 094,981,292 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/13 02:48:05 | 001,580,220 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/13 02:48:05 | 000,704,754 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012/04/13 02:48:05 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/13 02:48:05 | 000,134,844 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012/04/13 02:48:05 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/13 01:20:22 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/04/11 15:40:47 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/04/11 15:22:08 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/11 00:34:45 | 000,002,941 | ---- | M] () -- C:\Users\Giovanny\Desktop\TweetDeck.lnk
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/04 05:17:32 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/04/03 18:30:15 | 000,003,690 | ---- | M] () -- C:\Users\Giovanny\.jmf-resource
[2012/04/03 18:09:46 | 000,002,161 | ---- | M] () -- C:\Users\Giovanny\URPreferences.xml
[2012/04/03 17:48:54 | 000,001,991 | ---- | M] () -- C:\Users\Giovanny\Desktop\Universal Replayer.lnk
[2012/03/28 22:57:47 | 000,001,073 | ---- | M] () -- C:\Users\Giovanny\Desktop\PokerTracker 3.lnk
[2012/03/22 02:29:39 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\Dialang.lnk
[2012/03/16 01:16:58 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/04/13 01:20:22 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/04/11 15:40:47 | 000,002,018 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/04/11 15:22:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/11 00:34:45 | 000,002,941 | ---- | C] () -- C:\Users\Giovanny\Desktop\TweetDeck.lnk
[2012/04/03 18:30:15 | 000,003,690 | ---- | C] () -- C:\Users\Giovanny\.jmf-resource
[2012/04/03 17:48:54 | 000,002,161 | ---- | C] () -- C:\Users\Giovanny\URPreferences.xml
[2012/04/03 17:48:54 | 000,001,991 | ---- | C] () -- C:\Users\Giovanny\Desktop\Universal Replayer.lnk
[2012/03/22 02:29:38 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\Dialang.lnk
[2012/03/16 01:16:58 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/13 01:21:52 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/12/13 01:21:50 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/13 01:21:50 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/12/13 01:21:50 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/11/23 00:03:21 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011/11/23 00:03:21 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011/02/12 17:44:48 | 000,000,441 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/02/12 17:44:44 | 000,000,153 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011/02/12 17:44:44 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011/02/12 17:44:27 | 000,022,898 | ---- | C] () -- C:\Windows\HL-3040CN.INI
[2011/02/12 17:43:04 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011/02/12 17:43:03 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011/02/12 17:42:57 | 000,000,331 | ---- | C] () -- C:\Windows\Brownie.ini
[2011/01/09 23:51:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/26 20:25:44 | 000,006,144 | ---- | C] () -- C:\Users\Giovanny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/05 18:19:25 | 000,000,316 | -H-- | C] () -- C:\ProgramData\32122199911
[2010/08/25 18:41:40 | 000,000,045 | ---- | C] () -- C:\Users\Giovanny\AppData\Local\machpro.dat
[2010/08/13 13:22:32 | 000,005,087 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2010/05/11 15:26:15 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

========== LOP Check ==========

[2012/02/14 17:21:37 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\AVG2012
[2010/12/21 01:47:53 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\BVUAdvanced
[2009/11/29 19:30:42 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\Canon
[2011/12/15 16:47:46 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\DVDVideoSoft
[2011/06/22 00:51:51 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\go
[2010/10/05 18:51:42 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\ImTOO
[2012/04/14 23:08:54 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\LimeWire
[2010/12/26 05:29:07 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\Microgaming
[2011/09/06 23:41:56 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\Mikogo 4
[2011/03/28 15:27:21 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\Netviewer
[2011/05/21 19:47:01 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\Partouche Poker
[2009/11/01 21:02:07 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\PC Suite
[2011/07/04 16:48:05 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\PowerCinema
[2009/11/02 14:47:41 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\Pro Cycling Manager 2008 - Demo
[2009/11/01 20:53:37 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\Samsung
[2011/07/04 16:48:12 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\SoftDMA
[2011/10/21 16:18:42 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\Sports Interactive
[2012/02/07 02:11:49 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\Spotify
[2012/04/13 01:30:13 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\TS3Client
[2011/06/07 15:48:52 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\wam.04351C371E53 0C3762CBA45FA283ED972DCDEFB6.1
[2010/06/03 19:49:41 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\WhatPulse
[2010/10/05 18:12:30 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\YCanPDF
[2012/03/16 14:26:24 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE

< End of report >

**Gio** · 15 April 2012, 00:12

OTL.txtOTL logfile created on: 14/04/2012 23:42:22 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Giovanny\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

3,93 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 69,14% Memory free
7,86 Gb Paging File | 6,41 Gb Available in Paging File | 81,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220,09 Gb Total Space | 51,98 Gb Free Space | 23,62% Space Free | Partition Type: NTFS

Computer Name: GIOVANNY-PC | User Name: Giovanny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/14 23:34:46 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Giovanny\Desktop\OTL.com
PRC - [2012/04/04 05:17:30 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2010/02/05 13:29:02 | 002,056,192 | ---- | M] (Belgian Government) -- C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe
PRC - [2009/12/10 03:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009/12/10 03:37:16 | 003,690,496 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009/08/27 22:48:32 | 001,194,504 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/08/21 02:25:56 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/08/21 02:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/08/05 06:45:00 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009/08/04 23:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/08/01 02:29:12 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/07/01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2009/06/05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/06/04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2008/10/17 17:52:16 | 000,099,632 | ---- | M] (brother) -- C:\Program Files (x86)\Brownie\brpjp04a.exe
PRC - [2008/07/30 04:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007/05/21 01:37:36 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/14 15:05:40 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Belgium Identity Card\imageformats\qjpeg4.dll
MOD - [2009/08/14 14:53:52 | 007,495,680 | ---- | M] () -- C:\Program Files (x86)\Belgium Identity Card\QtGui4.dll
MOD - [2009/08/14 14:32:24 | 001,961,984 | ---- | M] () -- C:\Program Files (x86)\Belgium Identity Card\QtCore4.dll
MOD - [2009/07/01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
MOD - [2009/02/03 02:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2008/07/30 04:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/08/06 06:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/03/28 04:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2011/11/13 16:56:15 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/10 03:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2009/08/21 02:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/06/04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2008/04/07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/10/07 07:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 07:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 07:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 02:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 02:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 02:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 02:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/10/05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/02 18:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/20 13:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/06/20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/19 06:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/05 02:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/03 05:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/03 05:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/03 05:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/26 14:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/29 17:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009/04/07 03:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2007/09/17 16:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/31 10:39:36 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...8z145t57n1w617
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...8z145t57n1w617
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...8z145t57n1w617
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT2102399
IE - HKLM\..\SearchScopes\{F29B7C7D-5A51-498E-B948-F4583F67867C}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.micros oft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...8z145t57n1w617
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=a436648800000 00000000c60767e292b&tlver=1.4.19.19&affID=18606
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=00b4c125-0252-11e1-96d0-00262d521bbd&q={searchTerms}
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT2102399
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\..\SearchScopes\{F29B7C7D-5A51-498E-B948-F4583F67867C}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.micros oft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7ACAW_nlBE351BE353
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://startsear.ch/?aff=1"
FF - prefs.js..extensions.enabledItems: belgiumeid@eid.belgium.be:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {7E77F5DF-8022-40e3-9122-F03DEBEFC43B}:1.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=toolbar2&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Giovanny\AppData\Local\Google\Update\1.3. 21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Giovanny\AppData\Local\Google\Update\1.3. 21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/14 15:59:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/04 05:17:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/11 15:40:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/04 05:17:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/11 15:40:46 | 000,000,000 | ---D | M]

[2010/01/10 23:39:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Giovanny\AppData\Roaming\mozilla\Extensio ns
[2009/11/11 23:03:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Giovanny\AppData\Roaming\mozilla\Extensio ns\mozswing@mozswing.org
[2012/04/10 02:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Giovanny\AppData\Roaming\mozilla\Firefox\ Profiles\dp8lu0as.default\extensions
[2010/01/10 23:40:21 | 000,000,000 | ---D | M] ("PsicoTSI") -- C:\Users\Giovanny\AppData\Roaming\mozilla\Firefox\ Profiles\dp8lu0as.default\extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B}
[2012/04/10 02:04:54 | 000,000,000 | ---D | M] ("Codec-V") -- C:\Users\Giovanny\AppData\Roaming\mozilla\Firefox\ Profiles\dp8lu0as.default\extensions\crossriderapp 435@crossrider.com
[2011/07/11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Giovanny\AppData\Roaming\Mozilla\Firefox\ Profiles\dp8lu0as.default\searchplugins\startsear. xml
[2012/04/10 02:05:53 | 000,003,915 | ---- | M] () -- C:\Users\Giovanny\AppData\Roaming\Mozilla\Firefox\ Profiles\dp8lu0as.default\searchplugins\sweetim.xm l
[2012/03/15 00:37:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/09 23:50:09 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/23 17:27:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/31 15:07:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/07 09:24:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/28 00:59:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/21 19:39:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/09 00:23:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/03/15 00:37:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2010/04/24 00:05:51 | 000,000,000 | ---D | M] (eID BelgiÃ«) -- C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\GIOVANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\ PROFILES\DP8LU0AS.DEFAULT\EXTENSIONS\FFXTLBR@BABYL ON.COM.XPI
[2011/07/26 01:29:11 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/15 00:37:10 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2011/05/11 00:46:16 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml
[2010/01/01 10:00:00 | 000,004,558 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml
[2010/01/01 10:00:00 | 000,001,111 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\vandale-nl.xml
[2010/01/01 10:00:00 | 000,001,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-nl.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{google:originalQueryForSuggestion}{go ogle:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEnco ding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}{google:instantFieldTrialGroupParame ter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Giovanny\AppData\Local\Google\Chrome\Appl ication\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Giovanny\AppData\Local\Google\Chrome\Appl ication\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Giovanny\AppData\Local\Google\Chrome\Appl ication\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllec mejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_0\
CHR - Extension: Google Zoeken = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohch hpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohch hpekkn\1.0.0.0_0\
CHR - Extension: AVG Safe Search = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\12.0.0.1901_0\
CHR - Extension: Codec-V = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkf mfhlho\1.17.48_0\
CHR - Extension: vshare plugin = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllec mejgjj\1.3_0\
CHR - Extension: Skype Extension = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfg npldfl\5.0.0.6907_0\
CHR - Extension: Gmail = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\
CHR - Extension: YouTube = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_0\
CHR - Extension: Google Zoeken = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohch hpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohch hpekkn\1.0.0.0_0\
CHR - Extension: AVG Safe Search = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\12.0.0.1901_0\
CHR - Extension: Codec-V = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkf mfhlho\1.17.48_0\
CHR - Extension: vshare plugin = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllec mejgjj\1.3_0\
CHR - Extension: Skype Extension = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfg npldfl\5.0.0.6907_0\
CHR - Extension: Gmail = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2302494898-1542185371-737622800-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [beid] C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe (Belgian Government)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2302494898-1542185371-737622800-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2302494898-1542185371-737622800-1003..\RunOnce: [avg_spchecker] "C:\Program Files (x86)\AVG\AVG9\Notification\SPChecker1.exe" /start File not found
O4 - HKU\S-1-5-21-2302494898-1542185371-737622800-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2302494898-1542185371-737622800-1003..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe ()
O4 - Startup: C:\Users\Giovanny\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5 B381380DB17F.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5 B381380DB17F.dll/cmsidewiki.html File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PokerStars.be - {878AC5FC-BE78-4bae-896C-7F75B790A71E} - C:\Program Files (x86)\PokerStars.BE\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary...n.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary...r.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.5 195.130.131.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{7515D58D-ED90-4C2F-A5F1-A8C67D9B4342}: DhcpNameServer = 195.130.130.5 195.130.131.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{A5B31564-9A8F-48FF-95AB-EA9E81EC5C3E}: DhcpNameServer = 172.16.254.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9f862c1b-c7a9-11de-b27d-00262d521bbd}\Shell - "" = AutoRun
O33 - MountPoints2\{9f862c1b-c7a9-11de-b27d-00262d521bbd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/14 23:34:53 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Giovanny\Desktop\OTL.com
[2012/04/14 23:09:48 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{5F2808E8-39AC-4391-A02C-45E08053C835}
[2012/04/14 23:09:44 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{99DB0A40-FBE4-4A41-9A7C-902EB401AA2F}
[2012/04/14 14:41:25 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{2A34AE36-EF21-4A6F-A6D6-ECE54F06161B}
[2012/04/14 14:40:47 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{8474F946-51CC-45E7-BE05-0F0B3F951FF0}
[2012/04/14 03:39:11 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{FC587CF5-5A86-4D0C-802F-C3D431B9A9C1}
[2012/04/14 03:39:05 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{51FCDE71-0938-4B38-BAF2-258BCBDA9895}
[2012/04/13 13:25:28 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{24D43287-A064-4C21-A9D4-D08E0FEC27F8}
[2012/04/13 01:15:33 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{2F04512A-EFBA-4B9A-B99D-65CD395AE941}
[2012/04/13 00:51:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/13 00:20:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/12 23:49:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/12 23:47:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/12 20:11:47 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{D34F0725-8C0C-4CC4-803D-04D524BA3617}
[2012/04/12 02:32:09 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{1D5A9A85-687D-4074-A6DA-6AB3CB27E50F}
[2012/04/11 15:22:14 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Roaming\Malwarebytes
[2012/04/11 15:22:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2012/04/11 15:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/11 15:22:06 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/11 15:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/11 15:22:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/11 15:20:47 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\Desktop\backups
[2012/04/11 14:31:55 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{C011BBA7-3A6C-40C3-979A-652ACFB1FC61}
[2012/04/11 02:31:40 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{3391C99D-8266-4269-978E-A1A25738D9B6}
[2012/04/11 00:39:32 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\twitter
[2012/04/11 00:29:04 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\TweetDeck
[2012/04/11 00:29:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Twitter
[2012/04/11 00:11:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/04/10 14:31:25 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{94AB1CE9-9EC4-4DDA-87FF-83429478906F}
[2012/04/10 02:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/04/10 02:04:54 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\Codec-V
[2012/04/10 02:04:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Codec-V
[2012/04/10 02:04:48 | 000,000,000 | ---D | C] -- C:\codec-info
[2012/04/10 02:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/04/09 22:30:35 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{5A0FA950-10CB-4E8B-8AE9-2EC136235D19}
[2012/04/08 13:38:29 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{FF916424-AB20-4C88-8B01-6661BBC0C06C}
[2012/04/08 00:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Graboid Inc
[2012/04/08 00:28:30 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\Geckofx
[2012/04/08 00:27:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012/04/07 23:24:22 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{A4A6CCA1-06A3-4706-B782-D54101C8004F}
[2012/04/06 16:55:05 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{DA34B789-C4A6-4472-8309-FE7C2B736DF9}
[2012/04/06 02:01:51 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{8C165B97-CA4B-4DAF-A1CC-0C80C6337082}
[2012/04/05 14:01:37 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{432B3E1B-E722-410D-8588-A1A65C7C6AA6}
[2012/04/04 16:03:23 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{30275E62-6643-414F-9286-A4EC5E91C679}
[2012/04/04 05:18:55 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Roaming\RealNetworks
[2012/04/04 05:17:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/04/04 05:17:32 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/04/04 05:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2012/04/04 05:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/04/04 05:17:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2012/04/04 05:16:56 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Roaming\Real
[2012/04/04 04:03:08 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{65CEF38E-B4F2-4ACA-839D-1A48742CDE70}
[2012/04/03 18:29:48 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\Documents\screen recorder
[2012/04/03 16:02:52 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{DC33C28C-32B9-48EF-AAFA-25D9716623BD}
[2012/04/03 02:36:07 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{B39E4BCA-0793-423B-9165-287098102BFE}
[2012/04/02 14:35:52 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{A7DDE14F-F129-4551-A25A-0377E70CEAA5}
[2012/04/01 23:45:26 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{A0BBB06A-541E-4BA0-96D7-2F374878B72D}
[2012/04/01 11:45:11 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{C302B0CA-303E-4B97-BA42-B4F81597738C}
[2012/03/31 12:13:44 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{551C2491-0758-445D-B4C8-9D486476886C}
[2012/03/31 00:01:23 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{2963EE44-E74B-47E9-AF4A-1220DFFB421B}
[2012/03/30 13:55:17 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{D8CE4B55-4BF5-4F9B-9DDD-81BC9E27D53A}
[2012/03/30 01:43:55 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{72D75F75-8987-4057-BE55-9AA16D579576}
[2012/03/29 13:43:31 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{FFA82EB7-D7C6-4283-911E-25ECB5EDA8B5}
[2012/03/28 21:42:01 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{9D30D9C1-52AB-48D7-B706-BC8446BF2D56}
[2012/03/28 21:42:00 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{E6F25188-C113-4FB5-9053-848376779B06}
[2012/03/28 18:22:09 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{1A86F6B0-C749-428D-B07F-268BEF8443C8}
[2012/03/28 13:10:52 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{41A005F4-5D29-4AD4-94B6-F5ECBEC8400A}
[2012/03/27 18:38:06 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{49756B0E-3C52-44D3-B71B-C1F8A7DFB7A1}
[2012/03/27 01:06:09 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{96CE4493-9CB0-4BF5-BB9F-A2231B3BEF6D}
[2012/03/26 02:35:24 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{2AF8CCD4-80D1-4747-9747-7D20E8F66C52}
[2012/03/26 02:35:23 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{64EE3970-CF99-4DF1-B651-6A0604BE63E0}
[2012/03/25 14:35:05 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{BA76A753-D875-46DD-BB12-A9863CF7530E}
[2012/03/25 14:35:03 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{08030F09-A575-4729-B9F8-57E2440EBC86}
[2012/03/25 02:34:33 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{5A825D12-1E6D-4B2E-BCAE-DE59D966EB38}
[2012/03/25 02:34:29 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{5E306B04-4CA0-4252-8EAE-1A0596E0AB69}
[2012/03/24 12:11:07 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{CE630A67-0311-47D1-9BEA-9C9DA13148BE}
[2012/03/24 12:10:44 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{C9AC8498-80D1-4836-A3E6-3D62B3783808}
[2012/03/23 18:26:22 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{C87A314D-0172-4071-82BF-AD1ADB6D007B}
[2012/03/23 18:26:21 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{593EBF14-6466-4A18-9782-EE0A626468E2}
[2012/03/23 13:00:51 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{306AA199-D2D8-44E7-A325-A11FBEDE387B}
[2012/03/23 03:00:31 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{5EBB894A-D827-40F6-8C28-95F705D98630}
[2012/03/22 18:12:28 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{79216373-7410-4441-8BB2-69E7B867B3FD}
[2012/03/22 18:07:58 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{3FBD8783-31EC-498E-99BD-529D51043089}
[2012/03/22 18:06:00 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{FCAC8565-BA30-475D-972C-6C74E95F99AF}
[2012/03/22 02:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dialang
[2012/03/22 02:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dialang
[2012/03/21 20:00:17 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{0C0663D1-2565-4A5A-B3B3-49A8BF72C291}
[2012/03/21 20:00:15 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{FB995BF6-F0F9-4FAE-B047-F79BA35EBB34}
[2012/03/20 18:30:25 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{F995C8FE-D679-4DAA-AE1A-20B25229EA19}
[2012/03/20 15:27:27 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{02DE60AA-6AB3-46F7-BED4-AB0FDC08252E}
[2012/03/20 13:53:59 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{354D3DD0-22E2-4735-81DD-01F3F82BD051}
[2012/03/20 13:42:35 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{072064C2-782D-4CF8-883A-D92FA2ADFF41}
[2012/03/20 03:03:29 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{5E80FB94-84A5-4FB0-9540-30B373832CA9}
[2012/03/19 21:20:38 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{806C8FC9-7B6C-4B33-821C-555F18995B64}
[2012/03/19 20:40:11 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{BDE80A82-C1B8-4D8D-AD93-A7B7FC2CA2F9}
[2012/03/19 20:30:21 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{B5ADFE5E-2B92-4F24-8005-B734FC587AF4}
[2012/03/19 14:06:33 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{D1B009D2-D7D4-4876-9DB4-90D5D22DA598}
[2012/03/19 14:03:41 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{7DC2C3D8-83C8-4704-B0C8-6CD1D99091BF}
[2012/03/19 01:35:46 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{17D2C697-84A8-4153-9024-3D175EB03CF1}
[2012/03/19 01:35:44 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{F96B5BB0-EC0F-4725-9285-011DF22004E2}
[2012/03/18 13:35:05 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{9662BED3-C596-44B9-B6C6-365DB27B6652}
[2012/03/18 13:35:03 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{02ABE63E-B601-4B9E-A5B1-C022B4A639B8}
[2012/03/18 01:34:37 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{CBA2867A-4430-4ABE-8857-E40BE8FA83C0}
[2012/03/18 01:34:34 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{9BB3F18F-3A99-4BFC-AC1B-57549B5DEC51}
[2012/03/17 13:08:18 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{CF47A446-8DEB-4B41-B48E-E3152F80DE1F}
[2012/03/17 13:08:16 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{0F34FF7C-BB2A-40F2-A55D-0180C514C37D}
[2012/03/16 21:23:03 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{DAC04374-9C3B-4E8A-AC70-EC0B917AAD73}
[2012/03/16 21:23:00 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{FC57B49A-B09B-45A9-BC0C-16722BDDD7A9}
[2012/03/16 05:02:28 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{E1702A87-BA71-479D-8E69-DA5EFD1AF55B}
[2012/03/16 05:02:26 | 000,000,000 | ---D | C] -- C:\Users\Giovanny\AppData\Local\{8B3AD40E-56E1-498B-AB91-EFC5B0FAEE36}
[2012/03/16 01:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/16 01:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/16 01:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/16 01:15:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

========== Files - Modified Within 30 Days ==========

[2012/04/14 23:50:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2302494898-1542185371-737622800-1000UA.job
[2012/04/14 23:34:46 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Giovanny\Desktop\OTL.com
[2012/04/14 23:27:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/14 23:16:11 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/14 23:16:11 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/14 23:08:56 | 000,000,331 | ---- | M] () -- C:\Windows\Brownie.ini
[2012/04/14 23:08:30 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/14 23:07:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/14 23:07:11 | 3165,327,360 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/14 19:55:00 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2302494898-1542185371-737622800-1000Core.job
[2012/04/14 17:11:00 | 000,296,575 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/04/14 14:45:58 | 094,981,292 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/13 02:48:05 | 001,580,220 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/13 02:48:05 | 000,704,754 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012/04/13 02:48:05 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/13 02:48:05 | 000,134,844 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012/04/13 02:48:05 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/13 01:20:22 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/04/11 15:40:47 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/04/11 15:22:08 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/11 00:34:45 | 000,002,941 | ---- | M] () -- C:\Users\Giovanny\Desktop\TweetDeck.lnk
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/04 05:17:32 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/04/03 18:30:15 | 000,003,690 | ---- | M] () -- C:\Users\Giovanny\.jmf-resource
[2012/04/03 18:09:46 | 000,002,161 | ---- | M] () -- C:\Users\Giovanny\URPreferences.xml
[2012/04/03 17:48:54 | 000,001,991 | ---- | M] () -- C:\Users\Giovanny\Desktop\Universal Replayer.lnk
[2012/03/28 22:57:47 | 000,001,073 | ---- | M] () -- C:\Users\Giovanny\Desktop\PokerTracker 3.lnk
[2012/03/22 02:29:39 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\Dialang.lnk
[2012/03/16 01:16:58 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/04/13 01:20:22 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/04/11 15:40:47 | 000,002,018 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/04/11 15:22:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/11 00:34:45 | 000,002,941 | ---- | C] () -- C:\Users\Giovanny\Desktop\TweetDeck.lnk
[2012/04/03 18:30:15 | 000,003,690 | ---- | C] () -- C:\Users\Giovanny\.jmf-resource
[2012/04/03 17:48:54 | 000,002,161 | ---- | C] () -- C:\Users\Giovanny\URPreferences.xml
[2012/04/03 17:48:54 | 000,001,991 | ---- | C] () -- C:\Users\Giovanny\Desktop\Universal Replayer.lnk
[2012/03/22 02:29:38 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\Dialang.lnk
[2012/03/16 01:16:58 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/13 01:21:52 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/12/13 01:21:50 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/13 01:21:50 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/12/13 01:21:50 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/11/23 00:03:21 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011/11/23 00:03:21 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011/02/12 17:44:48 | 000,000,441 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/02/12 17:44:44 | 000,000,153 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011/02/12 17:44:44 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011/02/12 17:44:27 | 000,022,898 | ---- | C] () -- C:\Windows\HL-3040CN.INI
[2011/02/12 17:43:04 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011/02/12 17:43:03 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011/02/12 17:42:57 | 000,000,331 | ---- | C] () -- C:\Windows\Brownie.ini
[2011/01/09 23:51:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/26 20:25:44 | 000,006,144 | ---- | C] () -- C:\Users\Giovanny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/05 18:19:25 | 000,000,316 | -H-- | C] () -- C:\ProgramData\32122199911
[2010/08/25 18:41:40 | 000,000,045 | ---- | C] () -- C:\Users\Giovanny\AppData\Local\machpro.dat
[2010/08/13 13:22:32 | 000,005,087 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2010/05/11 15:26:15 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

========== LOP Check ==========

[2012/02/14 17:21:37 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\AVG2012
[2010/12/21 01:47:53 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\BVUAdvanced
[2009/11/29 19:30:42 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\Canon
[2011/12/15 16:47:46 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\DVDVideoSoft
[2011/06/22 00:51:51 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\go
[2010/10/05 18:51:42 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\ImTOO
[2012/04/14 23:08:54 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\LimeWire
[2010/12/26 05:29:07 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\Microgaming
[2011/09/06 23:41:56 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\Mikogo 4
[2011/03/28 15:27:21 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\Netviewer
[2011/05/21 19:47:01 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\Partouche Poker
[2009/11/01 21:02:07 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\PC Suite
[2011/07/04 16:48:05 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\PowerCinema
[2009/11/02 14:47:41 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\Pro Cycling Manager 2008 - Demo
[2009/11/01 20:53:37 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\Samsung
[2011/07/04 16:48:12 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\SoftDMA
[2011/10/21 16:18:42 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\Sports Interactive
[2012/02/07 02:11:49 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\Spotify
[2012/04/13 01:30:13 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\TS3Client
[2011/06/07 15:48:52 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\wam.04351C371E53 0C3762CBA45FA283ED972DCDEFB6.1
[2010/06/03 19:49:41 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\WhatPulse
[2010/10/05 18:12:30 | 000,000,000 | ---D | M] -- C:\Users\Giovanny\AppData\Roaming\YCanPDF
[2012/03/16 14:26:24 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE

< End of report >

**Gio** · 15 April 2012, 12:09

Vannacht blijkbaar bericht twee keer gepost, had moeilijkheden met browser, iets wat wel meer voorkomt ook laatste dagen.

**Juisterr** · 15 April 2012, 13:46

Start OTL

Plak het volgende onder Custom Scans/Fixes

:OTL
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"

FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=toolbar2&q="

[2012/04/10 02:05:53 | 000,003,915 | ---- | M] () -- C:\Users\Giovanny\AppData\Roaming\Mozilla\Firefox\ Profiles\dp8lu0as.default\searchplugins\sweetim.xm l

File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\GIOVANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\ PROFILES\DP8LU0AS.DEFAULT\EXTENSIONS\FFXTLBR@BABYL ON.COM.XPI

[2011/05/11 00:46:16 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

CHR - Extension: SweetIM for Facebook = C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohch hpekkn\1.0.0.0_0\Copy of

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
Klik daarna bovenaan op de knop Run Fix
Laat het programma ongestoord zijn werk doen. De pc zal na afloop opnieuw opgestart worden.

**Gio** · 15 April 2012, 16:35

All processes killed
========== OTL ==========
Prefs.js: "Web Search" removed from browser.search.defaultengine
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: "Web Search" removed from browser.search.selectedEngine
Prefs.js: "http://search.babylon.com/?babsrc=toolbar2&q=" removed from keyword.URL
File C:\Users\Giovanny\AppData\Roaming\Mozilla\Firefox\ Profiles\dp8lu0as.default\searchplugins\sweetim.xm l not found.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
File C:\Users\Giovanny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohch hpekkn\1.0.0.0_0\Copy of not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP-configuratie
De DNS-omzettingscache is leeggemaakt.
C:\Users\Giovanny\Desktop\cmd.bat deleted successfully.
C:\Users\Giovanny\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Giovanny
->Temp folder emptied: 1147627 bytes
->Temporary Internet Files folder emptied: 4226467 bytes
->Java cache emptied: 20517174 bytes
->FireFox cache emptied: 52196432 bytes
->Google Chrome cache emptied: 369530446 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 60431 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24842342 bytes
%systemroot%\sysnative\config\systemprofile\AppDat a\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50428 bytes
RecycleBin emptied: 28222316 bytes

Total Files Cleaned = 478,00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Giovanny
->Flash cache emptied: 0 bytes

User: postgres

User: Public

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.39.2 log created on 04152012_162819

Files\Folders moved on Reboot...
C:\Users\Giovanny\AppData\Local\Temp\FXSAPIDebugLo gFile.txt moved successfully.
File\Folder C:\Users\Giovanny\AppData\Local\Microsoft\Windows\ Temporary Internet Files\Content.IE5\VMEXGEMU\ADSAdClient31[1].htm not found!
C:\Users\Giovanny\AppData\Local\Microsoft\Windows\ Temporary Internet Files\Content.IE5\0AQHAF2J\messengerscripttracking[2].htm moved successfully.

Registry entries deleted on Reboot...

Voorlopig is het nog niet opgelost

**Juisterr** · 15 April 2012, 19:01

Download ComboFix van één van deze locaties:

Link 1
Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier of hier 2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

**Gio** · 16 April 2012, 00:31

ComboFix 12-04-15.02 - Giovanny 15/04/2012 23:59:38.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4025.2725 [GMT 2:00]
Gestart vanuit: c:\users\Giovanny\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-03-15 to 2012-04-15 ))))))))))))))))))))))))))))))
.
.
2012-04-15 22:07 . 2012-04-15 22:07 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-04-15 22:07 . 2012-04-15 22:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 14:28 . 2012-04-15 14:28 -------- d-----w- C:\_OTL
2012-04-14 21:55 . 2012-04-14 21:56 -------- d-----w- C:\TDSSStarter
2012-04-13 00:43 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-13 00:43 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-13 00:43 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-13 00:41 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 00:41 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 00:41 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 00:41 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 00:41 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-13 00:41 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-13 00:41 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 13:22 . 2012-04-11 13:22 -------- d-----w- c:\users\Giovanny\AppData\Roaming\Malwarebytes
2012-04-11 13:22 . 2012-04-11 23:44 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-04-11 13:22 . 2012-04-11 13:38 -------- d-----w- c:\programdata\Malwarebytes
2012-04-11 13:22 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-11 13:22 . 2012-04-11 13:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-10 22:39 . 2012-04-10 22:39 -------- d-----w- c:\users\Giovanny\AppData\Local\twitter
2012-04-10 22:34 . 2011-10-24 13:28 176128 ----a-w- c:\windows\SysWow64\QTCF.dll
2012-04-10 22:29 . 2012-04-10 22:29 612888 ----a-r- c:\users\Giovanny\AppData\Roaming\Microsoft\Instal ler\{2DCD0543-22F6-4E54-80D3-B4EFB9AC4943}\TweetDeck.exe
2012-04-10 22:29 . 2012-04-10 22:29 -------- d-----w- c:\program files (x86)\Twitter
2012-04-10 22:11 . 2012-04-10 22:11 388096 ----a-r- c:\users\Giovanny\AppData\Roaming\Microsoft\Instal ler\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-10 22:11 . 2012-04-10 22:11 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-10 00:05 . 2012-04-10 00:05 -------- d-----w- c:\programdata\Premium
2012-04-10 00:04 . 2012-04-10 00:04 -------- d-----w- c:\users\Giovanny\AppData\Local\Codec-V
2012-04-10 00:04 . 2012-04-11 13:20 -------- d-----w- c:\program files (x86)\Codec-V
2012-04-10 00:04 . 2012-04-10 00:04 -------- d-----w- C:\codec-info
2012-04-10 00:04 . 2012-04-10 00:05 -------- d-----w- c:\programdata\InstallMate
2012-04-07 22:28 . 2012-04-07 22:28 -------- d-----w- c:\programdata\Graboid Inc
2012-04-07 22:28 . 2012-04-07 22:28 -------- d-----w- c:\users\Giovanny\AppData\Local\Geckofx
2012-04-07 22:27 . 2012-04-08 21:55 -------- d-----w- c:\program files (x86)\VideoLAN
2012-04-04 03:17 . 2012-04-04 03:17 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2012-04-04 03:17 . 2012-04-04 03:17 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-04-04 03:17 . 2012-04-04 03:17 150696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2012-04-04 03:17 . 2012-04-04 03:17 108544 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2012-04-04 03:17 . 2012-04-04 03:17 -------- d-----w- c:\program files (x86)\Real
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-22 00:29 . 2012-03-22 00:32 -------- d-----w- c:\program files (x86)\Dialang
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-03-14 22:37 . 2010-04-23 15:27 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-17 06:38 . 2012-03-14 11:10 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 11:10 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 11:10 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 11:10 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 10:01 . 2012-02-15 10:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 10:01 . 2012-02-15 10:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-10 06:36 . 2012-03-14 11:11 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 11:11 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-14 11:11 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-29 04:10 . 2012-02-13 21:37 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 06:38 . 2012-03-14 11:10 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 11:10 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 11:10 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-01-17 03:39 . 2012-02-13 21:37 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79F696BD-08B0-49EE-A50E-C730D1F81457}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1194504]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-08-01 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-05 181480]
"NPSStartup"="" [BU]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-20 124512]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2009-07-01 37888]
"beid"="c:\program files (x86)\Belgium Identity Card\beid35gui.exe" [2010-02-05 2056192]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-04-04 296056]
.
c:\users\Giovanny\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [2010-8-19 503808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
Trusted 2ea7
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-28 135664]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-28 135664]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGI DSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIV ERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVER S\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVER S\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIV ERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIV ERS\AVGIDSFilter.Sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
Inhoud van de 'Gedeelde Taken' map
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-28 13:09]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-28 13:09]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2302494898-1542185371-737622800-1000Core.job
- c:\users\Giovanny\AppData\Local\Google\Update\Goog leUpdate.exe [2009-10-31 14:56]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2302494898-1542185371-737622800-1000UA.job
- c:\users\Giovanny\AppData\Local\Google\Update\Goog leUpdate.exe [2009-10-31 14:56]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 2114376]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2009-09-02 358912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5 B381380DB17F.dll/cmsidewiki.html
IE: {{878AC5FC-BE78-4bae-896C-7F75B790A71E} - c:\program files (x86)\PokerStars.BE\PokerStarsUpdate.exe
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\programs\PartyGaming\PartyCasino\RunApp.exe
TCP: DhcpNameServer = 195.130.130.5 195.130.131.5
FF - ProfilePath - c:\users\Giovanny\AppData\Roaming\Mozilla\Firefox\ Profiles\dp8lu0as.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000.10004&q=
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
ShellIconOverlayIdentifiers-{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} - (no file)
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
.
************************************************** ************************
.
Voltooingstijd: 2012-04-16 00:17:27 - machine werd herstart
ComboFix-quarantined-files.txt 2012-04-15 22:17
ComboFix2.txt 2012-04-12 22:51
.
Pre-Run: 54.568.939.520 bytes beschikbaar
Post-Run: 54.184.706.048 bytes beschikbaar
.
- - End Of File - - DE48A0BB2332A1145D614DFB223D5938

Het probleem is nog niet van de baan vreemd genoeg