1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Acute debilitating slowdown and lagging

Discussion in 'Virus & Other Malware Removal' started by JohnnyNatrium, Feb 21, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. JohnnyNatrium

    JohnnyNatrium Thread Starter

    Joined:
    Feb 21, 2013
    Messages:
    17
    My system has taken a debilitating hit in performance, which probably came forth from running a suspicious file just before the first symptoms. Many games would be about 90% slower, media players stutter (both audio and visual), and my PC is getting generally hard to handle, which is of course unacceptable, especially considering how well it used to run, and with my system being outfitted with an ASUS Rampage Extreme IV, the Intel i7-3960 Xtreme and 32Gb of top-tier RAM. This predicament is making me very worried, also about the 6Tb in important files which are impossible to back up for me.

    Anyway, although I'd best get to the point, one thing I should mention is that I found a 32bit svchost.exe running in my (64Bit) process explorer, which I terminated. This resulted in a huge performance increase in games and videos ceased to stutter. However the performance was still far from what it used to be and as I speak my media players have also begun to lag again. It's obvious that the problem lies deeper than one process that's running, which I assumed at the time I terminated it as well. Since it has only been occurring since three days or so, I also don't doubt that the symptoms could get a lot worse, infecting more of my system et cetera. This is why I'd urgently like to fix this.

    I wanted to run combofix, which I read about, but I also decided to heed the warning that I should consult someone who's knowledgeable, and since I see that this is often the case here, I'd be very happy if I could receive help with this, and get my system functional again. Thanks in advance.
    I will now go and generate+post the log contents that are specified in the instructions, in multiple parts because of the character limit, where the GMER log alone is taking up about 80% (FYI; the keylogger KGB is running with my knowledge and intent, for my own logging purposes).

    --------------------------------------------------------------------------------------------------------------
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:41:06, on 21-2-2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16464)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\GoforFiles\GFFUpdater.exe
    C:\Program Files (x86)\KGB\MPK.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    C:\Program Files (x86)\Steam\steam.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
    C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
    C:\Users\Johnny Natrium\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
    C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
    C:\Windows\SysWOW64\CTXFISPI.EXE
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\ConsoLCu.exe
    C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
    C:\Program Files (x86)\foobar2000\foobar2000.exe
    K:\Fraps\fraps.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Program Files (x86)\eMule\emule.exe
    C:\Program Files (x86)\KGB\MPKView.exe
    D:\The Real New Downloads\-crysis3 english\New folder\VGMToolbox.exe
    C:\PROGRA~2\FOXITS~1\FOXITR~1\FOXITR~1.EXE
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe
    C:\Program Files (x86)\Notepad++\notepad++.exe
    C:\Users\Johnny Natrium\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: uTorrentBar_NL Toolbar - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
    O2 - BHO: Ask Toolbar BHO - {4D594333-0076-A76A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport.dll" (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: uTorrentBar_NL - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
    O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: uTorrentBar_NL Toolbar - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
    O3 - Toolbar: Ask Toolbar - {4D594333-0076-A76A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport.dll" (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
    O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
    O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe] C:\Users\Johnny Natrium\AppData\Roaming\Adobe\color.vbe
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\RGSCLauncher.exe /silent
    O4 - HKCU\..\Run: [MP3 Skype Recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
    O4 - HKCU\..\Run: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKLM\..\Policies\Explorer\Run: [Mpk.exe] C:\Program Files (x86)\KGB\Mpk.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-2236690658-417004235-178033201-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-2236690658-417004235-178033201-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - Startup: Dropbox.lnk = C:\Users\Johnny Natrium\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: PowerMenu.lnk = E:\Program Files (x86)\PowerMenu\PowerMenu.exe
    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
    O4 - Global Startup: Snagit 11.lnk = C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4COM.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: SafeBox - Bitdefender - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 16819 bytes

    ----------------------------------------------------------------------------------------------------------------

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.9.2
    Run by Johnny Natrium at 9:45:02 on 2013-02-21
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1033.18.32743.23634 [GMT 1:00]
    .
    AV: Bitdefender Antivirus *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Bitdefender Antispyware *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
    FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\GoforFiles\GFFUpdater.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\IProsetMonitor.exe
    C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    C:\Program Files (x86)\KGB\MPK.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
    C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    C:\Program Files (x86)\Steam\steam.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
    C:\Users\Johnny Natrium\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
    C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\SysWOW64\CTXFISPI.EXE
    C:\Program Files (x86)\KGB\MPK64.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\ConsoLCu.exe
    C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\foobar2000\foobar2000.exe
    K:\Fraps\fraps.exe
    K:\Fraps\fraps64.dat
    C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Windows\system32\taskmgr.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Program Files (x86)\eMule\emule.exe
    C:\Program Files (x86)\KGB\MPKView.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\Program Files\WinRAR\WinRAR.exe
    D:\The Real New Downloads\-crysis3 english\New folder\VGMToolbox.exe
    C:\Windows\System32\Magnify.exe
    C:\Windows\system32\SndVol.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\PROGRA~2\FOXITS~1\FOXITR~1\FOXITR~1.EXE
    C:\Windows\explorer.exe
    C:\Windows\explorer.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files (x86)\Notepad++\notepad++.exe
    C:\Users\Johnny Natrium\Desktop\HijackThis.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uSearch Bar = hxxp://www.google.com/ie
    mStart Page = about:blank
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
    mURLSearchHooks: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
    mWinlogon: Userinit = userinit.exe
    BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
    BHO: Ask Toolbar: {4D594333-0076-A76A-76A7-7A786E7484D7} -
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
    BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: uTorrentBar_NL Toolbar: {87775FDB-6972-41F9-AE51-8326E38CB206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
    TB: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
    TB: Ask Toolbar: {4D594333-0076-A76A-76A7-7A786E7484D7} -
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [RGSC] C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\RGSCLauncher.exe /silent
    uRun: [MP3 Skype Recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
    uRun: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
    mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
    mRun: [UpdReg] C:\Windows\UpdReg.EXE
    mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Adobe] C:\Users\Johnny Natrium\AppData\Roaming\Adobe\color.vbe
    mExplorerRun: [Mpk.exe] C:\Program Files (x86)\KGB\Mpk.exe
    StartupFolder: C:\Users\JOHNNY~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Johnny Natrium\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\JOHNNY~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\POWERM~1.LNK - E:\Program Files (x86)\PowerMenu\PowerMenu.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
    uPolicies-System: EnableLUA = dword:0
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: HideSCAHealth = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
    TCP: NameServer = 62.179.104.196 213.46.228.196
    TCP: Interfaces\{EFA86BBB-8A74-4A43-A1E0-89AA69DA6016} : DHCPNameServer = 62.179.104.196 213.46.228.196
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = about:blank
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
    x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
    x64-Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
    x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" -f "C:\ProgramData\NVIDIA\Updatus\NvTmru\nvtmru.dat"
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\0v34jgl7.default\
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
    FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
    FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
    FF - ExtSQL: 2013-02-18 16:20; [email protected]; C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\0v34jgl7.default\extensions\[email protected]
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-3-23 36448]
    R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2012-10-25 707528]
    R0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2012-10-25 145696]
    R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2011-9-14 562456]
    R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2012-10-13 23832]
    R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2012-10-25 93160]
    R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2012-10-25 103504]
    R1 BDVEDISK;BDVEDISK;C:\Windows\System32\drivers\bdvedisk.sys [2012-10-25 76944]
    R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2012/10/16 12:16:24];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2009-2-28 146928]
    R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2012-12-13 166600]
    R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
    R2 DigiNet;Digidesign Ethernet Support;C:\Windows\System32\drivers\diginet.sys [2012-11-9 23384]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2012-10-13 7168]
    R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-10-13 171688]
    R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-12-5 5739008]
    R2 PaceLicenseDServices;PACE License Services;C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2012-5-18 2938880]
    R2 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2012-10-25 95184]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-29 1103392]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-29 1369624]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-2-9 383264]
    R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-10-25 68416]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-14 129000]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-14 394216]
    R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2012-10-25 261056]
    R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2012-10-25 589000]
    R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-13 28832]
    R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2012-10-13 230488]
    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2012-10-13 1494104]
    R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2012-10-13 1678936]
    R3 iLokDrvr;Usb Driver;C:\Windows\System32\drivers\iLokDrvr.sys [2012-5-16 25752]
    R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-10-11 44928]
    R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-10-11 29696]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-10-27 121416]
    R3 Saffire;Saffire;C:\Windows\System32\drivers\Saffire.sys [2013-2-8 231136]
    R3 SaffireAudio;Saffire Audio;C:\Windows\System32\drivers\SaffireAudio.sys [2013-2-8 41824]
    R3 SaffireMidi;Saffire MIDI;C:\Windows\System32\drivers\SaffireMidi.sys [2013-2-8 51168]
    R3 t3;Sound Blaster X-Fi Xtreme Audio (Vista);C:\Windows\System32\drivers\t3.sys [2008-1-29 630272]
    R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-29 168384]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-13 36000]
    S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2011-3-13 51872]
    S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2012-10-25 82384]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-13 298656]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-13 201376]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-13 55456]
    S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-13 154272]
    S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-13 280224]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-11-10 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-10-13 79360]
    S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2012-10-13 230488]
    S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2012-10-13 1494104]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2012-10-13 95320]
    S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2012-10-13 95320]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
    S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
    S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-14 1255736]
    S4 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2012-10-25 68880]
    .
    =============== Created Last 30 ================
    .
    2013-02-20 04:28:38 -------- d-----w- C:\Users\Johnny Natrium\bin
    2013-02-19 23:44:21 232904 ----a-w- C:\Windows\SysWow64\poclbm121016GeForce GTX 690gv1w256l4.bin
    2013-02-19 17:41:04 438272 ----a-r- C:\Windows\SysWow64\vp6vfw.dll
    2013-02-19 17:41:04 327680 ----a-w- C:\Windows\SysWow64\vp6dec.ax
    2013-02-19 14:42:54 -------- d-----w- C:\Windows\.soulsplit
    2013-02-19 14:35:46 -------- d-----w- C:\Users\Johnny Natrium\AppData\Local\NVIDIA
    2013-02-18 20:13:38 -------- d-----w- C:\Program Files\Origin Games
    2013-02-18 20:12:11 -------- d-----w- C:\Program Files (x86)\Origin
    2013-02-18 20:05:44 1171456 ----a-w- C:\Windows\SysWow64\msvcr80d.dll
    2013-02-18 20:05:38 1171456 ----a-w- C:\Windows\System32\msvcr80d.dll
    2013-02-18 15:36:35 -------- d-----w- C:\Program Files\Cakewalk
    2013-02-18 12:56:28 -------- d-----w- C:\ProgramData\Origin
    2013-02-15 14:20:22 -------- d-----w- C:\jah_data
    2013-02-15 09:04:01 -------- d-----w- C:\Users\Johnny Natrium\FXPansion.VST.to.RTAS.Adapter.v2.1.1.WIN.MAC.OSX.UB.PPC-AMPLiFY
    2013-02-14 20:47:05 -------- d-----w- C:\Users\Johnny Natrium\AppData\Local\Spectrasonics
    2013-02-14 20:12:18 -------- d-----w- C:\ProgramData\Spectrasonics
    2013-02-14 15:33:01 -------- d-----w- C:\Users\Johnny Natrium\AppData\Roaming\Arturia
    2013-02-14 15:30:54 1277952 ----a-w- C:\Windows\SysWow64\SYNSOACC.dll
    2013-02-14 15:18:43 710496 ----a-w- C:\Program Files (x86)\Uninstall Information\{ABAF1232-6213-4062-9D52-04E04A730CEA}\unins000.exe
    2013-02-14 12:41:49 -------- d-----w- C:\Program Files (x86)\u-he
    2013-02-14 11:47:24 -------- d-----w- C:\Users\Johnny Natrium\AppData\Roaming\Novation
    2013-02-14 11:40:35 -------- d-----w- C:\Users\Johnny Natrium\AppData\Roaming\Applied Acoustics Systems
    2013-02-13 22:49:31 -------- dc----w- C:\ProgramData\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418}
    2013-02-13 22:35:00 57344 ----a-w- C:\Windows\SysWow64\Wnaspint.dll
    2013-02-13 22:34:40 -------- d-----w- C:\Program Files (x86)\Acoustica Shared Effects
    2013-02-13 22:30:36 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2013-02-13 22:30:31 -------- d-----w- C:\Program Files (x86)\Acoustica Mixcraft 5
    2013-02-13 16:49:36 -------- d-----w- C:\Users\Johnny Natrium\PSP emu
    2013-02-13 11:27:55 -------- d-----w- C:\rev_data
    2013-02-10 20:38:52 -------- d-----w- C:\Program Files\Nexus Mod Manager
    2013-02-09 17:43:52 555808 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2013-02-09 10:37:27 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
    2013-02-09 10:37:27 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
    2013-02-09 10:37:27 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
    2013-02-09 10:37:27 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
    2013-02-09 10:37:27 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
    2013-02-09 10:37:27 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
    2013-02-08 14:43:13 -------- d-----w- C:\Program Files (x86)\Focusrite
    2013-02-08 13:48:23 98816 ----a-w- C:\Windows\SysWow64\SaffireAsio.dll
    2013-02-08 13:48:23 73728 ----a-w- C:\Windows\SysWow64\Uninstall.dll
    2013-02-08 13:48:23 51168 ----a-w- C:\Windows\System32\drivers\SaffireMidi.sys
    2013-02-08 13:48:23 41824 ----a-w- C:\Windows\System32\drivers\SaffireAudio.sys
    2013-02-08 13:48:23 231136 ----a-w- C:\Windows\System32\drivers\Saffire.sys
    2013-02-08 13:48:23 109568 ----a-w- C:\Windows\System32\SaffireAsio.dll
    2013-02-08 13:48:22 -------- d-----w- C:\Program Files\Focusrite
    2013-02-06 10:31:24 17987192 ----a-w- C:\Windows\System32\nvd3dumx.dll
    2013-02-01 20:58:19 -------- d-----r- C:\Program Files (x86)\Skype
    2013-02-01 13:59:11 -------- d-----w- C:\orgel_data
    2013-02-01 12:42:18 -------- d-----w- C:\Program Files (x86)\Foose Foobar2000
    2013-01-31 11:43:04 -------- d-----w- C:\Program Files (x86)\WAV to AC3 Encoder
    2013-01-31 11:23:45 -------- d-----w- C:\Program Files\WAV to AC3 Encoder
    2013-01-30 22:26:11 -------- d-----w- C:\Equalizer Presets
    2013-01-30 20:29:52 -------- d-----w- C:\Program Files (x86)\SoundSpectrum
    2013-01-30 15:28:41 -------- d-----w- C:\Program Files (x86)\lame
    2013-01-30 14:31:00 4422 ----a-w- C:\STF9050.tmp
    2013-01-29 09:26:50 -------- d-----w- C:\Program Files (x86)\Portable
    2013-01-29 02:01:43 -------- d-----w- C:\Warrior Gamez
    2013-01-29 01:18:50 -------- d-----w- C:\Program Files (x86)\Fusion364
    2013-01-28 17:46:17 315392 ----a-w- C:\Windows\System32\asio2ks.cpl
    2013-01-27 19:12:35 -------- d-----w- C:\Program Files (x86)\Sony
    2013-01-27 18:43:22 -------- d-----w- C:\Windows\SysWow64\winevt
    2013-01-27 18:43:22 -------- d-----w- C:\Windows\SysWow64\spool
    2013-01-27 18:43:22 -------- d-----w- C:\Windows\SysWow64\SMI
    2013-01-27 15:18:52 -------- d-----w- C:\Users\Johnny Natrium\Queen - Sheer Heart Attack
    2013-01-27 15:13:01 -------- d-----w- C:\Users\Johnny Natrium\Queen - News Of The World
    2013-01-27 15:06:48 -------- d-----w- C:\Program Files (x86)\FLAC
    2013-01-27 14:55:08 -------- d-----w- C:\Users\Johnny Natrium\Queen - The Works
    2013-01-27 10:09:19 -------- d-----w- C:\Users\Johnny Natrium\Queen - Queen II
    2013-01-26 10:08:09 -------- d-----w- C:\Program Files (x86)\DmC Devil May Cry
    2013-01-24 18:55:04 -------- d-----w- C:\singing_data
    2013-01-24 13:37:22 -------- d-----w- C:\Users\Johnny Natrium\AppData\Roaming\foobar2000
    2013-01-24 13:37:16 -------- d-----w- C:\Program Files (x86)\foobar2000
    2013-01-24 13:26:54 -------- d-----w- C:\Users\Johnny Natrium\Queen - Hot Space (1)
    2013-01-24 13:14:35 279728 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
    2013-01-24 13:14:35 -------- d-----w- C:\Program Files (x86)\Illustrate
    2013-01-24 13:11:10 973824 ----a-w- C:\Users\Johnny Natrium\sacd_extract.exe
    2013-01-24 09:20:56 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2013-01-23 18:34:25 -------- d-----w- C:\Frge 80s pad_data
    2013-01-23 18:30:07 -------- d-----w- C:\droomlied_data
    2013-01-23 15:24:30 -------- d-----w- C:\Mixcraft
    2013-01-23 15:09:39 -------- d-----w- C:\Users\Johnny Natrium\AppData\Roaming\SynthMaker
    2013-01-23 15:08:07 -------- d-----w- C:\Program Files (x86)\Acoustica Mixcraft 6
    2013-01-22 19:49:03 -------- d-----w- C:\Users\Johnny Natrium\AppData\Local\Aspire_Softs
    .
    ==================== Find3M ====================
    .
    2013-02-20 10:48:38 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2013-02-20 10:48:38 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2013-02-20 06:17:46 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2013-02-18 09:24:51 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-18 09:24:51 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-02-10 01:04:31 6393120 ----a-w- C:\Windows\System32\nvcpl.dll
    2013-02-10 01:04:31 3472672 ----a-w- C:\Windows\System32\nvsvc64.dll
    2013-02-10 01:04:29 877856 ----a-w- C:\Windows\System32\nvvsvc.exe
    2013-02-10 01:04:29 63776 ----a-w- C:\Windows\System32\nvshext.dll
    2013-02-10 01:04:29 237856 ----a-w- C:\Windows\System32\nvmctray.dll
    2013-01-29 20:50:28 82384 ----a-w- C:\Windows\System32\drivers\bdsandbox.sys
    2013-01-29 20:50:22 707528 ----a-w- C:\Windows\System32\drivers\avc3.sys
    2013-01-29 20:50:17 589000 ----a-w- C:\Windows\System32\drivers\avckf.sys
    2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
    2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-12-29 10:34:47 1813432 ----a-w- C:\Windows\System32\nvdispco64.dll
    2012-12-29 10:34:47 1504696 ----a-w- C:\Windows\System32\nvdispgenco64.dll
    2012-12-19 05:42:00 31672 ----a-w- C:\Windows\System32\nvhdap64.dll
    2012-12-19 05:41:52 194488 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
    2012-12-18 08:31:25 1510328 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
    2012-12-17 04:13:42 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-12-17 04:13:42 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-10 18:09:55 261056 ----a-w- C:\Windows\System32\drivers\avchv.sys
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-12-02 08:42:05 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-12-01 05:49:26 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    .
    ============= FINISH: 9:45:39,48 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume2
    Install Date: 13-10-2012 10:23:00
    System Uptime: 20-2-2013 0:38:54 (33 hours ago)
    .
    Motherboard: ASUSTeK COMPUTER INC. | | RAMPAGE IV EXTREME
    Processor: Intel(R) Core(TM) i7-3960X CPU @ 3.30GHz | LGA2011 | 3301/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 932 GiB total, 26,142 GiB free.
    D: is FIXED (NTFS) - 931 GiB total, 16,95 GiB free.
    E: is CDROM (CDFS)
    F: is FIXED (NTFS) - 1863 GiB total, 101,234 GiB free.
    K: is FIXED (NTFS) - 1863 GiB total, 137,168 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20
    Acoustica Effects Pack
    Acoustica Mixcraft 5
    Acoustica Mixcraft 6
    ADM 1.0.1
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Antares Autotune Evo VST RTAS v6.0.9
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASIO4ALL
    Ask Toolbar
    Asmedia ASM104x USB 3.0 Host Controller Driver
    Asmedia ASM106x SATA Host Controller Driver
    Assassin's Creed Brotherhood
    AstroPop Deluxe 1.1
    µTorrent
    Audacity 2.0.2
    Avid Effects
    Avid HD Driver (x64)
    Avid Pro Tools
    Bass Station 1.7
    Batman: Arkham City™ GOTY
    Bitdefender Total Security 2013
    Bluetooth Win7 Suite (64)
    Bonjour
    Burnout(TM) Paradise The Ultimate Box
    Cheat Engine 6.2
    Creative ALchemy
    Creative Audio Control Panel
    Creative Diagnostics
    Creative Software AutoUpdate
    Creative Sound Blaster Properties x64 Edition
    Creative System Information
    CyberLink PowerDVD 9
    D3DX10
    Dead Space 2
    Dead Space 3 version 1.0.0.0
    Descent 3 and Mercenary Expansion
    Dishonored, âåðñèÿ RePack by =×óâàê=
    DMC Devi May Cry (c) Capcom version 1
    DmC Devil May Cry
    Dolby Digital Live Pack
    Dropbox
    DTS Connect Pack
    Dual-Core Optimizer
    Dxtory version 2.0.119
    eLicenser Control
    eMule
    Escape Whisper Valley
    EWQL Orchestra
    Fab Four
    Far Cry 3
    Far Cry 3 3.1.0.3
    ffdshow v1.2.4422 [2012-04-09]
    FL Studio 10
    FLAC 1.2.1b (remove only)
    FlvRipper
    Focusrite Scarlett Plug-in Suite 1.1
    foobar2000 v1.2.2
    Forsaken
    Fraps (remove only)
    G-Force
    GoforFiles
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Grand Theft Auto IV
    Half-Life 2
    Hard Reset
    Hitman: Absolution
    IL Download Manager
    IL Shared Libraries
    ImgBurn
    Indiana Jones and the Emperors Tomb
    Intel(R) Management Engine Components
    Intel(R) Network Connections 16.5.2.0
    Intel(R) Rapid Storage Technology enterprise
    iTunes
    Java 7 Update 9
    Java 7 Update 9 (64-bit)
    Java Auto Updater
    Jun's Factory JM-1
    Jupiter-8V2 2.5.2
    K-Lite Codec Pack 9.1.0 (Full)
    Kentucky Route Zero Act 1 • OpenBox
    L.A. Noire
    Legacy of Kain Soul Reaver 2
    License Support
    Little Big Adventure
    Little Big Adventure for Windows 0.8.1
    Mahjong Escape: Ancient Japan 1.0.0.1
    ManyCam 3.1.21
    McAfee Security Scan Plus
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mini V 2.5.4
    minimoog V
    Moog Modular V 2 2.6.1
    Morrowind
    MotioninJoy Gamepad tool 0.7.1001
    Mozilla Firefox 19.0 (x86 en-GB)
    Mozilla Maintenance Service
    MP3 Skype Recorder
    MSVCRT
    MSVCRT Redists
    MSVCRT110
    MSVCRT110_amd64
    My Game Long Name
    Mystery P.I. - The New York Fortune
    Native Instruments Controller Editor
    Native Instruments Guitar Rig 5
    Native Instruments Guitar Rig Mobile I/O
    Native Instruments Guitar Rig Session I/O
    Native Instruments Kontakt 5
    Native Instruments Rig Kontrol 3
    Native Instruments Service Center
    Nexus Mod Manager
    Noise Reduction Plug-In 2.0
    Notepad++
    NVIDIA 3D Vision Controller Driver 314.07
    NVIDIA 3D Vision Driver 314.07
    NVIDIA Control Panel 314.07
    NVIDIA GeForce Experience 1.0.1 (BETA)
    NVIDIA Graphics Driver 314.07
    NVIDIA HD Audio Driver 1.3.23.1
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.1031
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 2.47.62
    NVIDIA Update Components
    OpenAL
    Orcs Must Die! 2
    Origin
    Photo Common
    Picasa 3
    Play Update 3.0.40
    PowerDVD
    PowerISO
    Primordia
    Prince of Persia
    Project: Snowblind 1.0
    Project64 1.6
    Prophet-V2 2.5.3
    QL Goliath
    QL Ministry of Rock
    QL Pianos Gold
    QL Stormdrum 2
    Quest for Glory Pack
    QuickTime
    RCRN - Realistic Colors and Real Nights v3.6
    Realtek High Definition Audio Driver
    Rockstar Games Social Club
    Saffire MixControl 2.4
    Sanitarium
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Skype™ 6.1
    Snagit 11
    Soldier of Fortune - Community Edition 5.0
    Soldier of Fortune II - Double Helix GOLD
    Sound Blaster X-Fi
    Sound Forge Pro 10.0
    Spark 1.5.0
    Spec Ops The Line
    Spectrasonics Omnisphere Library version 1.0
    Spectrasonics Omnisphere VSTi Plug-In version 1.5
    Spectrasonics Trilian Library version 1.0
    Spectrasonics Trilian VSTi Plug-In version 1.4
    Spybot - Search & Destroy
    Star Trek Voyager Elite Force
    Steam
    Steinberg Cubase 5
    Steinberg Drum Loop Expansion 01
    Steinberg Groove Agent ONE Content
    Steinberg HALionOne
    Steinberg HALionOne Expression Set
    Steinberg HALionOne GM Drum Set
    Steinberg HALionOne GM Set
    Steinberg HALionOne Pro Set
    Steinberg HALionOne Studio Drum Set
    Steinberg HALionOne Studio Set
    Steinberg LoopMash Content
    Steinberg REVerence Content 01
    Switch Sound File Converter
    System Shock2
    TS Tweaker v1.2
    Tales of Monkey Island - Launch of the Screaming Narwhal
    Tales of Monkey Island - The Siege of Spinner Cay
    TES Construction Set
    The 11th Hour
    The Chronicles of Riddick - Assault on Dark Athena
    The Elder Scrolls V: Skyrim
    The Godfather™ The Game
    The Testament of Sherlock Holmes
    Thief - Deadly Shadows Collective Texture Pack by John P., ver. 1.0.3
    Thief Gold
    Thief: Deadly Shadows
    TrackMania 2
    Ubisoft Game Launcher
    Under a Killing Moon
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Uplay
    Ustream Producer
    uTorrentBar_NL Toolbar
    Veetle Broadcaster 0.9.18
    Visual C++ 64-bit Redistributables
    Visual C++ Redistributables
    VLC media player 2.0.4
    WAV to AC3 Encoder 5.0
    WAV to AC3 Encoder 5.0-AMD64
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinRAR 4.20 (64-bit)
    Zork Grand Inquisitor
    .
    ==== End Of File ===========================
     
  2. JohnnyNatrium

    JohnnyNatrium Thread Starter

    Joined:
    Feb 21, 2013
    Messages:
    17
    Trying to post the sickeningly massive GMER log (even though I only ran a Quick Scan), which would have to be done in three parts, is bugging like crazy. It could be my failing system but in any case it seems to just freeze up.
    I'll try smaller parts when the log is specifically requested by a helper.
     
  3. JohnnyNatrium

    JohnnyNatrium Thread Starter

    Joined:
    Feb 21, 2013
    Messages:
    17
    My media players are now lagging beyond lagging. I can't play anything without it completely freezing every second of playback for an average of about 10 seconds. It is indiscriminating in which media player though, and performance aside from media players is also harpened in general. I do not suspect the issue to be directly related to media player installations et cetera. The suspicious file that I ran was a supposed DRM crack, which did yield a warning before I allowed it access and implemented it anyway. False positives in these regards are common, but the thing is that the download for it was removed immediately and the crack proved fake. Symptoms started soon after. I have of course removed every copy of it, to no avail.
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,378
    First Name:
    Kevin
    There is a definite infection running on your system, keylogger or similar. Run the following:

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  5. JohnnyNatrium

    JohnnyNatrium Thread Starter

    Joined:
    Feb 21, 2013
    Messages:
    17
    Thanks for the swift reply.
    One thing that's evident is that it indeed deleted every trace of REFOG's KGB personal keylogger which, like I said, was installed and used by my own initiative and express permmission, along with some other useful files. From the Combofix log I can tell that it basically deleted my entire log (all the lines to do with MPK are basically that keylogger, so I guess that could be ignored when tracking anything infected down, and to decrease the amount of characters by a long way I'll omit the lines where the deletion of an MPK logfile was parsed), which is a less desirable effect. But really I couldn't care less about that now, with my system compromised like this.

    Now, before I paste the log it created after rebooting once, I'd like to get two things noted:
    - The log was created (automatically) in Dutch, which is hopefully not too big a problem since I'm sure at least the format is the same and only standard prompts are yielded this way. Anything that's unclear should be pretty easily translated as well (I could provide if this would be desirable, or google or something).
    - The second thing is that, after this reboot, I just took a look at my processes tab in Task Manager and saw that the 32bit svchost.exe (*32) was running again (along with 12 other *64 svchost.exe instances). I terminated that one again as I'm sure this is part of the infection. I only hope that combofix was not supposed to have cleaned it up, because if so it hasn't worked yet (I'm not knowledgeable when it comes to these things).

    Now here's the log:

    ComboFix 13-02-20.01 - Johnny Natrium 21-02-2013 12:44:40.1.12 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1033.18.32743.26425 [GMT 1:00]
    Gestart vanuit: c:\users\Johnny Natrium\Desktop\ComboFix.exe
    AV: Bitdefender Antivirus *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
    FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
    SP: Bitdefender Antispyware *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\data
    c:\data\Arturia.exe
    c:\data\set.exe
    C:\install.exe
    c:\programdata\1349292212.bdinstall.bin
    c:\programdata\1351175050.bdinstall.bin
    c:\programdata\MPK
    (thousands upon thousands of log files)
    c:\programdata\MPK\etilqs_2fLs1rbOyDalkqB
    c:\programdata\MPK\mpk.db
    C:\STF1E2C.tmp
    c:\users\Johnny Natrium\AppData\Local\assembly\tmp
    c:\users\Johnny Natrium\AppData\Roaming\Microsoft\~DFK86ae0b9.tmp
    c:\users\Johnny Natrium\AppData\Roaming\Microsoft\1eaadjc.dll
    c:\users\Johnny Natrium\AppData\Roaming\Microsoft\bass.dll
    c:\users\Johnny Natrium\AppData\Roaming\Microsoft\engine_vx.dll
    c:\users\Johnny Natrium\AppData\Roaming\Microsoft\kfgresk.dll
    c:\users\Johnny Natrium\AppData\Roaming\Microsoft\peaadje.dll
    c:\users\Johnny Natrium\AppData\Roaming\Microsoft\qwadjb.dll
    c:\users\Johnny Natrium\AppData\Roaming\Microsoft\rsaadjd.dll
    c:\users\Johnny Natrium\AppData\Roaming\Microsoft\Windows\Recent\Grand Theft Auto San Andreas.url
    c:\users\Johnny Natrium\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\REFOG Personal Monitor
    c:\users\Johnny Natrium\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\REFOG Personal Monitor\Order now!.lnk
    c:\users\Johnny Natrium\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\REFOG Personal Monitor\REFOG Personal Monitor on the Web.lnk
    c:\users\Johnny Natrium\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\REFOG Personal Monitor\REFOG Personal Monitor.lnk
    c:\users\Johnny Natrium\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\REFOG Personal Monitor\Uninstall REFOG Personal Monitor.lnk
    c:\users\Johnny Natrium\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UpdateDrv.exe
    c:\users\Johnny Natrium\sacd_extract.exe
    c:\windows\SysWow64\SET94B3.tmp
    D:\autorun.inf
    D:\install.exe
    D:\setup.exe
    K:\install.exe
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2013-01-21 to 2013-02-21 ))))))))))))))))))))))))))))))
    .
    .
    2013-02-21 12:07 . 2013-02-21 12:07 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-20 04:28 . 2008-07-21 12:30 -------- d-----w- c:\users\Johnny Natrium\bin
    2013-02-19 23:44 . 2013-02-19 23:44 232904 ----a-w- c:\windows\SysWow64\poclbm121016GeForce GTX 690gv1w256l4.bin
    2013-02-19 17:41 . 2005-06-24 15:24 438272 ----a-r- c:\windows\SysWow64\vp6vfw.dll
    2013-02-19 17:41 . 2004-12-10 08:06 327680 ----a-w- c:\windows\SysWow64\vp6dec.ax
    2013-02-19 14:42 . 2013-02-19 14:42 -------- d-----w- c:\windows\.soulsplit
    2013-02-19 14:35 . 2013-02-19 14:35 -------- d-----w- c:\users\Johnny Natrium\AppData\Local\NVIDIA
    2013-02-18 20:13 . 2013-02-18 20:13 -------- d-----w- c:\program files\Origin Games
    2013-02-18 20:12 . 2013-02-18 20:13 -------- d-----w- c:\program files (x86)\Origin
    2013-02-18 20:05 . 2007-06-29 02:07 1171456 ----a-w- c:\windows\SysWow64\msvcr80d.dll
    2013-02-18 20:05 . 2007-06-29 02:07 1171456 ----a-w- c:\windows\system32\msvcr80d.dll
    2013-02-18 15:36 . 2013-02-18 15:36 -------- d-----w- c:\program files\Cakewalk
    2013-02-18 12:56 . 2013-02-18 20:13 -------- d-----w- c:\programdata\Origin
    2013-02-15 14:20 . 2013-02-15 14:20 -------- d-----w- C:\jah_data
    2013-02-15 09:04 . 2008-11-19 18:38 -------- d-----w- c:\users\Johnny Natrium\FXPansion.VST.to.RTAS.Adapter.v2.1.1.WIN.MAC.OSX.UB.PPC-AMPLiFY
    2013-02-14 20:47 . 2013-02-18 23:23 -------- d-----w- c:\users\Johnny Natrium\AppData\Local\Spectrasonics
    2013-02-14 20:12 . 2013-02-18 15:36 -------- d-----w- c:\programdata\Spectrasonics
    2013-02-14 15:33 . 2013-02-20 17:59 -------- d-----w- c:\users\Johnny Natrium\AppData\Roaming\Arturia
    2013-02-14 15:30 . 2011-12-14 19:12 1277952 ----a-w- c:\windows\SysWow64\SYNSOACC.dll
    2013-02-14 15:18 . 2013-02-14 15:18 710496 ----a-w- c:\program files (x86)\Uninstall Information\{ABAF1232-6213-4062-9D52-04E04A730CEA}\unins000.exe
    2013-02-14 12:41 . 2013-02-14 12:41 -------- d-----w- c:\program files (x86)\u-he
    2013-02-14 11:47 . 2013-02-14 11:47 -------- d-----w- c:\users\Johnny Natrium\AppData\Roaming\Novation
    2013-02-14 11:40 . 2013-02-14 11:40 -------- d-----w- c:\users\Johnny Natrium\AppData\Roaming\Applied Acoustics Systems
    2013-02-13 22:49 . 2013-02-13 22:49 -------- dc----w- c:\programdata\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418}
    2013-02-13 22:35 . 2009-12-14 14:25 57344 ----a-w- c:\windows\SysWow64\Wnaspint.dll
    2013-02-13 22:34 . 2013-02-13 22:34 -------- d-----w- c:\program files (x86)\Acoustica Shared Effects
    2013-02-13 22:30 . 2009-12-14 14:24 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2013-02-13 22:30 . 2013-02-13 22:45 -------- d-----w- c:\program files (x86)\Acoustica Mixcraft 5
    2013-02-13 16:49 . 2013-02-13 20:48 -------- d-----w- c:\users\Johnny Natrium\PSP emu
    2013-02-13 11:27 . 2013-02-13 11:27 -------- d-----w- C:\rev_data
    2013-02-10 20:38 . 2013-02-10 20:38 -------- d-----w- c:\program files\Nexus Mod Manager
    2013-02-09 17:43 . 2013-02-09 17:43 555808 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2013-02-09 10:37 . 2013-02-09 10:37 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
    2013-02-09 10:37 . 2013-02-09 10:37 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
    2013-02-09 10:37 . 2004-10-22 01:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
    2013-02-09 10:37 . 2004-10-22 01:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
    2013-02-09 10:37 . 2004-10-22 01:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
    2013-02-09 10:37 . 2004-10-22 01:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
    2013-02-08 14:43 . 2013-02-08 14:43 -------- d-----w- c:\program files (x86)\Focusrite
    2013-02-08 13:48 . 2011-08-19 14:55 98816 ----a-w- c:\windows\SysWow64\SaffireAsio.dll
    2013-02-08 13:48 . 2011-08-19 14:55 51168 ----a-w- c:\windows\system32\drivers\SaffireMidi.sys
    2013-02-08 13:48 . 2011-08-19 14:55 41824 ----a-w- c:\windows\system32\drivers\SaffireAudio.sys
    2013-02-08 13:48 . 2011-08-19 14:55 231136 ----a-w- c:\windows\system32\drivers\Saffire.sys
    2013-02-08 13:48 . 2011-08-19 14:55 109568 ----a-w- c:\windows\system32\SaffireAsio.dll
    2013-02-08 13:48 . 2009-05-29 09:02 73728 ----a-w- c:\windows\SysWow64\Uninstall.dll
    2013-02-08 13:48 . 2013-02-08 13:48 -------- d-----w- c:\program files\Focusrite
    2013-02-06 10:32 . 2013-02-19 10:13 -------- d-----w- c:\users\UpdatusUser
    2013-02-06 10:31 . 2013-02-10 03:25 17987192 ----a-w- c:\windows\system32\nvd3dumx.dll
    2013-02-06 07:49 . 2013-02-06 07:49 -------- d-----w- c:\program files (x86)\7-Zip
    2013-02-01 20:58 . 2013-02-01 20:58 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2013-02-01 20:58 . 2013-02-01 20:58 -------- d-----r- c:\program files (x86)\Skype
    2013-02-01 13:59 . 2013-02-01 13:59 -------- d-----w- C:\orgel_data
    2013-02-01 12:42 . 2013-02-01 12:42 -------- d-----w- c:\program files (x86)\Foose Foobar2000
    2013-01-31 14:09 . 2013-01-31 14:09 -------- d-----w- c:\program files (x86)\ImgBurn
    2013-01-31 11:43 . 2013-02-01 12:29 -------- d-----w- c:\program files (x86)\WAV to AC3 Encoder
    2013-01-31 11:23 . 2013-01-31 11:30 -------- d-----w- c:\program files\WAV to AC3 Encoder
    2013-01-30 22:26 . 2003-06-04 09:32 -------- d-----w- C:\Equalizer Presets
    2013-01-30 20:29 . 2013-01-30 20:29 -------- d-----w- c:\program files (x86)\SoundSpectrum
    2013-01-30 15:28 . 2013-01-30 15:28 -------- d-----w- c:\program files (x86)\lame
    2013-01-30 14:31 . 2013-01-30 14:31 4422 ----a-w- C:\STF9050.tmp
    2013-01-29 09:26 . 2013-01-29 09:26 -------- d-----w- c:\program files (x86)\Portable
    2013-01-29 02:01 . 2013-01-29 02:01 -------- d-----w- C:\Warrior Gamez
    2013-01-29 01:18 . 2013-01-29 01:26 -------- d-----w- c:\program files (x86)\Fusion364
    2013-01-28 17:46 . 2003-04-07 18:51 315392 ----a-w- c:\windows\system32\asio2ks.cpl
    2013-01-27 19:12 . 2013-01-27 19:12 -------- d-----w- c:\program files (x86)\Sony
    2013-01-27 18:43 . 2013-01-27 18:43 -------- d-----w- c:\windows\SysWow64\winevt
    2013-01-27 18:43 . 2013-01-27 18:43 -------- d-----w- c:\windows\SysWow64\spool
    2013-01-27 18:43 . 2013-01-27 18:43 -------- d-----w- c:\windows\SysWow64\SMI
    2013-01-27 15:18 . 2013-01-27 15:18 -------- d-----w- c:\users\Johnny Natrium\Queen - Sheer Heart Attack
    2013-01-27 15:13 . 2013-01-30 20:51 -------- d-----w- c:\users\Johnny Natrium\Queen - News Of The World
    2013-01-27 15:06 . 2013-01-27 15:06 -------- d-----w- c:\program files (x86)\FLAC
    2013-01-27 14:55 . 2013-01-27 15:07 -------- d-----w- c:\users\Johnny Natrium\Queen - The Works
    2013-01-27 10:09 . 2013-01-27 10:09 -------- d-----w- c:\users\Johnny Natrium\Queen - Queen II
    2013-01-26 10:08 . 2013-01-26 10:19 -------- d-----w- c:\program files (x86)\DmC Devil May Cry
    2013-01-24 18:55 . 2013-01-24 18:55 -------- d-----w- C:\singing_data
    2013-01-24 13:37 . 2013-02-21 10:37 -------- d-----w- c:\users\Johnny Natrium\AppData\Roaming\foobar2000
    2013-01-24 13:37 . 2013-01-24 13:37 -------- d-----w- c:\program files (x86)\foobar2000
    2013-01-24 13:26 . 2013-01-24 13:33 -------- d-----w- c:\users\Johnny Natrium\Queen - Hot Space (1)
    2013-01-24 13:14 . 2013-01-24 13:14 -------- d-----w- c:\program files (x86)\Illustrate
    2013-01-24 13:14 . 2013-01-24 13:14 279728 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
    2013-01-24 09:20 . 2013-01-24 09:20 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2013-01-23 18:34 . 2013-01-23 18:34 -------- d-----w- C:\Frge 80s pad_data
    2013-01-23 18:30 . 2013-01-23 18:30 -------- d-----w- C:\droomlied_data
    2013-01-23 15:24 . 2013-01-23 18:00 -------- d-----w- C:\Mixcraft
    2013-01-23 15:09 . 2013-01-23 15:09 -------- d-----w- c:\users\Johnny Natrium\AppData\Roaming\SynthMaker
    2013-01-23 15:08 . 2013-02-12 20:36 -------- d-----w- c:\program files (x86)\Acoustica Mixcraft 6
    2013-01-22 19:49 . 2013-01-22 19:49 -------- d-----w- c:\users\Johnny Natrium\AppData\Local\Aspire_Softs
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-20 10:48 . 2012-12-01 10:03 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2013-02-20 10:48 . 2012-10-24 16:35 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2013-02-20 06:17 . 2012-10-24 16:35 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2013-02-18 09:24 . 2012-10-13 13:42 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-18 09:24 . 2012-10-13 13:42 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-02-10 03:25 . 2012-10-13 08:28 15038296 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2013-02-10 03:25 . 2012-10-13 08:28 12862400 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2013-02-10 03:25 . 2012-10-13 08:28 2854344 ----a-w- c:\windows\system32\nvapi64.dll
    2013-02-10 03:25 . 2012-10-13 08:28 2528840 ----a-w- c:\windows\SysWow64\nvapi.dll
    2013-02-10 01:04 . 2012-10-13 08:31 6393120 ----a-w- c:\windows\system32\nvcpl.dll
    2013-02-10 01:04 . 2012-10-13 08:31 3472672 ----a-w- c:\windows\system32\nvsvc64.dll
    2013-02-10 01:04 . 2012-10-13 08:31 877856 ----a-w- c:\windows\system32\nvvsvc.exe
    2013-02-10 01:04 . 2012-10-13 08:31 63776 ----a-w- c:\windows\system32\nvshext.dll
    2013-02-10 01:04 . 2012-10-13 08:31 237856 ----a-w- c:\windows\system32\nvmctray.dll
    2013-01-29 20:50 . 2012-10-25 14:27 82384 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
    2013-01-29 20:50 . 2012-10-25 14:27 707528 ----a-w- c:\windows\system32\drivers\avc3.sys
    2013-01-29 20:50 . 2012-10-25 14:27 589000 ----a-w- c:\windows\system32\drivers\avckf.sys
    2013-01-09 01:48 . 2004-12-31 23:55 17812992 ----a-w- c:\windows\system32\mshtml.dll
    2013-01-09 01:22 . 2004-12-31 23:55 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2013-01-09 01:19 . 2004-12-31 23:55 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2013-01-09 01:12 . 2004-12-31 23:55 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2013-01-09 01:12 . 2004-12-31 23:55 1392128 ----a-w- c:\windows\system32\wininet.dll
    2013-01-09 01:11 . 2004-12-31 23:55 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-01-09 01:10 . 2004-12-31 23:55 237056 ----a-w- c:\windows\system32\url.dll
    2013-01-09 01:09 . 2004-12-31 23:55 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2013-01-09 01:07 . 2004-12-31 23:55 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-01-09 01:07 . 2004-12-31 23:55 816640 ----a-w- c:\windows\system32\jscript.dll
    2013-01-09 01:07 . 2004-12-31 23:55 599040 ----a-w- c:\windows\system32\vbscript.dll
    2013-01-09 01:06 . 2004-12-31 23:55 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2013-01-09 01:05 . 2004-12-31 23:55 2147840 ----a-w- c:\windows\system32\iertutil.dll
    2013-01-09 01:04 . 2004-12-31 23:55 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2013-01-09 01:04 . 2004-12-31 23:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-01-09 01:00 . 2004-12-31 23:55 248320 ----a-w- c:\windows\system32\ieui.dll
    2013-01-08 22:11 . 2004-12-31 23:55 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2013-01-08 22:03 . 2004-12-31 23:55 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2013-01-08 22:03 . 2004-12-31 23:55 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2013-01-08 21:59 . 2004-12-31 23:55 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2013-01-08 21:58 . 2004-12-31 23:55 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2013-01-08 21:56 . 2004-12-31 23:55 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2013-01-05 05:53 . 2004-12-31 23:26 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-05 05:00 . 2004-12-31 23:26 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-01-05 05:00 . 2004-12-31 23:26 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-01-04 05:46 . 2004-12-31 23:26 215040 ----a-w- c:\windows\system32\winsrv.dll
    2013-01-04 04:51 . 2004-12-31 23:26 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2013-01-04 04:43 . 2004-12-31 23:26 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2013-01-04 03:26 . 2004-12-31 23:26 3153408 ----a-w- c:\windows\system32\win32k.sys
    2013-01-04 02:47 . 2004-12-31 23:26 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2013-01-04 02:47 . 2004-12-31 23:26 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2013-01-04 02:47 . 2004-12-31 23:26 2048 ----a-w- c:\windows\SysWow64\user.exe
    2013-01-04 02:47 . 2004-12-31 23:26 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2013-01-03 06:00 . 2004-12-31 23:26 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-01-03 06:00 . 2004-12-31 23:26 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-12-29 10:34 . 2012-10-13 08:28 1813432 ----a-w- c:\windows\system32\nvdispco64.dll
    2012-12-29 10:34 . 2012-10-13 08:28 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll
    2012-12-18 08:31 . 2012-10-13 08:58 1510328 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
    2012-12-17 04:13 . 2012-12-17 04:13 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-12-17 04:13 . 2012-11-06 14:57 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-12-16 17:11 . 2012-12-21 02:00 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-21 02:00 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 02:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 02:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-10 18:09 . 2012-10-25 14:27 261056 ----a-w- c:\windows\system32\drivers\avchv.sys
    2012-12-07 13:20 . 2013-01-09 02:11 441856 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 13:15 . 2013-01-09 02:11 2746368 ----a-w- c:\windows\system32\gameux.dll
    2012-12-07 12:26 . 2013-01-09 02:11 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20 . 2013-01-09 02:11 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
    2012-12-07 11:20 . 2013-01-09 02:11 30720 ----a-w- c:\windows\system32\usk.rs
    2012-12-07 11:20 . 2013-01-09 02:11 43520 ----a-w- c:\windows\system32\csrr.rs
    2012-12-07 11:20 . 2013-01-09 02:11 23552 ----a-w- c:\windows\system32\oflc.rs
    2012-12-07 11:20 . 2013-01-09 02:11 45568 ----a-w- c:\windows\system32\oflc-nz.rs
    2012-12-07 11:20 . 2013-01-09 02:11 44544 ----a-w- c:\windows\system32\pegibbfc.rs
    2012-12-07 11:20 . 2013-01-09 02:11 20480 ----a-w- c:\windows\system32\pegi-fi.rs
    2012-12-07 11:20 . 2013-01-09 02:11 20480 ----a-w- c:\windows\system32\pegi-pt.rs
    2012-12-07 11:19 . 2013-01-09 02:11 20480 ----a-w- c:\windows\system32\pegi.rs
    2012-12-07 11:19 . 2013-01-09 02:11 46592 ----a-w- c:\windows\system32\fpb.rs
    2012-12-07 11:19 . 2013-01-09 02:11 40960 ----a-w- c:\windows\system32\cob-au.rs
    2012-12-07 11:19 . 2013-01-09 02:11 21504 ----a-w- c:\windows\system32\grb.rs
    2012-12-07 11:19 . 2013-01-09 02:11 15360 ----a-w- c:\windows\system32\djctq.rs
    2012-12-07 11:19 . 2013-01-09 02:11 55296 ----a-w- c:\windows\system32\cero.rs
    2012-12-07 11:19 . 2013-01-09 02:11 51712 ----a-w- c:\windows\system32\esrb.rs
    2012-12-07 10:46 . 2013-01-09 02:11 43520 ----a-w- c:\windows\SysWow64\csrr.rs
    2012-12-07 10:46 . 2013-01-09 02:11 30720 ----a-w- c:\windows\SysWow64\usk.rs
    2012-12-07 10:46 . 2013-01-09 02:11 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
    2012-12-07 10:46 . 2013-01-09 02:11 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
    2012-12-07 10:46 . 2013-01-09 02:11 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
    2012-12-07 10:46 . 2013-01-09 02:11 23552 ----a-w- c:\windows\SysWow64\oflc.rs
    2012-12-07 10:46 . 2013-01-09 02:11 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
    2012-12-07 10:46 . 2013-01-09 02:11 46592 ----a-w- c:\windows\SysWow64\fpb.rs
    2012-12-07 10:46 . 2013-01-09 02:11 20480 ----a-w- c:\windows\SysWow64\pegi.rs
    2012-12-07 10:46 . 2013-01-09 02:11 21504 ----a-w- c:\windows\SysWow64\grb.rs
    2012-12-07 10:46 . 2013-01-09 02:11 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
    2012-12-07 10:46 . 2013-01-09 02:11 15360 ----a-w- c:\windows\SysWow64\djctq.rs
    2012-12-07 10:46 . 2013-01-09 02:11 51712 ----a-w- c:\windows\SysWow64\esrb.rs
    2012-12-07 10:46 . 2013-01-09 02:11 55296 ----a-w- c:\windows\SysWow64\cero.rs
    2012-12-02 08:42 . 2012-10-24 16:35 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-12-01 05:49 . 2012-10-13 08:31 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
    2012-11-30 05:45 . 2013-01-09 02:12 362496 ----a-w- c:\windows\system32\wow64win.dll
    2012-11-30 05:45 . 2013-01-09 02:12 243200 ----a-w- c:\windows\system32\wow64.dll
    2012-11-30 05:45 . 2013-01-09 02:12 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2012-11-30 05:43 . 2013-01-09 02:12 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{87775fdb-6972-41f9-ae51-8326e38cb206}"= "c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4D594333-0076-A76A-76A7-7A786E7484D7}]
    2012-12-13 01:30 13000 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{87775fdb-6972-41f9-ae51-8326e38cb206}]
    2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{87775fdb-6972-41f9-ae51-8326e38cb206}"= "c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll" [2011-05-09 176936]
    "{4D594333-0076-A76A-76A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport.dll" [2012-12-13 13000]
    .
    [HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
    .
    [HKEY_CLASSES_ROOT\clsid\{4d594333-0076-a76a-76a7-7a786e7484d7}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Johnny Natrium\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Johnny Natrium\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Johnny Natrium\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Johnny Natrium\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2013-02-15 1597864]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-10-13 39408]
    "RGSC"="c:\program files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\RGSCLauncher.exe" [2008-12-13 306088]
    "MP3 Skype Recorder"="c:\program files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-11-17 1975296]
    "ManyCam"="c:\program files (x86)\ManyCam\Bin\ManyCam.exe" [2012-12-05 5379472]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2013-01-31 1069904]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18708224]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe" [2011-09-14 286720]
    "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-08-17 336992]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
    "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    "VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-07-07 241789]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2012-12-13 1383112]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
    "Adobe"="c:\users\Johnny Natrium\AppData\Roaming\Adobe\color.vbe" [2013-01-19 15361]
    .
    c:\users\Johnny Natrium\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Johnny Natrium\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
    PowerMenu.lnk - e:\program files (x86)\PowerMenu\PowerMenu.exe [N/A]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
    Snagit 11.lnk - c:\program files (x86)\TechSmith\Snagit 11\Snagit32.exe [2012-9-7 9519544]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HideSCAHealth"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
    R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 51872]
    R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2013-01-29 589000]
    R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-01-29 82384]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
    R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
    R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-11-10 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-10-13 79360]
    R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-11-25 230488]
    R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-11-25 1494104]
    R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-11-25 95320]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-13 1255736]
    R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2013-01-29 68880]
    S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2011-03-23 36448]
    S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2013-01-29 707528]
    S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2012-08-29 145696]
    S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2011-09-14 562456]
    S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2011-09-14 23832]
    S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2012-07-06 93160]
    S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
    S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2012-04-17 76944]
    S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2012/10/16 12:16];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-02-28 17:40 146928]
    S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2012-12-13 166600]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
    S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2012-09-11 23384]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2011-09-14 7168]
    S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 171688]
    S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-12-05 5739008]
    S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2012-05-18 2938880]
    S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-11-12 95184]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-02-09 383264]
    S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-12-10 68416]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-09-14 129000]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 394216]
    S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2012-12-10 261056]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
    S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-11-25 230488]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-11-25 1494104]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-11-25 95320]
    S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-11-25 1678936]
    S3 iLokDrvr;Usb Driver;c:\windows\system32\DRIVERS\iLokDrvr.sys [2012-05-16 25752]
    S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-10-11 44928]
    S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-10-11 29696]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416]
    S3 Saffire;Saffire;c:\windows\system32\Drivers\Saffire.sys [2011-08-19 231136]
    S3 SaffireAudio;Saffire Audio;c:\windows\system32\drivers\SaffireAudio.sys [2011-08-19 41824]
    S3 SaffireMidi;Saffire MIDI;c:\windows\system32\drivers\SaffireMidi.sys [2011-08-19 51168]
    S3 t3;Sound Blaster X-Fi Xtreme Audio (Vista);c:\windows\system32\drivers\t3.sys [2008-10-17 630272]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    .
    .
    --- Andere Services/Drivers In Geheugen ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-02-01 03:50 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2013-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-13 09:24]
    .
    2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-13 08:27]
    .
    2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-13 08:27]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Johnny Natrium\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Johnny Natrium\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Johnny Natrium\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Johnny Natrium\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
    @="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
    [HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
    2012-11-12 15:04 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
    @="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
    [HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
    2012-11-12 15:04 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
    @="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
    [HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
    2012-11-12 15:04 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
    @="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
    [HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
    2012-11-12 15:04 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-09-09 12856936]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
    "Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-01-29 1573632]
    "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-01-19 1129248]
    .
    ------- Bijkomende Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: DhcpNameServer = 62.179.104.196 213.46.228.196
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    FF - ProfilePath - c:\users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\0v34jgl7.default\
    FF - ExtSQL: 2013-02-18 16:20; [email protected]; c:\users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\0v34jgl7.default\extensions\[email protected]
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2236690658-417004235-178033201-1000\Software\SecuROM\License information*]
    "datasecu"=hex:81,f1,f4,c2,b3,fa,d8,2f,28,db,ab,a9,4e,78,18,a1,72,7f,d5,21,62,
    cd,0f,38,83,ee,e7,c0,1f,36,8d,0b,84,10,0b,29,b4,ba,8f,8b,4c,36,6c,c7,92,43,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\GoforFiles\GFFUpdater.exe
    c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
    c:\program files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\1_1_3_0\RGSC.exe
    c:\program files (x86)\TechSmith\Snagit 11\TSCHelp.exe
    c:\program files (x86)\TechSmith\Snagit 11\SnagPriv.exe
    c:\windows\SysWOW64\CTXFISPI.EXE
    c:\program files (x86)\TechSmith\Snagit 11\snagiteditor.exe
    c:\users\JOHNNY~1\AppData\Local\Temp\svchost.exe
    c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2013-02-21 13:20:35 - machine werd herstart
    ComboFix-quarantined-files.txt 2013-02-21 12:20
    .
    Pre-Run: 27.565.977.600 bytes free
    Post-Run: 37.320.245.248 bytes free
    .
    - - End Of File - - 24C7DE652982480BD30C3FB3CA38AB37
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,378
    First Name:
    Kevin
    Run the following:

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    ClearJavaCache::
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Next,

    Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

    • Please close all open programs and internet browsers.
    • Double click on Adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

    Next,

    Run Eset Online Scanner

    **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

    Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • click on the Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
      Click Start
    • When asked, allow the add/on to be installed
      Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
      Click Scan
    • wait for the virus definitions to be downloaded
    • Wait for the scan to finish
    When the scan is complete

    • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
    If threats were found

    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    close program
    copy and paste the report here

    Let me see those logs, also give an update on current issues..

    Kevin
     
  7. JohnnyNatrium

    JohnnyNatrium Thread Starter

    Joined:
    Feb 21, 2013
    Messages:
    17
    All right, I'm now running the ESET scan, which is going to take awhile, and I've taken all the steps up to that point. I'll post the first two logs below.
    Let's see, I'm still experiencing incredibly annoying lag when playing music (have not tried playing videos yet, but I'm sure it will still be the same), but it's inconsistent. I'm also experiencing some graphical glitches in a game, that weren't there before. This is reminding me a lot of some kind of infection that I used to have, which caused video and audio lagging, and in the end continuous hanging in just about every application, along with severe graphical glitches and performance hits in games. The graphical glitches were unresolved after changing drivers and even the video card. In the end I never pursued it on a forum like now, and I just reinstalled windows (which I really don't want to do this time).
    Anyway, I'm quite sure adware and things like that won't be the problem, and the performance hit is also much more noticeable and grave than what's usually caused by things like adware.
    The *32 svchost.exe was running again, along with the 12 other instances of svchost.exe and I found it having been created in the temp folder of my appdata/local directory (or at least I suspect that's the one; the properties stated that it was just created and the only other svchost.exe in my appdata directory was from when I installed this windows).
    I might be forgetting some more noteworthy things; I'm quite tired after a very short night's sleep. I'm determined to solve this very nagging and debilitating problem though. It's not just a little slowdown, it's crippling my &#8364;4000 machine.
    Now, here are the first two logs that you requested, while ESET is still scanning for awhile:

    ComboFix 13-02-21.02 - Johnny Natrium 21-02-2013 14:34:40.2.12 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1033.18.32743.28558 [GMT 1:00]
    Gestart vanuit: c:\users\Johnny Natrium\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Johnny Natrium\Desktop\CFScript.txt
    AV: Bitdefender Antivirus *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
    FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
    SP: Bitdefender Antispyware *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Nieuw herstelpunt werd aangemaakt
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2013-01-21 to 2013-02-21 ))))))))))))))))))))))))))))))
    .
    .
    2013-02-21 13:43 . 2013-02-21 13:43 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-20 04:28 . 2008-07-21 12:30 -------- d-----w- c:\users\Johnny Natrium\bin
    2013-02-19 23:44 . 2013-02-19 23:44 232904 ----a-w- c:\windows\SysWow64\poclbm121016GeForce GTX 690gv1w256l4.bin
    2013-02-19 17:41 . 2005-06-24 15:24 438272 ----a-r- c:\windows\SysWow64\vp6vfw.dll
    2013-02-19 17:41 . 2004-12-10 08:06 327680 ----a-w- c:\windows\SysWow64\vp6dec.ax
    2013-02-19 14:42 . 2013-02-19 14:42 -------- d-----w- c:\windows\.soulsplit
    2013-02-19 14:35 . 2013-02-19 14:35 -------- d-----w- c:\users\Johnny Natrium\AppData\Local\NVIDIA
    2013-02-18 20:13 . 2013-02-18 20:13 -------- d-----w- c:\program files\Origin Games
    2013-02-18 20:12 . 2013-02-18 20:13 -------- d-----w- c:\program files (x86)\Origin
    2013-02-18 20:05 . 2007-06-29 02:07 1171456 ----a-w- c:\windows\SysWow64\msvcr80d.dll
    2013-02-18 20:05 . 2007-06-29 02:07 1171456 ----a-w- c:\windows\system32\msvcr80d.dll
    2013-02-18 15:36 . 2013-02-18 15:36 -------- d-----w- c:\program files\Cakewalk
    2013-02-18 12:56 . 2013-02-18 20:13 -------- d-----w- c:\programdata\Origin
    2013-02-15 14:20 . 2013-02-15 14:20 -------- d-----w- C:\jah_data
    2013-02-15 09:04 . 2008-11-19 18:38 -------- d-----w- c:\users\Johnny Natrium\FXPansion.VST.to.RTAS.Adapter.v2.1.1.WIN.MAC.OSX.UB.PPC-AMPLiFY
    2013-02-14 20:47 . 2013-02-18 23:23 -------- d-----w- c:\users\Johnny Natrium\AppData\Local\Spectrasonics
    2013-02-14 20:12 . 2013-02-18 15:36 -------- d-----w- c:\programdata\Spectrasonics
    2013-02-14 15:33 . 2013-02-20 17:59 -------- d-----w- c:\users\Johnny Natrium\AppData\Roaming\Arturia
    2013-02-14 15:30 . 2011-12-14 19:12 1277952 ----a-w- c:\windows\SysWow64\SYNSOACC.dll
    2013-02-14 15:18 . 2013-02-14 15:18 710496 ----a-w- c:\program files (x86)\Uninstall Information\{ABAF1232-6213-4062-9D52-04E04A730CEA}\unins000.exe
    2013-02-14 12:41 . 2013-02-14 12:41 -------- d-----w- c:\program files (x86)\u-he
    2013-02-14 11:47 . 2013-02-14 11:47 -------- d-----w- c:\users\Johnny Natrium\AppData\Roaming\Novation
    2013-02-14 11:40 . 2013-02-14 11:40 -------- d-----w- c:\users\Johnny Natrium\AppData\Roaming\Applied Acoustics Systems
    2013-02-13 22:49 . 2013-02-13 22:49 -------- dc----w- c:\programdata\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418}
    2013-02-13 22:35 . 2009-12-14 14:25 57344 ----a-w- c:\windows\SysWow64\Wnaspint.dll
    2013-02-13 22:34 . 2013-02-13 22:34 -------- d-----w- c:\program files (x86)\Acoustica Shared Effects
    2013-02-13 22:30 . 2009-12-14 14:24 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2013-02-13 22:30 . 2013-02-13 22:45 -------- d-----w- c:\program files (x86)\Acoustica Mixcraft 5
    2013-02-13 16:49 . 2013-02-13 20:48 -------- d-----w- c:\users\Johnny Natrium\PSP emu
    2013-02-13 11:27 . 2013-02-13 11:27 -------- d-----w- C:\rev_data
    2013-02-10 20:38 . 2013-02-10 20:38 -------- d-----w- c:\program files\Nexus Mod Manager
    2013-02-09 17:43 . 2013-02-09 17:43 555808 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2013-02-09 10:37 . 2013-02-09 10:37 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
    2013-02-09 10:37 . 2013-02-09 10:37 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
    2013-02-09 10:37 . 2004-10-22 01:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
    2013-02-09 10:37 . 2004-10-22 01:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
    2013-02-09 10:37 . 2004-10-22 01:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
    2013-02-09 10:37 . 2004-10-22 01:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
    2013-02-08 14:43 . 2013-02-08 14:43 -------- d-----w- c:\program files (x86)\Focusrite
    2013-02-08 13:48 . 2011-08-19 14:55 98816 ----a-w- c:\windows\SysWow64\SaffireAsio.dll
    2013-02-08 13:48 . 2011-08-19 14:55 51168 ----a-w- c:\windows\system32\drivers\SaffireMidi.sys
    2013-02-08 13:48 . 2011-08-19 14:55 41824 ----a-w- c:\windows\system32\drivers\SaffireAudio.sys
    2013-02-08 13:48 . 2011-08-19 14:55 231136 ----a-w- c:\windows\system32\drivers\Saffire.sys
    2013-02-08 13:48 . 2011-08-19 14:55 109568 ----a-w- c:\windows\system32\SaffireAsio.dll
    2013-02-08 13:48 . 2009-05-29 09:02 73728 ----a-w- c:\windows\SysWow64\Uninstall.dll
    2013-02-08 13:48 . 2013-02-08 13:48 -------- d-----w- c:\program files\Focusrite
    2013-02-06 10:32 . 2013-02-19 10:13 -------- d-----w- c:\users\UpdatusUser
    2013-02-06 10:31 . 2013-02-10 03:25 17987192 ----a-w- c:\windows\system32\nvd3dumx.dll
    2013-02-06 07:49 . 2013-02-06 07:49 -------- d-----w- c:\program files (x86)\7-Zip
    2013-02-01 20:58 . 2013-02-01 20:58 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2013-02-01 20:58 . 2013-02-01 20:58 -------- d-----r- c:\program files (x86)\Skype
    2013-02-01 13:59 . 2013-02-01 13:59 -------- d-----w- C:\orgel_data
    2013-02-01 12:42 . 2013-02-01 12:42 -------- d-----w- c:\program files (x86)\Foose Foobar2000
    2013-01-31 14:09 . 2013-01-31 14:09 -------- d-----w- c:\program files (x86)\ImgBurn
    2013-01-31 11:43 . 2013-02-01 12:29 -------- d-----w- c:\program files (x86)\WAV to AC3 Encoder
    2013-01-31 11:23 . 2013-01-31 11:30 -------- d-----w- c:\program files\WAV to AC3 Encoder
    2013-01-30 22:26 . 2003-06-04 09:32 -------- d-----w- C:\Equalizer Presets
    2013-01-30 20:29 . 2013-01-30 20:29 -------- d-----w- c:\program files (x86)\SoundSpectrum
    2013-01-30 15:28 . 2013-01-30 15:28 -------- d-----w- c:\program files (x86)\lame
    2013-01-30 14:31 . 2013-01-30 14:31 4422 ----a-w- C:\STF9050.tmp
    2013-01-29 09:26 . 2013-01-29 09:26 -------- d-----w- c:\program files (x86)\Portable
    2013-01-29 02:01 . 2013-01-29 02:01 -------- d-----w- C:\Warrior Gamez
    2013-01-29 01:18 . 2013-01-29 01:26 -------- d-----w- c:\program files (x86)\Fusion364
    2013-01-28 17:46 . 2003-04-07 18:51 315392 ----a-w- c:\windows\system32\asio2ks.cpl
    2013-01-27 19:12 . 2013-01-27 19:12 -------- d-----w- c:\program files (x86)\Sony
    2013-01-27 18:43 . 2013-01-27 18:43 -------- d-----w- c:\windows\SysWow64\winevt
    2013-01-27 18:43 . 2013-01-27 18:43 -------- d-----w- c:\windows\SysWow64\spool
    2013-01-27 18:43 . 2013-01-27 18:43 -------- d-----w- c:\windows\SysWow64\SMI
    2013-01-27 15:18 . 2013-01-27 15:18 -------- d-----w- c:\users\Johnny Natrium\Queen - Sheer Heart Attack
    2013-01-27 15:13 . 2013-01-30 20:51 -------- d-----w- c:\users\Johnny Natrium\Queen - News Of The World
    2013-01-27 15:06 . 2013-01-27 15:06 -------- d-----w- c:\program files (x86)\FLAC
    2013-01-27 14:55 . 2013-01-27 15:07 -------- d-----w- c:\users\Johnny Natrium\Queen - The Works
    2013-01-27 10:09 . 2013-01-27 10:09 -------- d-----w- c:\users\Johnny Natrium\Queen - Queen II
    2013-01-26 10:08 . 2013-01-26 10:19 -------- d-----w- c:\program files (x86)\DmC Devil May Cry
    2013-01-24 18:55 . 2013-01-24 18:55 -------- d-----w- C:\singing_data
    2013-01-24 13:37 . 2013-02-21 10:37 -------- d-----w- c:\users\Johnny Natrium\AppData\Roaming\foobar2000
    2013-01-24 13:37 . 2013-01-24 13:37 -------- d-----w- c:\program files (x86)\foobar2000
    2013-01-24 13:26 . 2013-01-24 13:33 -------- d-----w- c:\users\Johnny Natrium\Queen - Hot Space (1)
    2013-01-24 13:14 . 2013-01-24 13:14 -------- d-----w- c:\program files (x86)\Illustrate
    2013-01-24 13:14 . 2013-01-24 13:14 279728 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
    2013-01-24 09:20 . 2013-01-24 09:20 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2013-01-23 18:34 . 2013-01-23 18:34 -------- d-----w- C:\Frge 80s pad_data
    2013-01-23 18:30 . 2013-01-23 18:30 -------- d-----w- C:\droomlied_data
    2013-01-23 15:24 . 2013-01-23 18:00 -------- d-----w- C:\Mixcraft
    2013-01-23 15:09 . 2013-01-23 15:09 -------- d-----w- c:\users\Johnny Natrium\AppData\Roaming\SynthMaker
    2013-01-23 15:08 . 2013-02-12 20:36 -------- d-----w- c:\program files (x86)\Acoustica Mixcraft 6
    2013-01-22 19:49 . 2013-01-22 19:49 -------- d-----w- c:\users\Johnny Natrium\AppData\Local\Aspire_Softs
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-21 13:06 . 2012-12-01 10:03 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2013-02-21 13:06 . 2012-10-24 16:35 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2013-02-21 12:45 . 2012-10-24 16:35 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2013-02-18 09:24 . 2012-10-13 13:42 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-18 09:24 . 2012-10-13 13:42 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-02-10 03:25 . 2012-10-13 08:28 15038296 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2013-02-10 03:25 . 2012-10-13 08:28 12862400 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2013-02-10 03:25 . 2012-10-13 08:28 2854344 ----a-w- c:\windows\system32\nvapi64.dll
    2013-02-10 03:25 . 2012-10-13 08:28 2528840 ----a-w- c:\windows\SysWow64\nvapi.dll
    2013-02-10 01:04 . 2012-10-13 08:31 6393120 ----a-w- c:\windows\system32\nvcpl.dll
    2013-02-10 01:04 . 2012-10-13 08:31 3472672 ----a-w- c:\windows\system32\nvsvc64.dll
    2013-02-10 01:04 . 2012-10-13 08:31 877856 ----a-w- c:\windows\system32\nvvsvc.exe
    2013-02-10 01:04 . 2012-10-13 08:31 63776 ----a-w- c:\windows\system32\nvshext.dll
    2013-02-10 01:04 . 2012-10-13 08:31 237856 ----a-w- c:\windows\system32\nvmctray.dll
    2013-01-29 20:50 . 2012-10-25 14:27 82384 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
    2013-01-29 20:50 . 2012-10-25 14:27 707528 ----a-w- c:\windows\system32\drivers\avc3.sys
    2013-01-29 20:50 . 2012-10-25 14:27 589000 ----a-w- c:\windows\system32\drivers\avckf.sys
    2013-01-09 01:48 . 2004-12-31 23:55 17812992 ----a-w- c:\windows\system32\mshtml.dll
    2013-01-09 01:22 . 2004-12-31 23:55 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2013-01-09 01:19 . 2004-12-31 23:55 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2013-01-09 01:12 . 2004-12-31 23:55 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2013-01-09 01:12 . 2004-12-31 23:55 1392128 ----a-w- c:\windows\system32\wininet.dll
    2013-01-09 01:11 . 2004-12-31 23:55 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-01-09 01:10 . 2004-12-31 23:55 237056 ----a-w- c:\windows\system32\url.dll
    2013-01-09 01:09 . 2004-12-31 23:55 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2013-01-09 01:07 . 2004-12-31 23:55 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-01-09 01:07 . 2004-12-31 23:55 816640 ----a-w- c:\windows\system32\jscript.dll
    2013-01-09 01:07 . 2004-12-31 23:55 599040 ----a-w- c:\windows\system32\vbscript.dll
    2013-01-09 01:06 . 2004-12-31 23:55 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2013-01-09 01:05 . 2004-12-31 23:55 2147840 ----a-w- c:\windows\system32\iertutil.dll
    2013-01-09 01:04 . 2004-12-31 23:55 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2013-01-09 01:04 . 2004-12-31 23:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-01-09 01:00 . 2004-12-31 23:55 248320 ----a-w- c:\windows\system32\ieui.dll
    2013-01-08 22:11 . 2004-12-31 23:55 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2013-01-08 22:03 . 2004-12-31 23:55 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2013-01-08 22:03 . 2004-12-31 23:55 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2013-01-08 21:59 . 2004-12-31 23:55 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2013-01-08 21:58 . 2004-12-31 23:55 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2013-01-08 21:56 . 2004-12-31 23:55 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2013-01-05 05:53 . 2004-12-31 23:26 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-05 05:00 . 2004-12-31 23:26 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-01-05 05:00 . 2004-12-31 23:26 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-01-04 05:46 . 2004-12-31 23:26 215040 ----a-w- c:\windows\system32\winsrv.dll
    2013-01-04 04:51 . 2004-12-31 23:26 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2013-01-04 04:43 . 2004-12-31 23:26 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2013-01-04 03:26 . 2004-12-31 23:26 3153408 ----a-w- c:\windows\system32\win32k.sys
    2013-01-04 02:47 . 2004-12-31 23:26 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2013-01-04 02:47 . 2004-12-31 23:26 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2013-01-04 02:47 . 2004-12-31 23:26 2048 ----a-w- c:\windows\SysWow64\user.exe
    2013-01-04 02:47 . 2004-12-31 23:26 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2013-01-03 06:00 . 2004-12-31 23:26 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-01-03 06:00 . 2004-12-31 23:26 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-12-29 10:34 . 2012-10-13 08:28 1813432 ----a-w- c:\windows\system32\nvdispco64.dll
    2012-12-29 10:34 . 2012-10-13 08:28 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll
    2012-12-18 08:31 . 2012-10-13 08:58 1510328 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
    2012-12-17 04:13 . 2012-12-17 04:13 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-12-17 04:13 . 2012-11-06 14:57 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-12-16 17:11 . 2012-12-21 02:00 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-21 02:00 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 02:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 02:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-10 18:09 . 2012-10-25 14:27 261056 ----a-w- c:\windows\system32\drivers\avchv.sys
    2012-12-07 13:20 . 2013-01-09 02:11 441856 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 13:15 . 2013-01-09 02:11 2746368 ----a-w- c:\windows\system32\gameux.dll
    2012-12-07 12:26 . 2013-01-09 02:11 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20 . 2013-01-09 02:11 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
    2012-12-07 11:20 . 2013-01-09 02:11 30720 ----a-w- c:\windows\system32\usk.rs
    2012-12-07 11:20 . 2013-01-09 02:11 43520 ----a-w- c:\windows\system32\csrr.rs
    2012-12-07 11:20 . 2013-01-09 02:11 23552 ----a-w- c:\windows\system32\oflc.rs
    2012-12-07 11:20 . 2013-01-09 02:11 45568 ----a-w- c:\windows\system32\oflc-nz.rs
    2012-12-07 11:20 . 2013-01-09 02:11 44544 ----a-w- c:\windows\system32\pegibbfc.rs
    2012-12-07 11:20 . 2013-01-09 02:11 20480 ----a-w- c:\windows\system32\pegi-fi.rs
    2012-12-07 11:20 . 2013-01-09 02:11 20480 ----a-w- c:\windows\system32\pegi-pt.rs
    2012-12-07 11:19 . 2013-01-09 02:11 20480 ----a-w- c:\windows\system32\pegi.rs
    2012-12-07 11:19 . 2013-01-09 02:11 46592 ----a-w- c:\windows\system32\fpb.rs
    2012-12-07 11:19 . 2013-01-09 02:11 40960 ----a-w- c:\windows\system32\cob-au.rs
    2012-12-07 11:19 . 2013-01-09 02:11 21504 ----a-w- c:\windows\system32\grb.rs
    2012-12-07 11:19 . 2013-01-09 02:11 15360 ----a-w- c:\windows\system32\djctq.rs
    2012-12-07 11:19 . 2013-01-09 02:11 55296 ----a-w- c:\windows\system32\cero.rs
    2012-12-07 11:19 . 2013-01-09 02:11 51712 ----a-w- c:\windows\system32\esrb.rs
    2012-12-07 10:46 . 2013-01-09 02:11 43520 ----a-w- c:\windows\SysWow64\csrr.rs
    2012-12-07 10:46 . 2013-01-09 02:11 30720 ----a-w- c:\windows\SysWow64\usk.rs
    2012-12-07 10:46 . 2013-01-09 02:11 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
    2012-12-07 10:46 . 2013-01-09 02:11 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
    2012-12-07 10:46 . 2013-01-09 02:11 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
    2012-12-07 10:46 . 2013-01-09 02:11 23552 ----a-w- c:\windows\SysWow64\oflc.rs
    2012-12-07 10:46 . 2013-01-09 02:11 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
    2012-12-07 10:46 . 2013-01-09 02:11 46592 ----a-w- c:\windows\SysWow64\fpb.rs
    2012-12-07 10:46 . 2013-01-09 02:11 20480 ----a-w- c:\windows\SysWow64\pegi.rs
    2012-12-07 10:46 . 2013-01-09 02:11 21504 ----a-w- c:\windows\SysWow64\grb.rs
    2012-12-07 10:46 . 2013-01-09 02:11 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
    2012-12-07 10:46 . 2013-01-09 02:11 15360 ----a-w- c:\windows\SysWow64\djctq.rs
    2012-12-07 10:46 . 2013-01-09 02:11 51712 ----a-w- c:\windows\SysWow64\esrb.rs
    2012-12-07 10:46 . 2013-01-09 02:11 55296 ----a-w- c:\windows\SysWow64\cero.rs
    2012-12-02 08:42 . 2012-10-24 16:35 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-12-01 05:49 . 2012-10-13 08:31 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
    2012-11-30 05:45 . 2013-01-09 02:12 362496 ----a-w- c:\windows\system32\wow64win.dll
    2012-11-30 05:45 . 2013-01-09 02:12 243200 ----a-w- c:\windows\system32\wow64.dll
    2012-11-30 05:45 . 2013-01-09 02:12 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2012-11-30 05:43 . 2013-01-09 02:12 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{87775fdb-6972-41f9-ae51-8326e38cb206}"= "c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4D594333-0076-A76A-76A7-7A786E7484D7}]
    2012-12-13 01:30 13000 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{87775fdb-6972-41f9-ae51-8326e38cb206}]
    2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{87775fdb-6972-41f9-ae51-8326e38cb206}"= "c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll" [2011-05-09 176936]
    "{4D594333-0076-A76A-76A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport.dll" [2012-12-13 13000]
    .
    [HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
    .
    [HKEY_CLASSES_ROOT\clsid\{4d594333-0076-a76a-76a7-7a786e7484d7}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Johnny Natrium\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Johnny Natrium\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Johnny Natrium\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Johnny Natrium\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2013-02-15 1597864]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-10-13 39408]
    "RGSC"="c:\program files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\RGSCLauncher.exe" [2008-12-13 306088]
    "MP3 Skype Recorder"="c:\program files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-11-17 1975296]
    "ManyCam"="c:\program files (x86)\ManyCam\Bin\ManyCam.exe" [2012-12-05 5379472]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2013-01-31 1069904]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18708224]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe" [2011-09-14 286720]
    "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-08-17 336992]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
    "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    "VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-07-07 241789]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2012-12-13 1383112]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
    "Adobe"="c:\users\Johnny Natrium\AppData\Roaming\Adobe\color.vbe" [2013-01-19 15361]
    .
    c:\users\Johnny Natrium\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Johnny Natrium\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
    PowerMenu.lnk - e:\program files (x86)\PowerMenu\PowerMenu.exe [N/A]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
    Snagit 11.lnk - c:\program files (x86)\TechSmith\Snagit 11\Snagit32.exe [2012-9-7 9519544]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HideSCAHealth"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
    R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 51872]
    R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2013-01-29 589000]
    R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-01-29 82384]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
    R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
    R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-11-10 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-10-13 79360]
    R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-11-25 230488]
    R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-11-25 1494104]
    R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-11-25 95320]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-13 1255736]
    R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2013-01-29 68880]
    S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2011-03-23 36448]
    S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2013-01-29 707528]
    S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2012-08-29 145696]
    S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2011-09-14 562456]
    S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2011-09-14 23832]
    S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2012-07-06 93160]
    S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
    S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2012-04-17 76944]
    S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2012/10/16 12:16];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-02-28 17:40 146928]
    S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2012-12-13 166600]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
    S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2012-09-11 23384]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2011-09-14 7168]
    S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 171688]
    S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-12-05 5739008]
    S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2012-05-18 2938880]
    S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-11-12 95184]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-02-09 383264]
    S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-12-10 68416]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-09-14 129000]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 394216]
    S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2012-12-10 261056]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
    S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-11-25 230488]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-11-25 1494104]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-11-25 95320]
    S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-11-25 1678936]
    S3 iLokDrvr;Usb Driver;c:\windows\system32\DRIVERS\iLokDrvr.sys [2012-05-16 25752]
    S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-10-11 44928]
    S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-10-11 29696]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416]
    S3 Saffire;Saffire;c:\windows\system32\Drivers\Saffire.sys [2011-08-19 231136]
    S3 SaffireAudio;Saffire Audio;c:\windows\system32\drivers\SaffireAudio.sys [2011-08-19 41824]
    S3 SaffireMidi;Saffire MIDI;c:\windows\system32\drivers\SaffireMidi.sys [2011-08-19 51168]
    S3 t3;Sound Blaster X-Fi Xtreme Audio (Vista);c:\windows\system32\drivers\t3.sys [2008-10-17 630272]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-02-01 03:50 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2013-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-13 09:24]
    .
    2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-13 08:27]
    .
    2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-13 08:27]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Johnny Natrium\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Johnny Natrium\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Johnny Natrium\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Johnny Natrium\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
    @="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
    [HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
    2012-11-12 15:04 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
    @="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
    [HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
    2012-11-12 15:04 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
    @="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
    [HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
    2012-11-12 15:04 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
    @="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
    [HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
    2012-11-12 15:04 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-09-09 12856936]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
    "Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-01-29 1573632]
    "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-01-19 1129248]
    .
    ------- Bijkomende Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: DhcpNameServer = 62.179.104.196 213.46.228.196
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    FF - ProfilePath - c:\users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\0v34jgl7.default\
    FF - ExtSQL: 2013-02-18 16:20; [email protected]; c:\users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\0v34jgl7.default\extensions\[email protected]
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2236690658-417004235-178033201-1000\Software\SecuROM\License information*]
    "datasecu"=hex:81,f1,f4,c2,b3,fa,d8,2f,28,db,ab,a9,4e,78,18,a1,72,7f,d5,21,62,
    cd,0f,38,83,ee,e7,c0,1f,36,8d,0b,84,10,0b,29,b4,ba,8f,8b,4c,36,6c,c7,92,43,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\GoforFiles\GFFUpdater.exe
    c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
    c:\program files (x86)\TechSmith\Snagit 11\TSCHelp.exe
    c:\program files (x86)\TechSmith\Snagit 11\SnagPriv.exe
    c:\windows\SysWOW64\CTXFISPI.EXE
    c:\program files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\1_1_3_0\RGSC.exe
    c:\program files (x86)\TechSmith\Snagit 11\snagiteditor.exe
    c:\users\JOHNNY~1\AppData\Local\Temp\svchost.exe
    c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2013-02-21 14:56:53 - machine werd herstart
    ComboFix-quarantined-files.txt 2013-02-21 13:56
    ComboFix2.txt 2013-02-21 12:20
    .
    Pre-Run: 37.351.133.184 bytes free
    Post-Run: 37.574.909.952 bytes free
    .
    - - End Of File - - 0F808B925C152978BC6B423F5CD4B8FA

    # AdwCleaner v2.112 - Logfile created 02/21/2013 at 15:15:25
    # Updated 10/02/2013 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
    # User : Johnny Natrium - JOHNNYNSTOWER99
    # Boot Mode : Normal
    # Running from : C:\Users\Johnny Natrium\Desktop\adwcleaner0.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\END
    File Deleted : C:\user.js
    File Deleted : C:\Users\Johnny Natrium\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
    File Deleted : C:\Users\Johnny Natrium\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
    File Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\lkifrc33.default\searchplugins\MyStart Search.xml
    File Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\pbvwln5z.default\searchplugins\Askcom.xml
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\uTorrentBar_NL
    Folder Deleted : C:\ProgramData\APN
    Folder Deleted : C:\ProgramData\InstallMate
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Local\Conduit
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb
    Folder Deleted : C:\Users\Johnny Natrium\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\Johnny Natrium\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Johnny Natrium\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Johnny Natrium\AppData\LocalLow\Search Settings
    Folder Deleted : C:\Users\Johnny Natrium\AppData\LocalLow\uTorrentBar_NL
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\lkifrc33.default\CT2865317
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\lkifrc33.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\lkifrc33.default\extensions\[email protected]
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\lkifrc33.default\Smartbar
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\pbvwln5z.default\ConduitCommon
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\pbvwln5z.default\CT2865317
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\pbvwln5z.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\pbvwln5z.default\extensions\[email protected]
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\pbvwln5z.default\extensions\[email protected]
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\q3fmh2ap.default\CT3220468
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\q3fmh2ap.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\q3fmh2ap.default\Smartbar
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Roaming\vghd

    ***** [Registry] *****

    Key Deleted : HKCU\Software\1ClickDownload
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar_NL
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{87775FDB-6972-41F9-AE51-8326E38CB206}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E87EA0C-D5FA-4BD8-A9E1-C341F4B798F8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87775FDB-6972-41F9-AE51-8326E38CB206}
    Key Deleted : HKLM\Software\APN
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2865317
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E87EA0C-D5FA-4BD8-A9E1-C341F4B798F8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\Software\uTorrentBar_NL
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3E87EA0C-D5FA-4BD8-A9E1-C341F4B798F8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{87775FDB-6972-41F9-AE51-8326E38CB206}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51A1E503-32C6-423A-BC82-38AF11DF3A3A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA14E6E4-62DB-4B50-B740-B6A41056F3C2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87775FDB-6972-41F9-AE51-8326E38CB206}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_NL Toolbar
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{87775FDB-6972-41F9-AE51-8326E38CB206}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{87775FDB-6972-41F9-AE51-8326E38CB206}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{87775FDB-6972-41F9-AE51-8326E38CB206}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{87775FDB-6972-41F9-AE51-8326E38CB206}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16464

    [OK] Registry is clean.

    -\\ Mozilla Firefox v19.0 (en-GB)

    File : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\0v34jgl7.default\prefs.js

    [OK] File is clean.

    File : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\lkifrc33.default\prefs.js

    C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\lkifrc33.default\user.js ... Deleted !

    Deleted : user_pref("CT2865317.1000234.TWC_TMP_city", "SLIEDRECHT");
    Deleted : user_pref("CT2865317.1000234.TWC_TMP_country", "NL");
    Deleted : user_pref("CT2865317.1000234.TWC_locId", "NLXX0433");
    Deleted : user_pref("CT2865317.1000234.TWC_location", "Sliedrecht, Netherlands");
    Deleted : user_pref("CT2865317.1000234.TWC_region", "OT");
    Deleted : user_pref("CT2865317.1000234.TWC_temp_dis", "c");
    Deleted : user_pref("CT2865317.1000234.TWC_wind_dis", "kmh");
    Deleted : user_pref("CT2865317.1000234.weatherData", "{\"icon\":\"41.png\",\"temperature\":\"\",\"temperatureC[...]
    Deleted : user_pref("CT2865317.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2865317.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
    Deleted : user_pref("CT2865317.FirstTime", "true");
    Deleted : user_pref("CT2865317.FirstTimeFF3", "true");
    Deleted : user_pref("CT2865317.PairingKey", "0644F5969FABCA4E72C2F59B9BA58D8863AECD00");
    Deleted : user_pref("CT2865317.UserID", "UN19141324964597095");
    Deleted : user_pref("CT2865317.addressBarTakeOverEnabledInHidden", "true");
    Deleted : user_pref("CT2865317.autoDisableScopes", -1);
    Deleted : user_pref("CT2865317.cb_experience_000", "13");
    Deleted : user_pref("CT2865317.cb_firstuse0100", "1");
    Deleted : user_pref("CT2865317.cbcountry_001", "NL");
    Deleted : user_pref("CT2865317.cbfirsttime", "Wed Sep 26 2012 17:15:23 GMT+0200");
    Deleted : user_pref("CT2865317.defaultSearch", "FALSE");
    Deleted : user_pref("CT2865317.embeddedsData", "[{\"appId\":\"129363015615338104\",\"apiPermissions\":{\"cross[...]
    Deleted : user_pref("CT2865317.enableAlerts", "always");
    Deleted : user_pref("CT2865317.enableSearchFromAddressBar", "FALSE");
    Deleted : user_pref("CT2865317.firstTimeDialogOpened", "true");
    Deleted : user_pref("CT2865317.fixPageNotFoundError", "true");
    Deleted : user_pref("CT2865317.fixPageNotFoundErrorInHidden", "true");
    Deleted : user_pref("CT2865317.fixUrls", true);
    Deleted : user_pref("CT2865317.hxxp___socialgrowthtechnologies_com_couponbuddy_v002.APP_WIN_FEATURES", "openpo[...]
    Deleted : user_pref("CT2865317.installId", "fft76CB.tmp.exe");
    Deleted : user_pref("CT2865317.installType", "XPE");
    Deleted : user_pref("CT2865317.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2865317.isNewTabEnabled", true);
    Deleted : user_pref("CT2865317.isPerformedSmartBarTransition", "true");
    Deleted : user_pref("CT2865317.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Deleted : user_pref("CT2865317.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Deleted : user_pref("CT2865317.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
    Deleted : user_pref("CT2865317.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Deleted : user_pref("CT2865317.openThankYouPage", "true");
    Deleted : user_pref("CT2865317.openUninstallPage", "FALSE");
    Deleted : user_pref("CT2865317.scriptSource", "hxxp://127.0.0.1:10000/gui/");
    Deleted : user_pref("CT2865317.search.searchAppId", "129363015615338104");
    Deleted : user_pref("CT2865317.search.searchCount", "0");
    Deleted : user_pref("CT2865317.searchInNewTabEnabledInHidden", "true");
    Deleted : user_pref("CT2865317.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2865317.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
    Deleted : user_pref("CT2865317.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
    Deleted : user_pref("CT2865317.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
    Deleted : user_pref("CT2865317.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT2865317.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT2865317.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
    Deleted : user_pref("CT2865317.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
    Deleted : user_pref("CT2865317.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1348672520632");
    Deleted : user_pref("CT2865317.serviceLayer_services_appsMetadata_lastUpdate", "1348874881758");
    Deleted : user_pref("CT2865317.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1348672521191");
    Deleted : user_pref("CT2865317.serviceLayer_services_login_10.10.27.6_lastUpdate", "1349257015890");
    Deleted : user_pref("CT2865317.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1348672522392");
    Deleted : user_pref("CT2865317.serviceLayer_services_searchAPI_lastUpdate", "1348874882135");
    Deleted : user_pref("CT2865317.serviceLayer_services_serviceMap_lastUpdate", "1349220481599");
    Deleted : user_pref("CT2865317.serviceLayer_services_toolbarContextMenu_lastUpdate", "1348672520986");
    Deleted : user_pref("CT2865317.serviceLayer_services_toolbarSettings_lastUpdate", "1349264216563");
    Deleted : user_pref("CT2865317.serviceLayer_services_translation_lastUpdate", "1349220482128");
    Deleted : user_pref("CT2865317.settingsINI", true);
    Deleted : user_pref("CT2865317.shouldFirstTimeDialog", "false");
    Deleted : user_pref("CT2865317.smartbar.CTID", "CT2865317");
    Deleted : user_pref("CT2865317.smartbar.Uninstall", "0");
    Deleted : user_pref("CT2865317.smartbar.isHidden", true);
    Deleted : user_pref("CT2865317.smartbar.toolbarName", "uTorrentBar_NL ");
    Deleted : user_pref("CT2865317.toolbarBornServerTime", "26-9-2012");
    Deleted : user_pref("CT2865317.toolbarCurrentServerTime", "3-10-2012");
    Deleted : user_pref("CT2865317.uTTorrents", "{\"build\":27886,\"label\":[],\"torrents\":[[\"51176ADB14A090470F[...]
    Deleted : user_pref("CT2865317.url_history0001", "hxxp://voiceactingalliance.com/board/showthread.php?81296-(M[...]
    Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb139?a=6PQL5m40d1&i=26");
    Deleted : user_pref("browser.startup.homepage", "hxxp://mystart.incredibar.com/mb139?a=6PQL5m40d1&i=26");
    Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
    Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
    Deleted : user_pref("extensions.incredibar_i.did", "10650");
    Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
    Deleted : user_pref("extensions.incredibar_i.id", "e8e8b2d1000000000000001c26dc1049");
    Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
    Deleted : user_pref("extensions.incredibar_i.instlDay", "15612");
    Deleted : user_pref("extensions.incredibar_i.instlRef", "");
    Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
    Deleted : user_pref("extensions.incredibar_i.newTab", false);
    Deleted : user_pref("extensions.incredibar_i.ppd", "34%5F6");
    Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
    Deleted : user_pref("extensions.incredibar_i.productid", "26");
    Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
    Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
    Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
    Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQL5m40d1&loc=IB[...]
    Deleted : user_pref("extensions.incredibar_i.upn2", "6PQL5m40d1");
    Deleted : user_pref("extensions.incredibar_i.upn2n", "92543663139703943");
    Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
    Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.148:26:29");
    Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");

    File : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\pbvwln5z.default\prefs.js

    C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\pbvwln5z.default\user.js ... Deleted !

    Deleted : user_pref("CT2865317..clientLogIsEnabled", false);
    Deleted : user_pref("CT2865317..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
    Deleted : user_pref("CT2865317..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
    Deleted : user_pref("CT2865317.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
    Deleted : user_pref("CT2865317.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Deleted : user_pref("CT2865317.CTID", "CT2865317");
    Deleted : user_pref("CT2865317.CurrentServerDate", "22-9-2012");
    Deleted : user_pref("CT2865317.DSInstall", false);
    Deleted : user_pref("CT2865317.DialogsAlignMode", "LTR");
    Deleted : user_pref("CT2865317.DialogsGetterLastCheckTime", "Sat Sep 22 2012 10:22:02 GMT+0200");
    Deleted : user_pref("CT2865317.DownloadReferralCookieData", "");
    Deleted : user_pref("CT2865317.EMailNotifierPollDate", "Wed Apr 11 2012 11:27:44 GMT+0200");
    Deleted : user_pref("CT2865317.FeedLastCount5397019970362056034", 405);
    Deleted : user_pref("CT2865317.FeedPollDate2429156812186649977", "Wed Apr 11 2012 15:22:46 GMT+0200");
    Deleted : user_pref("CT2865317.FeedPollDate2429156813040823546", "Wed Apr 11 2012 15:22:47 GMT+0200");
    Deleted : user_pref("CT2865317.FeedPollDate2429156813130095866", "Wed Apr 11 2012 15:22:46 GMT+0200");
    Deleted : user_pref("CT2865317.FeedPollDate2429156813224203613", "Wed Apr 11 2012 15:22:45 GMT+0200");
    Deleted : user_pref("CT2865317.FeedPollDate2429156813230837251", "Wed Apr 11 2012 15:22:46 GMT+0200");
    Deleted : user_pref("CT2865317.FeedPollDate2429156813454291735", "Wed Apr 11 2012 15:22:48 GMT+0200");
    Deleted : user_pref("CT2865317.FeedPollDate2429156813729834876", "Wed Apr 11 2012 15:22:45 GMT+0200");
    Deleted : user_pref("CT2865317.FeedPollDate2429156813860870021", "Wed Apr 11 2012 15:22:46 GMT+0200");
    Deleted : user_pref("CT2865317.FeedPollDate2429156814264681793", "Wed Apr 11 2012 15:22:49 GMT+0200");
    Deleted : user_pref("CT2865317.FeedPollDate2429156814863075366", "Wed Apr 11 2012 15:22:45 GMT+0200");
    Deleted : user_pref("CT2865317.FeedPollDate2429156815257761081", "Wed Apr 11 2012 15:22:45 GMT+0200");
    Deleted : user_pref("CT2865317.FeedTTL2429156813040823546", 15);
    Deleted : user_pref("CT2865317.FeedTTL2429156813130095866", 10);
    Deleted : user_pref("CT2865317.FeedTTL2429156813454291735", 5);
    Deleted : user_pref("CT2865317.FeedTTL2429156814264681793", 5);
    Deleted : user_pref("CT2865317.FirstServerDate", "11-4-2012");
    Deleted : user_pref("CT2865317.FirstTime", true);
    Deleted : user_pref("CT2865317.FirstTimeFF3", true);
    Deleted : user_pref("CT2865317.FixPageNotFoundErrors", true);
    Deleted : user_pref("CT2865317.GroupingServerCheckInterval", 1440);
    Deleted : user_pref("CT2865317.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Deleted : user_pref("CT2865317.HPInstall", false);
    Deleted : user_pref("CT2865317.HasUserGlobalKeys", true);
    Deleted : user_pref("CT2865317.HomePageProtectorEnabled", false);
    Deleted : user_pref("CT2865317.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
    Deleted : user_pref("CT2865317.Initialize", true);
    Deleted : user_pref("CT2865317.InitializeCommonPrefs", true);
    Deleted : user_pref("CT2865317.InstallationAndCookieDataSentCount", 3);
    Deleted : user_pref("CT2865317.InstallationId", "ConduitXPEIntegration");
    Deleted : user_pref("CT2865317.InstallationType", "ConduitXPEIntegration");
    Deleted : user_pref("CT2865317.InstalledDate", "Wed Apr 11 2012 11:22:44 GMT+0200");
    Deleted : user_pref("CT2865317.IsGrouping", false);
    Deleted : user_pref("CT2865317.IsInitSetupIni", true);
    Deleted : user_pref("CT2865317.IsMulticommunity", false);
    Deleted : user_pref("CT2865317.IsOpenThankYouPage", true);
    Deleted : user_pref("CT2865317.IsOpenUninstallPage", false);
    Deleted : user_pref("CT2865317.LanguagePackLastCheckTime", "Sat Sep 22 2012 10:23:41 GMT+0200");
    Deleted : user_pref("CT2865317.LanguagePackReloadIntervalMM", 1440);
    Deleted : user_pref("CT2865317.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Deleted : user_pref("CT2865317.LastLogin_3.10.0.1", "Wed Apr 11 2012 15:22:44 GMT+0200");
    Deleted : user_pref("CT2865317.LastLogin_3.12.0.7", "Mon Apr 30 2012 13:53:02 GMT+0200");
    Deleted : user_pref("CT2865317.LastLogin_3.12.2.3", "Thu May 31 2012 09:37:59 GMT+0200");
    Deleted : user_pref("CT2865317.LastLogin_3.13.0.6", "Tue Jul 17 2012 09:52:29 GMT+0200");
    Deleted : user_pref("CT2865317.LastLogin_3.14.1.0", "Mon Aug 27 2012 18:37:39 GMT+0200");
    Deleted : user_pref("CT2865317.LastLogin_3.15.1.0", "Sat Sep 22 2012 16:40:21 GMT+0200");
    Deleted : user_pref("CT2865317.LatestVersion", "3.14.1.0");
    Deleted : user_pref("CT2865317.Locale", "nl");
    Deleted : user_pref("CT2865317.MCDetectTooltipHeight", "83");
    Deleted : user_pref("CT2865317.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
    Deleted : user_pref("CT2865317.MCDetectTooltipWidth", "295");
    Deleted : user_pref("CT2865317.MyStuffEnabledAtInstallation", true);
    Deleted : user_pref("CT2865317.OriginalFirstVersion", "3.10.0.1");
    Deleted : user_pref("CT2865317.SearchCaption", "uTorrentBar_NL Customized Web Search");
    Deleted : user_pref("CT2865317.SearchEngineBeforeUnload", "Google");
    Deleted : user_pref("CT2865317.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("CT2865317.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT286[...]
    Deleted : user_pref("CT2865317.SearchInNewTabEnabled", true);
    Deleted : user_pref("CT2865317.SearchInNewTabIntervalMM", 1440);
    Deleted : user_pref("CT2865317.SearchInNewTabLastCheckTime", "Sat Sep 22 2012 10:23:39 GMT+0200");
    Deleted : user_pref("CT2865317.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Deleted : user_pref("CT2865317.SearchProtectorEnabled", false);
    Deleted : user_pref("CT2865317.SearchProtectorToolbarDisabled", false);
    Deleted : user_pref("CT2865317.SendProtectorDataViaLogin", true);
    Deleted : user_pref("CT2865317.ServiceMapLastCheckTime", "Sat Sep 22 2012 10:23:39 GMT+0200");
    Deleted : user_pref("CT2865317.SettingsLastCheckTime", "Sat Sep 22 2012 16:40:20 GMT+0200");
    Deleted : user_pref("CT2865317.SettingsLastUpdate", "1347287073");
    Deleted : user_pref("CT2865317.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2865317&SearchSource=13");
    Deleted : user_pref("CT2865317.ThirdPartyComponentsInterval", 504);
    Deleted : user_pref("CT2865317.ThirdPartyComponentsLastCheck", "Wed Apr 11 2012 11:22:43 GMT+0200");
    Deleted : user_pref("CT2865317.ThirdPartyComponentsLastUpdate", "1256026239");
    Deleted : user_pref("CT2865317.ToolbarShrinkedFromSetup", false);
    Deleted : user_pref("CT2865317.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2865317");
    Deleted : user_pref("CT2865317.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
    Deleted : user_pref("CT2865317.UserID", "UN59044422332449817");
    Deleted : user_pref("CT2865317.WeatherNetwork", "");
    Deleted : user_pref("CT2865317.WeatherPollDate", "Wed Apr 11 2012 11:22:44 GMT+0200");
    Deleted : user_pref("CT2865317.WeatherUnit", "C");
    Deleted : user_pref("CT2865317.alertChannelId", "1257316");
    Deleted : user_pref("CT2865317.autoDisableScopes", "-1");
    Deleted : user_pref("CT2865317.backendstorage.cbcountry_000", "4E4C");
    Deleted : user_pref("CT2865317.backendstorage.cbfirsttime", "5765642041707220313120323031322031313A32323A34392[...]
    Deleted : user_pref("CT2865317.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
    Deleted : user_pref("CT2865317.backendstorage.url_history0001", "687474703A2F2F656E2E77696B6970656469612E6F726[...]
    Deleted : user_pref("CT2865317.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
    Deleted : user_pref("CT2865317.globalFirstTimeInfoLastCheckTime", "Wed Apr 11 2012 11:22:46 GMT+0200");
    Deleted : user_pref("CT2865317.homepageProtectorEnableByLogin", true);
    Deleted : user_pref("CT2865317.initDone", true);
    Deleted : user_pref("CT2865317.isAppTrackingManagerOn", true);
    Deleted : user_pref("CT2865317.myStuffEnabled", true);
    Deleted : user_pref("CT2865317.myStuffPublihserMinWidth", 400);
    Deleted : user_pref("CT2865317.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Deleted : user_pref("CT2865317.myStuffServiceIntervalMM", 1440);
    Deleted : user_pref("CT2865317.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Deleted : user_pref("CT2865317.navigateToUrlOnSearch", false);
    Deleted : user_pref("CT2865317.revertSettingsEnabled", true);
    Deleted : user_pref("CT2865317.searchProtectorDialogDelayInSec", 10);
    Deleted : user_pref("CT2865317.searchProtectorEnableByLogin", true);
    Deleted : user_pref("CT2865317.testingCtid", "");
    Deleted : user_pref("CT2865317.toolbarAppMetaDataLastCheckTime", "Sat Sep 22 2012 10:23:41 GMT+0200");
    Deleted : user_pref("CT2865317.toolbarContextMenuLastCheckTime", "Wed Apr 11 2012 11:22:46 GMT+0200");
    Deleted : user_pref("CT2865317.usagesFlag", 2);
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2865317/CT2865317[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1257316/1252989/NL", "\"0\"[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2865317", [...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2865317",[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=nl", "\"fa0[...]
    Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Johnny Natrium\\AppData\\Roaming\\M[...]
    Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");
    Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?ei=utf-8&[...]
    Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2865317");
    Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2865317");
    Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2865317");
    Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Apr 11 2012 11:22:44 GMT+0200");
    Deleted : user_pref("CommunityToolbar.globalUserId", "6a8ed2b3-5dc3-4195-8103-f7c688eed511");
    Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2865317");
    Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Apr 11 2012 11:22:4[...]
    Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
    Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Apr 11 2012 11:22:52 GMT+020[...]
    Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
    Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
    Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Apr 11 2012 11:22:44 GMT+0200");
    Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
    Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
    Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
    Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
    Deleted : user_pref("CommunityToolbar.notifications.userId", "63aede41-dd03-4175-bf9e-b8791eebf3ae");
    Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
    Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google");
    Deleted : user_pref("browser.search.defaultengine", "Ask.com");
    Deleted : user_pref("browser.search.order.1", "Ask.com");
    Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
    Deleted : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
    Deleted : user_pref("extensions.asktb.apn_dbr", "ff_13.0.1");
    Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
    Deleted : user_pref("extensions.asktb.cbid", "HQ");
    Deleted : user_pref("extensions.asktb.config-updated", false);
    Deleted : user_pref("extensions.asktb.crumb", "2012.06.25+03.52.55-toolbar019iad-NL-QW1lcnNmb29ydCxOZXRoZXJsYW[...]
    Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://nl.ask.com/web?q={query}&qsrc={qsrc}&[...]
    Deleted : user_pref("extensions.asktb.displaybehavior", "");
    Deleted : user_pref("extensions.asktb.displaytext", "");
    Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYNL");
    Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
    Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "NLXX0056");
    Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
    Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
    Deleted : user_pref("extensions.asktb.fresh-install", false);
    Deleted : user_pref("extensions.asktb.guid", "d0c2ad58-8757-45c6-8c44-94fdfe46f0db");
    Deleted : user_pref("extensions.asktb.hpr", "YES");
    Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
    Deleted : user_pref("extensions.asktb.if", "first");
    Deleted : user_pref("extensions.asktb.l", "dis");
    Deleted : user_pref("extensions.asktb.last-config-req", "1348324823448");
    Deleted : user_pref("extensions.asktb.locale", "en_NL");
    Deleted : user_pref("extensions.asktb.location", "Amersfoort,Netherlands");
    Deleted : user_pref("extensions.asktb.lstation", "");
    Deleted : user_pref("extensions.asktb.new-tab-enabled", true);
    Deleted : user_pref("extensions.asktb.news-native-on", true);
    Deleted : user_pref("extensions.asktb.nthp", "YES");
    Deleted : user_pref("extensions.asktb.nthp_prev", "0");
    Deleted : user_pref("extensions.asktb.o", "15785");
    Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
    Deleted : user_pref("extensions.asktb.pstate", "");
    Deleted : user_pref("extensions.asktb.qsrc", "2871");
    Deleted : user_pref("extensions.asktb.r", "5");
    Deleted : user_pref("extensions.asktb.sa", "YES");
    Deleted : user_pref("extensions.asktb.saguid", "E96582C5-BEBA-4D75-A6B6-8ADCD05FB805");
    Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
    Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
    Deleted : user_pref("extensions.asktb.socialmini-first", true);
    Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
    Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
    Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
    Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
    Deleted : user_pref("extensions.asktb.socialmini-speed", "10000");
    Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
    Deleted : user_pref("extensions.asktb.themeid", "");
    Deleted : user_pref("extensions.asktb.timeinstalled", "25-6-2012 12:52:32");
    Deleted : user_pref("extensions.asktb.to", "");
    Deleted : user_pref("extensions.asktb.v", "3.15.2.100013");
    Deleted : user_pref("extensions.asktb.version", "5.15.2.23037");
    Deleted : user_pref("extensions.asktb.volume", "");
    Deleted : user_pref("extensions.enabledAddons", "[email protected]:2.0.2.039,[email protected][...]
    Deleted : user_pref("extensions.foxlingo.addit.defaultAddons", "{ \"software\": {\"20\": {\"id\": \"20\",\"tit[...]
    Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=IMB&o=15785&locale=e[...]

    File : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\q3fmh2ap.default\prefs.js

    Deleted : user_pref("CT3220468.BT_Stats", "{\"last_log\":1349688576,\"uuid\":123994198455058,\"seq_id\":5,\"ss[...]
    Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
    Deleted : user_pref("CT3220468.FirstTime", "true");
    Deleted : user_pref("CT3220468.FirstTimeFF3", "true");
    Deleted : user_pref("CT3220468.UserID", "UN09981107346171576");
    Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
    Deleted : user_pref("CT3220468.autoDisableScopes", -1);
    Deleted : user_pref("CT3220468.cb_experience_000", "36");
    Deleted : user_pref("CT3220468.cb_firstuse0100", "1");
    Deleted : user_pref("CT3220468.cbcountry_001", "NL");
    Deleted : user_pref("CT3220468.cbfirsttime", "Wed Oct 03 2012 19:54:36 GMT+0200");
    Deleted : user_pref("CT3220468.defaultSearch", "FALSE");
    Deleted : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...]
    Deleted : user_pref("CT3220468.enableAlerts", "always");
    Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");
    Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");
    Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");
    Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
    Deleted : user_pref("CT3220468.fixUrls", true);
    Deleted : user_pref("CT3220468.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES", "op[...]
    Deleted : user_pref("CT3220468.installId", "fft7477.tmp.exe");
    Deleted : user_pref("CT3220468.installType", "XPE");
    Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3220468.isNewTabEnabled", true);
    Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
    Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
    Deleted : user_pref("CT3220468.openThankYouPage", "true");
    Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");
    Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");
    Deleted : user_pref("CT3220468.search.searchCount", "0");
    Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
    Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
    Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
    Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
    Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
    Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
    Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1349286875273");
    Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1349688694560");
    Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1349286875625");
    Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1349746296544");
    Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1349286875646");
    Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1349688694647");
    Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1349688693639");
    Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1349286875354");
    Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1349746298934");
    Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1349688693707");
    Deleted : user_pref("CT3220468.settingsINI", true);
    Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");
    Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");
    Deleted : user_pref("CT3220468.smartbar.Uninstall", "0");
    Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
    Deleted : user_pref("CT3220468.toolbarBornServerTime", "3-10-2012");
    Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "9-10-2012");
    Deleted : user_pref("CT3220468.url_history0001", "hxxps://www.google.com:::clickhandler:::1349725329940,,,hxxp[...]

    -\\ Google Chrome v24.0.1312.57

    File : C:\Users\Johnny Natrium\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [37427 octets] - [21/02/2013 15:15:25]

    ########## EOF - C:\AdwCleaner[S1].txt - [37488 octets] ##########
     
  8. JohnnyNatrium

    JohnnyNatrium Thread Starter

    Joined:
    Feb 21, 2013
    Messages:
    17
    All right, I'm now running the ESET scan, which is going to take awhile, and I've taken all the steps up to that point. I'll post the first two logs below.
    Let's see, I'm still experiencing incredibly annoying lag when playing music (have not tried playing videos yet, but I'm sure it will still be the same), but it's inconsistent. I'm also experiencing some graphical glitches in a game, that weren't there before. This is reminding me a lot of some kind of infection that I used to have, which caused video and audio lagging, and in the end continuous hanging in just about every application, along with severe graphical glitches and performance hits in games. The graphical glitches were unresolved after changing drivers and even the video card. In the end I never pursued it on a forum like now, and I just reinstalled windows (which I really don't want to do this time).
    Anyway, I'm quite sure adware and things like that won't be the problem, and the performance hit is also much more noticeable and grave than what's usually caused by things like adware.
    The *32 svchost.exe was running again, along with the 12 other instances of svchost.exe and I found it having been created in the temp folder of my appdata/local directory (or at least I suspect that's the one; the properties stated that it was just created and the only other svchost.exe in my appdata directory was from when I installed this windows).
    I might be forgetting some more noteworthy things; I'm quite tired after a very short night's sleep. I'm determined to solve this very nagging and debilitating problem though. It's not just a little slowdown, it's crippling my €4000 machine.
    Now, here are the first two logs that you requested, while ESET is still scanning for awhile:

    ComboFix 13-02-21.02 - Johnny Natrium 21-02-2013 14:34:40.2.12 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1033.18.32743.28558 [GMT 1:00]
    Gestart vanuit: c:\users\Johnny Natrium\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Johnny Natrium\Desktop\CFScript.txt
    AV: Bitdefender Antivirus *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
    FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
    SP: Bitdefender Antispyware *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Nieuw herstelpunt werd aangemaakt
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2013-01-21 to 2013-02-21 ))))))))))))))))))))))))))))))
    .
    .
    2013-02-21 13:43 . 2013-02-21 13:43 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-20 04:28 . 2008-07-21 12:30 -------- d-----w- c:\users\Johnny Natrium\bin
    2013-02-19 23:44 . 2013-02-19 23:44 232904 ----a-w- c:\windows\SysWow64\poclbm121016GeForce GTX 690gv1w256l4.bin
    2013-02-19 17:41 . 2005-06-24 15:24 438272 ----a-r- c:\windows\SysWow64\vp6vfw.dll
    2013-02-19 17:41 . 2004-12-10 08:06 327680 ----a-w- c:\windows\SysWow64\vp6dec.ax
    2013-02-19 14:42 . 2013-02-19 14:42 -------- d-----w- c:\windows\.soulsplit
    2013-02-19 14:35 . 2013-02-19 14:35 -------- d-----w- c:\users\Johnny Natrium\AppData\Local\NVIDIA
    2013-02-18 20:13 . 2013-02-18 20:13 -------- d-----w- c:\program files\Origin Games
    2013-02-18 20:12 . 2013-02-18 20:13 -------- d-----w- c:\program files (x86)\Origin
    2013-02-18 20:05 . 2007-06-29 02:07 1171456 ----a-w- c:\windows\SysWow64\msvcr80d.dll
    2013-02-18 20:05 . 2007-06-29 02:07 1171456 ----a-w- c:\windows\system32\msvcr80d.dll
    2013-02-18 15:36 . 2013-02-18 15:36 -------- d-----w- c:\program files\Cakewalk
    2013-02-18 12:56 . 2013-02-18 20:13 -------- d-----w- c:\programdata\Origin
    2013-02-15 14:20 . 2013-02-15 14:20 -------- d-----w- C:\jah_data
    2013-02-15 09:04 . 2008-11-19 18:38 -------- d-----w- c:\users\Johnny Natrium\FXPansion.VST.to.RTAS.Adapter.v2.1.1.WIN.MAC.OSX.UB.PPC-AMPLiFY
    2013-02-14 20:47 . 2013-02-18 23:23 -------- d-----w- c:\users\Johnny Natrium\AppData\Local\Spectrasonics
    2013-02-14 20:12 . 2013-02-18 15:36 -------- d-----w- c:\programdata\Spectrasonics
    2013-02-14 15:33 . 2013-02-20 17:59 -------- d-----w- c:\users\Johnny Natrium\AppData\Roaming\Arturia
    2013-02-14 15:30 . 2011-12-14 19:12 1277952 ----a-w- c:\windows\SysWow64\SYNSOACC.dll
    2013-02-14 15:18 . 2013-02-14 15:18 710496 ----a-w- c:\program files (x86)\Uninstall Information\{ABAF1232-6213-4062-9D52-04E04A730CEA}\unins000.exe
    2013-02-14 12:41 . 2013-02-14 12:41 -------- d-----w- c:\program files (x86)\u-he
    2013-02-14 11:47 . 2013-02-14 11:47 -------- d-----w- c:\users\Johnny Natrium\AppData\Roaming\Novation
    2013-02-14 11:40 . 2013-02-14 11:40 -------- d-----w- c:\users\Johnny Natrium\AppData\Roaming\Applied Acoustics Systems
    2013-02-13 22:49 . 2013-02-13 22:49 -------- dc----w- c:\programdata\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418}
    2013-02-13 22:35 . 2009-12-14 14:25 57344 ----a-w- c:\windows\SysWow64\Wnaspint.dll
    2013-02-13 22:34 . 2013-02-13 22:34 -------- d-----w- c:\program files (x86)\Acoustica Shared Effects
    2013-02-13 22:30 . 2009-12-14 14:24 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2013-02-13 22:30 . 2013-02-13 22:45 -------- d-----w- c:\program files (x86)\Acoustica Mixcraft 5
    2013-02-13 16:49 . 2013-02-13 20:48 -------- d-----w- c:\users\Johnny Natrium\PSP emu
    2013-02-13 11:27 . 2013-02-13 11:27 -------- d-----w- C:\rev_data
    2013-02-10 20:38 . 2013-02-10 20:38 -------- d-----w- c:\program files\Nexus Mod Manager
    2013-02-09 17:43 . 2013-02-09 17:43 555808 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2013-02-09 10:37 . 2013-02-09 10:37 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
    2013-02-09 10:37 . 2013-02-09 10:37 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
    2013-02-09 10:37 . 2004-10-22 01:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
    2013-02-09 10:37 . 2004-10-22 01:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
    2013-02-09 10:37 . 2004-10-22 01:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
    2013-02-09 10:37 . 2004-10-22 01:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
    2013-02-08 14:43 . 2013-02-08 14:43 -------- d-----w- c:\program files (x86)\Focusrite
    2013-02-08 13:48 . 2011-08-19 14:55 98816 ----a-w- c:\windows\SysWow64\SaffireAsio.dll
    2013-02-08 13:48 . 2011-08-19 14:55 51168 ----a-w- c:\windows\system32\drivers\SaffireMidi.sys
    2013-02-08 13:48 . 2011-08-19 14:55 41824 ----a-w- c:\windows\system32\drivers\SaffireAudio.sys
    2013-02-08 13:48 . 2011-08-19 14:55 231136 ----a-w- c:\windows\system32\drivers\Saffire.sys
    2013-02-08 13:48 . 2011-08-19 14:55 109568 ----a-w- c:\windows\system32\SaffireAsio.dll
    2013-02-08 13:48 . 2009-05-29 09:02 73728 ----a-w- c:\windows\SysWow64\Uninstall.dll
    2013-02-08 13:48 . 2013-02-08 13:48 -------- d-----w- c:\program files\Focusrite
    2013-02-06 10:32 . 2013-02-19 10:13 -------- d-----w- c:\users\UpdatusUser
    2013-02-06 10:31 . 2013-02-10 03:25 17987192 ----a-w- c:\windows\system32\nvd3dumx.dll
    2013-02-06 07:49 . 2013-02-06 07:49 -------- d-----w- c:\program files (x86)\7-Zip
    2013-02-01 20:58 . 2013-02-01 20:58 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2013-02-01 20:58 . 2013-02-01 20:58 -------- d-----r- c:\program files (x86)\Skype
    2013-02-01 13:59 . 2013-02-01 13:59 -------- d-----w- C:\orgel_data
    2013-02-01 12:42 . 2013-02-01 12:42 -------- d-----w- c:\program files (x86)\Foose Foobar2000
    2013-01-31 14:09 . 2013-01-31 14:09 -------- d-----w- c:\program files (x86)\ImgBurn
    2013-01-31 11:43 . 2013-02-01 12:29 -------- d-----w- c:\program files (x86)\WAV to AC3 Encoder
    2013-01-31 11:23 . 2013-01-31 11:30 -------- d-----w- c:\program files\WAV to AC3 Encoder
    2013-01-30 22:26 . 2003-06-04 09:32 -------- d-----w- C:\Equalizer Presets
    2013-01-30 20:29 . 2013-01-30 20:29 -------- d-----w- c:\program files (x86)\SoundSpectrum
    2013-01-30 15:28 . 2013-01-30 15:28 -------- d-----w- c:\program files (x86)\lame
    2013-01-30 14:31 . 2013-01-30 14:31 4422 ----a-w- C:\STF9050.tmp
    2013-01-29 09:26 . 2013-01-29 09:26 -------- d-----w- c:\program files (x86)\Portable
    2013-01-29 02:01 . 2013-01-29 02:01 -------- d-----w- C:\Warrior Gamez
    2013-01-29 01:18 . 2013-01-29 01:26 -------- d-----w- c:\program files (x86)\Fusion364
    2013-01-28 17:46 . 2003-04-07 18:51 315392 ----a-w- c:\windows\system32\asio2ks.cpl
    2013-01-27 19:12 . 2013-01-27 19:12 -------- d-----w- c:\program files (x86)\Sony
    2013-01-27 18:43 . 2013-01-27 18:43 -------- d-----w- c:\windows\SysWow64\winevt
    2013-01-27 18:43 . 2013-01-27 18:43 -------- d-----w- c:\windows\SysWow64\spool
    2013-01-27 18:43 . 2013-01-27 18:43 -------- d-----w- c:\windows\SysWow64\SMI
    2013-01-27 15:18 . 2013-01-27 15:18 -------- d-----w- c:\users\Johnny Natrium\Queen - Sheer Heart Attack
    2013-01-27 15:13 . 2013-01-30 20:51 -------- d-----w- c:\users\Johnny Natrium\Queen - News Of The World
    2013-01-27 15:06 . 2013-01-27 15:06 -------- d-----w- c:\program files (x86)\FLAC
    2013-01-27 14:55 . 2013-01-27 15:07 -------- d-----w- c:\users\Johnny Natrium\Queen - The Works
    2013-01-27 10:09 . 2013-01-27 10:09 -------- d-----w- c:\users\Johnny Natrium\Queen - Queen II
    2013-01-26 10:08 . 2013-01-26 10:19 -------- d-----w- c:\program files (x86)\DmC Devil May Cry
    2013-01-24 18:55 . 2013-01-24 18:55 -------- d-----w- C:\singing_data
    2013-01-24 13:37 . 2013-02-21 10:37 -------- d-----w- c:\users\Johnny Natrium\AppData\Roaming\foobar2000
    2013-01-24 13:37 . 2013-01-24 13:37 -------- d-----w- c:\program files (x86)\foobar2000
    2013-01-24 13:26 . 2013-01-24 13:33 -------- d-----w- c:\users\Johnny Natrium\Queen - Hot Space (1)
    2013-01-24 13:14 . 2013-01-24 13:14 -------- d-----w- c:\program files (x86)\Illustrate
    2013-01-24 13:14 . 2013-01-24 13:14 279728 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
    2013-01-24 09:20 . 2013-01-24 09:20 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2013-01-23 18:34 . 2013-01-23 18:34 -------- d-----w- C:\Frge 80s pad_data
    2013-01-23 18:30 . 2013-01-23 18:30 -------- d-----w- C:\droomlied_data
    2013-01-23 15:24 . 2013-01-23 18:00 -------- d-----w- C:\Mixcraft
    2013-01-23 15:09 . 2013-01-23 15:09 -------- d-----w- c:\users\Johnny Natrium\AppData\Roaming\SynthMaker
    2013-01-23 15:08 . 2013-02-12 20:36 -------- d-----w- c:\program files (x86)\Acoustica Mixcraft 6
    2013-01-22 19:49 . 2013-01-22 19:49 -------- d-----w- c:\users\Johnny Natrium\AppData\Local\Aspire_Softs
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-21 13:06 . 2012-12-01 10:03 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2013-02-21 13:06 . 2012-10-24 16:35 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2013-02-21 12:45 . 2012-10-24 16:35 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2013-02-18 09:24 . 2012-10-13 13:42 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-18 09:24 . 2012-10-13 13:42 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-02-10 03:25 . 2012-10-13 08:28 15038296 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2013-02-10 03:25 . 2012-10-13 08:28 12862400 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2013-02-10 03:25 . 2012-10-13 08:28 2854344 ----a-w- c:\windows\system32\nvapi64.dll
    2013-02-10 03:25 . 2012-10-13 08:28 2528840 ----a-w- c:\windows\SysWow64\nvapi.dll
    2013-02-10 01:04 . 2012-10-13 08:31 6393120 ----a-w- c:\windows\system32\nvcpl.dll
    2013-02-10 01:04 . 2012-10-13 08:31 3472672 ----a-w- c:\windows\system32\nvsvc64.dll
    2013-02-10 01:04 . 2012-10-13 08:31 877856 ----a-w- c:\windows\system32\nvvsvc.exe
    2013-02-10 01:04 . 2012-10-13 08:31 63776 ----a-w- c:\windows\system32\nvshext.dll
    2013-02-10 01:04 . 2012-10-13 08:31 237856 ----a-w- c:\windows\system32\nvmctray.dll
    2013-01-29 20:50 . 2012-10-25 14:27 82384 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
    2013-01-29 20:50 . 2012-10-25 14:27 707528 ----a-w- c:\windows\system32\drivers\avc3.sys
    2013-01-29 20:50 . 2012-10-25 14:27 589000 ----a-w- c:\windows\system32\drivers\avckf.sys
    2013-01-09 01:48 . 2004-12-31 23:55 17812992 ----a-w- c:\windows\system32\mshtml.dll
    2013-01-09 01:22 . 2004-12-31 23:55 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2013-01-09 01:19 . 2004-12-31 23:55 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2013-01-09 01:12 . 2004-12-31 23:55 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2013-01-09 01:12 . 2004-12-31 23:55 1392128 ----a-w- c:\windows\system32\wininet.dll
    2013-01-09 01:11 . 2004-12-31 23:55 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-01-09 01:10 . 2004-12-31 23:55 237056 ----a-w- c:\windows\system32\url.dll
    2013-01-09 01:09 . 2004-12-31 23:55 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2013-01-09 01:07 . 2004-12-31 23:55 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-01-09 01:07 . 2004-12-31 23:55 816640 ----a-w- c:\windows\system32\jscript.dll
    2013-01-09 01:07 . 2004-12-31 23:55 599040 ----a-w- c:\windows\system32\vbscript.dll
    2013-01-09 01:06 . 2004-12-31 23:55 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2013-01-09 01:05 . 2004-12-31 23:55 2147840 ----a-w- c:\windows\system32\iertutil.dll
    2013-01-09 01:04 . 2004-12-31 23:55 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2013-01-09 01:04 . 2004-12-31 23:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-01-09 01:00 . 2004-12-31 23:55 248320 ----a-w- c:\windows\system32\ieui.dll
    2013-01-08 22:11 . 2004-12-31 23:55 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2013-01-08 22:03 . 2004-12-31 23:55 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2013-01-08 22:03 . 2004-12-31 23:55 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2013-01-08 21:59 . 2004-12-31 23:55 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2013-01-08 21:58 . 2004-12-31 23:55 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2013-01-08 21:56 . 2004-12-31 23:55 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2013-01-05 05:53 . 2004-12-31 23:26 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-05 05:00 . 2004-12-31 23:26 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-01-05 05:00 . 2004-12-31 23:26 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-01-04 05:46 . 2004-12-31 23:26 215040 ----a-w- c:\windows\system32\winsrv.dll
    2013-01-04 04:51 . 2004-12-31 23:26 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2013-01-04 04:43 . 2004-12-31 23:26 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2013-01-04 03:26 . 2004-12-31 23:26 3153408 ----a-w- c:\windows\system32\win32k.sys
    2013-01-04 02:47 . 2004-12-31 23:26 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2013-01-04 02:47 . 2004-12-31 23:26 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2013-01-04 02:47 . 2004-12-31 23:26 2048 ----a-w- c:\windows\SysWow64\user.exe
    2013-01-04 02:47 . 2004-12-31 23:26 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2013-01-03 06:00 . 2004-12-31 23:26 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-01-03 06:00 . 2004-12-31 23:26 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-12-29 10:34 . 2012-10-13 08:28 1813432 ----a-w- c:\windows\system32\nvdispco64.dll
    2012-12-29 10:34 . 2012-10-13 08:28 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll
    2012-12-18 08:31 . 2012-10-13 08:58 1510328 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
    2012-12-17 04:13 . 2012-12-17 04:13 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-12-17 04:13 . 2012-11-06 14:57 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-12-16 17:11 . 2012-12-21 02:00 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-21 02:00 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 02:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 02:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-10 18:09 . 2012-10-25 14:27 261056 ----a-w- c:\windows\system32\drivers\avchv.sys
    2012-12-07 13:20 . 2013-01-09 02:11 441856 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 13:15 . 2013-01-09 02:11 2746368 ----a-w- c:\windows\system32\gameux.dll
    2012-12-07 12:26 . 2013-01-09 02:11 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20 . 2013-01-09 02:11 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
    2012-12-07 11:20 . 2013-01-09 02:11 30720 ----a-w- c:\windows\system32\usk.rs
    2012-12-07 11:20 . 2013-01-09 02:11 43520 ----a-w- c:\windows\system32\csrr.rs
    2012-12-07 11:20 . 2013-01-09 02:11 23552 ----a-w- c:\windows\system32\oflc.rs
    2012-12-07 11:20 . 2013-01-09 02:11 45568 ----a-w- c:\windows\system32\oflc-nz.rs
    2012-12-07 11:20 . 2013-01-09 02:11 44544 ----a-w- c:\windows\system32\pegibbfc.rs
    2012-12-07 11:20 . 2013-01-09 02:11 20480 ----a-w- c:\windows\system32\pegi-fi.rs
    2012-12-07 11:20 . 2013-01-09 02:11 20480 ----a-w- c:\windows\system32\pegi-pt.rs
    2012-12-07 11:19 . 2013-01-09 02:11 20480 ----a-w- c:\windows\system32\pegi.rs
    2012-12-07 11:19 . 2013-01-09 02:11 46592 ----a-w- c:\windows\system32\fpb.rs
    2012-12-07 11:19 . 2013-01-09 02:11 40960 ----a-w- c:\windows\system32\cob-au.rs
    2012-12-07 11:19 . 2013-01-09 02:11 21504 ----a-w- c:\windows\system32\grb.rs
    2012-12-07 11:19 . 2013-01-09 02:11 15360 ----a-w- c:\windows\system32\djctq.rs
    2012-12-07 11:19 . 2013-01-09 02:11 55296 ----a-w- c:\windows\system32\cero.rs
    2012-12-07 11:19 . 2013-01-09 02:11 51712 ----a-w- c:\windows\system32\esrb.rs
    2012-12-07 10:46 . 2013-01-09 02:11 43520 ----a-w- c:\windows\SysWow64\csrr.rs
    2012-12-07 10:46 . 2013-01-09 02:11 30720 ----a-w- c:\windows\SysWow64\usk.rs
    2012-12-07 10:46 . 2013-01-09 02:11 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
    2012-12-07 10:46 . 2013-01-09 02:11 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
    2012-12-07 10:46 . 2013-01-09 02:11 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
    2012-12-07 10:46 . 2013-01-09 02:11 23552 ----a-w- c:\windows\SysWow64\oflc.rs
    2012-12-07 10:46 . 2013-01-09 02:11 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
    2012-12-07 10:46 . 2013-01-09 02:11 46592 ----a-w- c:\windows\SysWow64\fpb.rs
    2012-12-07 10:46 . 2013-01-09 02:11 20480 ----a-w- c:\windows\SysWow64\pegi.rs
    2012-12-07 10:46 . 2013-01-09 02:11 21504 ----a-w- c:\windows\SysWow64\grb.rs
    2012-12-07 10:46 . 2013-01-09 02:11 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
    2012-12-07 10:46 . 2013-01-09 02:11 15360 ----a-w- c:\windows\SysWow64\djctq.rs
    2012-12-07 10:46 . 2013-01-09 02:11 51712 ----a-w- c:\windows\SysWow64\esrb.rs
    2012-12-07 10:46 . 2013-01-09 02:11 55296 ----a-w- c:\windows\SysWow64\cero.rs
    2012-12-02 08:42 . 2012-10-24 16:35 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-12-01 05:49 . 2012-10-13 08:31 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
    2012-11-30 05:45 . 2013-01-09 02:12 362496 ----a-w- c:\windows\system32\wow64win.dll
    2012-11-30 05:45 . 2013-01-09 02:12 243200 ----a-w- c:\windows\system32\wow64.dll
    2012-11-30 05:45 . 2013-01-09 02:12 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2012-11-30 05:43 . 2013-01-09 02:12 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{87775fdb-6972-41f9-ae51-8326e38cb206}"= "c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4D594333-0076-A76A-76A7-7A786E7484D7}]
    2012-12-13 01:30 13000 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{87775fdb-6972-41f9-ae51-8326e38cb206}]
    2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{87775fdb-6972-41f9-ae51-8326e38cb206}"= "c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll" [2011-05-09 176936]
    "{4D594333-0076-A76A-76A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport.dll" [2012-12-13 13000]
    .
    [HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
    .
    [HKEY_CLASSES_ROOT\clsid\{4d594333-0076-a76a-76a7-7a786e7484d7}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Johnny Natrium\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Johnny Natrium\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Johnny Natrium\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Johnny Natrium\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2013-02-15 1597864]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-10-13 39408]
    "RGSC"="c:\program files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\RGSCLauncher.exe" [2008-12-13 306088]
    "MP3 Skype Recorder"="c:\program files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-11-17 1975296]
    "ManyCam"="c:\program files (x86)\ManyCam\Bin\ManyCam.exe" [2012-12-05 5379472]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2013-01-31 1069904]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18708224]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe" [2011-09-14 286720]
    "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-08-17 336992]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
    "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    "VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-07-07 241789]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2012-12-13 1383112]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
    "Adobe"="c:\users\Johnny Natrium\AppData\Roaming\Adobe\color.vbe" [2013-01-19 15361]
    .
    c:\users\Johnny Natrium\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Johnny Natrium\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
    PowerMenu.lnk - e:\program files (x86)\PowerMenu\PowerMenu.exe [N/A]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
    Snagit 11.lnk - c:\program files (x86)\TechSmith\Snagit 11\Snagit32.exe [2012-9-7 9519544]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HideSCAHealth"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
    R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 51872]
    R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2013-01-29 589000]
    R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-01-29 82384]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
    R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
    R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-11-10 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-10-13 79360]
    R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-11-25 230488]
    R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-11-25 1494104]
    R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-11-25 95320]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-13 1255736]
    R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2013-01-29 68880]
    S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2011-03-23 36448]
    S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2013-01-29 707528]
    S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2012-08-29 145696]
    S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2011-09-14 562456]
    S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2011-09-14 23832]
    S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2012-07-06 93160]
    S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
    S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2012-04-17 76944]
    S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2012/10/16 12:16];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-02-28 17:40 146928]
    S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2012-12-13 166600]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
    S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2012-09-11 23384]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2011-09-14 7168]
    S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 171688]
    S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-12-05 5739008]
    S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2012-05-18 2938880]
    S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-11-12 95184]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-02-09 383264]
    S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-12-10 68416]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-09-14 129000]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 394216]
    S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2012-12-10 261056]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
    S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-11-25 230488]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-11-25 1494104]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-11-25 95320]
    S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-11-25 1678936]
    S3 iLokDrvr;Usb Driver;c:\windows\system32\DRIVERS\iLokDrvr.sys [2012-05-16 25752]
    S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-10-11 44928]
    S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-10-11 29696]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416]
    S3 Saffire;Saffire;c:\windows\system32\Drivers\Saffire.sys [2011-08-19 231136]
    S3 SaffireAudio;Saffire Audio;c:\windows\system32\drivers\SaffireAudio.sys [2011-08-19 41824]
    S3 SaffireMidi;Saffire MIDI;c:\windows\system32\drivers\SaffireMidi.sys [2011-08-19 51168]
    S3 t3;Sound Blaster X-Fi Xtreme Audio (Vista);c:\windows\system32\drivers\t3.sys [2008-10-17 630272]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-02-01 03:50 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2013-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-13 09:24]
    .
    2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-13 08:27]
    .
    2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-13 08:27]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Johnny Natrium\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Johnny Natrium\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Johnny Natrium\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Johnny Natrium\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
    @="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
    [HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
    2012-11-12 15:04 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
    @="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
    [HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
    2012-11-12 15:04 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
    @="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
    [HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
    2012-11-12 15:04 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
    @="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
    [HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
    2012-11-12 15:04 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-09-09 12856936]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
    "Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-01-29 1573632]
    "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-01-19 1129248]
    .
    ------- Bijkomende Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: DhcpNameServer = 62.179.104.196 213.46.228.196
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    FF - ProfilePath - c:\users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\0v34jgl7.default\
    FF - ExtSQL: 2013-02-18 16:20; [email protected]; c:\users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\0v34jgl7.default\extensions\[email protected]
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2236690658-417004235-178033201-1000\Software\SecuROM\License information*]
    "datasecu"=hex:81,f1,f4,c2,b3,fa,d8,2f,28,db,ab,a9,4e,78,18,a1,72,7f,d5,21,62,
    cd,0f,38,83,ee,e7,c0,1f,36,8d,0b,84,10,0b,29,b4,ba,8f,8b,4c,36,6c,c7,92,43,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\GoforFiles\GFFUpdater.exe
    c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
    c:\program files (x86)\TechSmith\Snagit 11\TSCHelp.exe
    c:\program files (x86)\TechSmith\Snagit 11\SnagPriv.exe
    c:\windows\SysWOW64\CTXFISPI.EXE
    c:\program files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\1_1_3_0\RGSC.exe
    c:\program files (x86)\TechSmith\Snagit 11\snagiteditor.exe
    c:\users\JOHNNY~1\AppData\Local\Temp\svchost.exe
    c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2013-02-21 14:56:53 - machine werd herstart
    ComboFix-quarantined-files.txt 2013-02-21 13:56
    ComboFix2.txt 2013-02-21 12:20
    .
    Pre-Run: 37.351.133.184 bytes free
    Post-Run: 37.574.909.952 bytes free
    .
    - - End Of File - - 0F808B925C152978BC6B423F5CD4B8FA

    # AdwCleaner v2.112 - Logfile created 02/21/2013 at 15:15:25
    # Updated 10/02/2013 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
    # User : Johnny Natrium - JOHNNYNSTOWER99
    # Boot Mode : Normal
    # Running from : C:\Users\Johnny Natrium\Desktop\adwcleaner0.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\END
    File Deleted : C:\user.js
    File Deleted : C:\Users\Johnny Natrium\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
    File Deleted : C:\Users\Johnny Natrium\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
    File Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\lkifrc33.default\searchplugins\MyStart Search.xml
    File Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\pbvwln5z.default\searchplugins\Askcom.xml
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\uTorrentBar_NL
    Folder Deleted : C:\ProgramData\APN
    Folder Deleted : C:\ProgramData\InstallMate
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Local\Conduit
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb
    Folder Deleted : C:\Users\Johnny Natrium\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\Johnny Natrium\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Johnny Natrium\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Johnny Natrium\AppData\LocalLow\Search Settings
    Folder Deleted : C:\Users\Johnny Natrium\AppData\LocalLow\uTorrentBar_NL
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\lkifrc33.default\CT2865317
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\lkifrc33.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\lkifrc33.default\extensions\[email protected]
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\lkifrc33.default\Smartbar
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\pbvwln5z.default\ConduitCommon
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\pbvwln5z.default\CT2865317
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\pbvwln5z.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\pbvwln5z.default\extensions\[email protected]
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\pbvwln5z.default\extensions\[email protected]
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\q3fmh2ap.default\CT3220468
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\q3fmh2ap.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\q3fmh2ap.default\Smartbar
    Folder Deleted : C:\Users\Johnny Natrium\AppData\Roaming\vghd

    ***** [Registry] *****

    Key Deleted : HKCU\Software\1ClickDownload
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar_NL
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{87775FDB-6972-41F9-AE51-8326E38CB206}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E87EA0C-D5FA-4BD8-A9E1-C341F4B798F8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87775FDB-6972-41F9-AE51-8326E38CB206}
    Key Deleted : HKLM\Software\APN
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2865317
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E87EA0C-D5FA-4BD8-A9E1-C341F4B798F8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\Software\uTorrentBar_NL
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3E87EA0C-D5FA-4BD8-A9E1-C341F4B798F8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{87775FDB-6972-41F9-AE51-8326E38CB206}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51A1E503-32C6-423A-BC82-38AF11DF3A3A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA14E6E4-62DB-4B50-B740-B6A41056F3C2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87775FDB-6972-41F9-AE51-8326E38CB206}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_NL Toolbar
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{87775FDB-6972-41F9-AE51-8326E38CB206}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{87775FDB-6972-41F9-AE51-8326E38CB206}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{87775FDB-6972-41F9-AE51-8326E38CB206}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{87775FDB-6972-41F9-AE51-8326E38CB206}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16464

    [OK] Registry is clean.

    -\\ Mozilla Firefox v19.0 (en-GB)

    File : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\0v34jgl7.default\prefs.js

    [OK] File is clean.

    File : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\lkifrc33.default\prefs.js

    C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\lkifrc33.default\user.js ... Deleted !

    Deleted : user_pref("CT2865317.1000234.TWC_TMP_city", "SLIEDRECHT");
    Deleted : user_pref("CT2865317.1000234.TWC_TMP_country", "NL");
    Deleted : user_pref("CT2865317.1000234.TWC_locId", "NLXX0433");
    Deleted : user_pref("CT2865317.1000234.TWC_location", "Sliedrecht, Netherlands");
    Deleted : user_pref("CT2865317.1000234.TWC_region", "OT");
    Deleted : user_pref("CT2865317.1000234.TWC_temp_dis", "c");
    Deleted : user_pref("CT2865317.1000234.TWC_wind_dis", "kmh");
    Deleted : user_pref("CT2865317.1000234.weatherData", "{\"icon\":\"41.png\",\"temperature\":\"\",\"temperatureC[...]
    Deleted : user_pref("CT2865317.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2865317.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
    Deleted : user_pref("CT2865317.FirstTime", "true");
    Deleted : user_pref("CT2865317.FirstTimeFF3", "true");
    Deleted : user_pref("CT2865317.PairingKey", "0644F5969FABCA4E72C2F59B9BA58D8863AECD00");
    Deleted : user_pref("CT2865317.UserID", "UN19141324964597095");
    Deleted : user_pref("CT2865317.addressBarTakeOverEnabledInHidden", "true");
    Deleted : user_pref("CT2865317.autoDisableScopes", -1);
    Deleted : user_pref("CT2865317.cb_experience_000", "13");
    Deleted : user_pref("CT2865317.cb_firstuse0100", "1");
    Deleted : user_pref("CT2865317.cbcountry_001", "NL");
    Deleted : user_pref("CT2865317.cbfirsttime", "Wed Sep 26 2012 17:15:23 GMT+0200");
    Deleted : user_pref("CT2865317.defaultSearch", "FALSE");
    Deleted : user_pref("CT2865317.embeddedsData", "[{\"appId\":\"129363015615338104\",\"apiPermissions\":{\"cross[...]
    Deleted : user_pref("CT2865317.enableAlerts", "always");
    Deleted : user_pref("CT2865317.enableSearchFromAddressBar", "FALSE");
    Deleted : user_pref("CT2865317.firstTimeDialogOpened", "true");
    Deleted : user_pref("CT2865317.fixPageNotFoundError", "true");
    Deleted : user_pref("CT2865317.fixPageNotFoundErrorInHidden", "true");
    Deleted : user_pref("CT2865317.fixUrls", true);
    Deleted : user_pref("CT2865317.hxxp___socialgrowthtechnologies_com_couponbuddy_v002.APP_WIN_FEATURES", "openpo[...]
    Deleted : user_pref("CT2865317.installId", "fft76CB.tmp.exe");
    Deleted : user_pref("CT2865317.installType", "XPE");
    Deleted : user_pref("CT2865317.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2865317.isNewTabEnabled", true);
    Deleted : user_pref("CT2865317.isPerformedSmartBarTransition", "true");
    Deleted : user_pref("CT2865317.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Deleted : user_pref("CT2865317.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Deleted : user_pref("CT2865317.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
    Deleted : user_pref("CT2865317.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Deleted : user_pref("CT2865317.openThankYouPage", "true");
    Deleted : user_pref("CT2865317.openUninstallPage", "FALSE");
    Deleted : user_pref("CT2865317.scriptSource", "hxxp://127.0.0.1:10000/gui/");
    Deleted : user_pref("CT2865317.search.searchAppId", "129363015615338104");
    Deleted : user_pref("CT2865317.search.searchCount", "0");
    Deleted : user_pref("CT2865317.searchInNewTabEnabledInHidden", "true");
    Deleted : user_pref("CT2865317.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2865317.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
    Deleted : user_pref("CT2865317.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
    Deleted : user_pref("CT2865317.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
    Deleted : user_pref("CT2865317.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT2865317.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT2865317.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
    Deleted : user_pref("CT2865317.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
    Deleted : user_pref("CT2865317.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1348672520632");
    Deleted : user_pref("CT2865317.serviceLayer_services_appsMetadata_lastUpdate", "1348874881758");
    Deleted : user_pref("CT2865317.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1348672521191");
    Deleted : user_pref("CT2865317.serviceLayer_services_login_10.10.27.6_lastUpdate", "1349257015890");
    Deleted : user_pref("CT2865317.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1348672522392");
    Deleted : user_pref("CT2865317.serviceLayer_services_searchAPI_lastUpdate", "1348874882135");
    Deleted : user_pref("CT2865317.serviceLayer_services_serviceMap_lastUpdate", "1349220481599");
    Deleted : user_pref("CT2865317.serviceLayer_services_toolbarContextMenu_lastUpdate", "1348672520986");
    Deleted : user_pref("CT2865317.serviceLayer_services_toolbarSettings_lastUpdate", "1349264216563");
    Deleted : user_pref("CT2865317.serviceLayer_services_translation_lastUpdate", "1349220482128");
    Deleted : user_pref("CT2865317.settingsINI", true);
    Deleted : user_pref("CT2865317.shouldFirstTimeDialog", "false");
    Deleted : user_pref("CT2865317.smartbar.CTID", "CT2865317");
    Deleted : user_pref("CT2865317.smartbar.Uninstall", "0");
    Deleted : user_pref("CT2865317.smartbar.isHidden", true);
    Deleted : user_pref("CT2865317.smartbar.toolbarName", "uTorrentBar_NL ");
    Deleted : user_pref("CT2865317.toolbarBornServerTime", "26-9-2012");
    Deleted : user_pref("CT2865317.toolbarCurrentServerTime", "3-10-2012");
    Deleted : user_pref("CT2865317.uTTorrents", "{\"build\":27886,\"label\":[],\"torrents\":[[\"51176ADB14A090470F[...]
    Deleted : user_pref("CT2865317.url_history0001", "hxxp://voiceactingalliance.com/board/showthread.php?81296-(M[...]
    Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb139?a=6PQL5m40d1&i=26");
    Deleted : user_pref("browser.startup.homepage", "hxxp://mystart.incredibar.com/mb139?a=6PQL5m40d1&i=26");
    Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
    Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
    Deleted : user_pref("extensions.incredibar_i.did", "10650");
    Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
    Deleted : user_pref("extensions.incredibar_i.id", "e8e8b2d1000000000000001c26dc1049");
    Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
    Deleted : user_pref("extensions.incredibar_i.instlDay", "15612");
    Deleted : user_pref("extensions.incredibar_i.instlRef", "");
    Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
    Deleted : user_pref("extensions.incredibar_i.newTab", false);
    Deleted : user_pref("extensions.incredibar_i.ppd", "34%5F6");
    Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
    Deleted : user_pref("extensions.incredibar_i.productid", "26");
    Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
    Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
    Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
    Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQL5m40d1&loc=IB[...]
    Deleted : user_pref("extensions.incredibar_i.upn2", "6PQL5m40d1");
    Deleted : user_pref("extensions.incredibar_i.upn2n", "92543663139703943");
    Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
    Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.148:26:29");
    Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");

    File : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\pbvwln5z.default\prefs.js

    C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\pbvwln5z.default\user.js ... Deleted !

    Deleted : user_pref("CT2865317..clientLogIsEnabled", false);
    Deleted : user_pref("CT2865317..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
    Deleted : user_pref("CT2865317..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
    Deleted : user_pref("CT2865317.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
    Deleted : user_pref("CT2865317.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Deleted : user_pref("CT2865317.CTID", "CT2865317");
    Deleted : user_pref("CT2865317.CurrentServerDate", "22-9-2012");
    Deleted : user_pref("CT2865317.DSInstall", false);
    Deleted : user_pref("CT2865317.DialogsAlignMode", "LTR");
    Deleted : user_pref("CT2865317.DialogsGetterLastCheckTime", "Sat Sep 22 2012 10:22:02 GMT+0200");
    Deleted : user_pref("CT2865317.DownloadReferralCookieData", "");
    Deleted : user_pref("CT2865317.EMailNotifierPollDate", "Wed Apr 11 2012 11:27:44 GMT+0200");
    Deleted : user_pref("CT2865317.FeedLastCount5397019970362056034", 405);
    Deleted : user_pref("CT2865317.FeedPollDate2429156812186649977", "Wed Apr 11 2012 15:22:46 GMT+0200");
    Deleted : user_pref("CT2865317.FeedPollDate2429156813040823546", "Wed Apr 11 2012 15:22:47 GMT+0200");
    Deleted : user_pref("CT2865317.FeedPollDate2429156813130095866", "Wed Apr 11 2012 15:22:46 GMT+0200");
    Deleted : user_pref("CT2865317.FeedPollDate2429156813224203613", "Wed Apr 11 2012 15:22:45 GMT+0200");
    Deleted : user_pref("CT2865317.FeedPollDate2429156813230837251", "Wed Apr 11 2012 15:22:46 GMT+0200");
    Deleted : user_pref("CT2865317.FeedPollDate2429156813454291735", "Wed Apr 11 2012 15:22:48 GMT+0200");
    Deleted : user_pref("CT2865317.FeedPollDate2429156813729834876", "Wed Apr 11 2012 15:22:45 GMT+0200");
    Deleted : user_pref("CT2865317.FeedPollDate2429156813860870021", "Wed Apr 11 2012 15:22:46 GMT+0200");
    Deleted : user_pref("CT2865317.FeedPollDate2429156814264681793", "Wed Apr 11 2012 15:22:49 GMT+0200");
    Deleted : user_pref("CT2865317.FeedPollDate2429156814863075366", "Wed Apr 11 2012 15:22:45 GMT+0200");
    Deleted : user_pref("CT2865317.FeedPollDate2429156815257761081", "Wed Apr 11 2012 15:22:45 GMT+0200");
    Deleted : user_pref("CT2865317.FeedTTL2429156813040823546", 15);
    Deleted : user_pref("CT2865317.FeedTTL2429156813130095866", 10);
    Deleted : user_pref("CT2865317.FeedTTL2429156813454291735", 5);
    Deleted : user_pref("CT2865317.FeedTTL2429156814264681793", 5);
    Deleted : user_pref("CT2865317.FirstServerDate", "11-4-2012");
    Deleted : user_pref("CT2865317.FirstTime", true);
    Deleted : user_pref("CT2865317.FirstTimeFF3", true);
    Deleted : user_pref("CT2865317.FixPageNotFoundErrors", true);
    Deleted : user_pref("CT2865317.GroupingServerCheckInterval", 1440);
    Deleted : user_pref("CT2865317.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Deleted : user_pref("CT2865317.HPInstall", false);
    Deleted : user_pref("CT2865317.HasUserGlobalKeys", true);
    Deleted : user_pref("CT2865317.HomePageProtectorEnabled", false);
    Deleted : user_pref("CT2865317.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
    Deleted : user_pref("CT2865317.Initialize", true);
    Deleted : user_pref("CT2865317.InitializeCommonPrefs", true);
    Deleted : user_pref("CT2865317.InstallationAndCookieDataSentCount", 3);
    Deleted : user_pref("CT2865317.InstallationId", "ConduitXPEIntegration");
    Deleted : user_pref("CT2865317.InstallationType", "ConduitXPEIntegration");
    Deleted : user_pref("CT2865317.InstalledDate", "Wed Apr 11 2012 11:22:44 GMT+0200");
    Deleted : user_pref("CT2865317.IsGrouping", false);
    Deleted : user_pref("CT2865317.IsInitSetupIni", true);
    Deleted : user_pref("CT2865317.IsMulticommunity", false);
    Deleted : user_pref("CT2865317.IsOpenThankYouPage", true);
    Deleted : user_pref("CT2865317.IsOpenUninstallPage", false);
    Deleted : user_pref("CT2865317.LanguagePackLastCheckTime", "Sat Sep 22 2012 10:23:41 GMT+0200");
    Deleted : user_pref("CT2865317.LanguagePackReloadIntervalMM", 1440);
    Deleted : user_pref("CT2865317.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Deleted : user_pref("CT2865317.LastLogin_3.10.0.1", "Wed Apr 11 2012 15:22:44 GMT+0200");
    Deleted : user_pref("CT2865317.LastLogin_3.12.0.7", "Mon Apr 30 2012 13:53:02 GMT+0200");
    Deleted : user_pref("CT2865317.LastLogin_3.12.2.3", "Thu May 31 2012 09:37:59 GMT+0200");
    Deleted : user_pref("CT2865317.LastLogin_3.13.0.6", "Tue Jul 17 2012 09:52:29 GMT+0200");
    Deleted : user_pref("CT2865317.LastLogin_3.14.1.0", "Mon Aug 27 2012 18:37:39 GMT+0200");
    Deleted : user_pref("CT2865317.LastLogin_3.15.1.0", "Sat Sep 22 2012 16:40:21 GMT+0200");
    Deleted : user_pref("CT2865317.LatestVersion", "3.14.1.0");
    Deleted : user_pref("CT2865317.Locale", "nl");
    Deleted : user_pref("CT2865317.MCDetectTooltipHeight", "83");
    Deleted : user_pref("CT2865317.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
    Deleted : user_pref("CT2865317.MCDetectTooltipWidth", "295");
    Deleted : user_pref("CT2865317.MyStuffEnabledAtInstallation", true);
    Deleted : user_pref("CT2865317.OriginalFirstVersion", "3.10.0.1");
    Deleted : user_pref("CT2865317.SearchCaption", "uTorrentBar_NL Customized Web Search");
    Deleted : user_pref("CT2865317.SearchEngineBeforeUnload", "Google");
    Deleted : user_pref("CT2865317.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("CT2865317.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT286[...]
    Deleted : user_pref("CT2865317.SearchInNewTabEnabled", true);
    Deleted : user_pref("CT2865317.SearchInNewTabIntervalMM", 1440);
    Deleted : user_pref("CT2865317.SearchInNewTabLastCheckTime", "Sat Sep 22 2012 10:23:39 GMT+0200");
    Deleted : user_pref("CT2865317.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Deleted : user_pref("CT2865317.SearchProtectorEnabled", false);
    Deleted : user_pref("CT2865317.SearchProtectorToolbarDisabled", false);
    Deleted : user_pref("CT2865317.SendProtectorDataViaLogin", true);
    Deleted : user_pref("CT2865317.ServiceMapLastCheckTime", "Sat Sep 22 2012 10:23:39 GMT+0200");
    Deleted : user_pref("CT2865317.SettingsLastCheckTime", "Sat Sep 22 2012 16:40:20 GMT+0200");
    Deleted : user_pref("CT2865317.SettingsLastUpdate", "1347287073");
    Deleted : user_pref("CT2865317.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2865317&SearchSource=13");
    Deleted : user_pref("CT2865317.ThirdPartyComponentsInterval", 504);
    Deleted : user_pref("CT2865317.ThirdPartyComponentsLastCheck", "Wed Apr 11 2012 11:22:43 GMT+0200");
    Deleted : user_pref("CT2865317.ThirdPartyComponentsLastUpdate", "1256026239");
    Deleted : user_pref("CT2865317.ToolbarShrinkedFromSetup", false);
    Deleted : user_pref("CT2865317.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2865317");
    Deleted : user_pref("CT2865317.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
    Deleted : user_pref("CT2865317.UserID", "UN59044422332449817");
    Deleted : user_pref("CT2865317.WeatherNetwork", "");
    Deleted : user_pref("CT2865317.WeatherPollDate", "Wed Apr 11 2012 11:22:44 GMT+0200");
    Deleted : user_pref("CT2865317.WeatherUnit", "C");
    Deleted : user_pref("CT2865317.alertChannelId", "1257316");
    Deleted : user_pref("CT2865317.autoDisableScopes", "-1");
    Deleted : user_pref("CT2865317.backendstorage.cbcountry_000", "4E4C");
    Deleted : user_pref("CT2865317.backendstorage.cbfirsttime", "5765642041707220313120323031322031313A32323A34392[...]
    Deleted : user_pref("CT2865317.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
    Deleted : user_pref("CT2865317.backendstorage.url_history0001", "687474703A2F2F656E2E77696B6970656469612E6F726[...]
    Deleted : user_pref("CT2865317.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
    Deleted : user_pref("CT2865317.globalFirstTimeInfoLastCheckTime", "Wed Apr 11 2012 11:22:46 GMT+0200");
    Deleted : user_pref("CT2865317.homepageProtectorEnableByLogin", true);
    Deleted : user_pref("CT2865317.initDone", true);
    Deleted : user_pref("CT2865317.isAppTrackingManagerOn", true);
    Deleted : user_pref("CT2865317.myStuffEnabled", true);
    Deleted : user_pref("CT2865317.myStuffPublihserMinWidth", 400);
    Deleted : user_pref("CT2865317.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Deleted : user_pref("CT2865317.myStuffServiceIntervalMM", 1440);
    Deleted : user_pref("CT2865317.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Deleted : user_pref("CT2865317.navigateToUrlOnSearch", false);
    Deleted : user_pref("CT2865317.revertSettingsEnabled", true);
    Deleted : user_pref("CT2865317.searchProtectorDialogDelayInSec", 10);
    Deleted : user_pref("CT2865317.searchProtectorEnableByLogin", true);
    Deleted : user_pref("CT2865317.testingCtid", "");
    Deleted : user_pref("CT2865317.toolbarAppMetaDataLastCheckTime", "Sat Sep 22 2012 10:23:41 GMT+0200");
    Deleted : user_pref("CT2865317.toolbarContextMenuLastCheckTime", "Wed Apr 11 2012 11:22:46 GMT+0200");
    Deleted : user_pref("CT2865317.usagesFlag", 2);
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2865317/CT2865317[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1257316/1252989/NL", "\"0\"[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2865317", [...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2865317",[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=nl", "\"fa0[...]
    Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Johnny Natrium\\AppData\\Roaming\\M[...]
    Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");
    Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?ei=utf-8&[...]
    Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2865317");
    Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2865317");
    Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2865317");
    Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Apr 11 2012 11:22:44 GMT+0200");
    Deleted : user_pref("CommunityToolbar.globalUserId", "6a8ed2b3-5dc3-4195-8103-f7c688eed511");
    Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2865317");
    Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Apr 11 2012 11:22:4[...]
    Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
    Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Apr 11 2012 11:22:52 GMT+020[...]
    Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
    Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
    Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Apr 11 2012 11:22:44 GMT+0200");
    Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
    Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
    Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
    Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
    Deleted : user_pref("CommunityToolbar.notifications.userId", "63aede41-dd03-4175-bf9e-b8791eebf3ae");
    Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
    Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google");
    Deleted : user_pref("browser.search.defaultengine", "Ask.com");
    Deleted : user_pref("browser.search.order.1", "Ask.com");
    Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
    Deleted : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
    Deleted : user_pref("extensions.asktb.apn_dbr", "ff_13.0.1");
    Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
    Deleted : user_pref("extensions.asktb.cbid", "HQ");
    Deleted : user_pref("extensions.asktb.config-updated", false);
    Deleted : user_pref("extensions.asktb.crumb", "2012.06.25+03.52.55-toolbar019iad-NL-QW1lcnNmb29ydCxOZXRoZXJsYW[...]
    Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://nl.ask.com/web?q={query}&qsrc={qsrc}&[...]
    Deleted : user_pref("extensions.asktb.displaybehavior", "");
    Deleted : user_pref("extensions.asktb.displaytext", "");
    Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYNL");
    Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
    Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "NLXX0056");
    Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
    Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
    Deleted : user_pref("extensions.asktb.fresh-install", false);
    Deleted : user_pref("extensions.asktb.guid", "d0c2ad58-8757-45c6-8c44-94fdfe46f0db");
    Deleted : user_pref("extensions.asktb.hpr", "YES");
    Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
    Deleted : user_pref("extensions.asktb.if", "first");
    Deleted : user_pref("extensions.asktb.l", "dis");
    Deleted : user_pref("extensions.asktb.last-config-req", "1348324823448");
    Deleted : user_pref("extensions.asktb.locale", "en_NL");
    Deleted : user_pref("extensions.asktb.location", "Amersfoort,Netherlands");
    Deleted : user_pref("extensions.asktb.lstation", "");
    Deleted : user_pref("extensions.asktb.new-tab-enabled", true);
    Deleted : user_pref("extensions.asktb.news-native-on", true);
    Deleted : user_pref("extensions.asktb.nthp", "YES");
    Deleted : user_pref("extensions.asktb.nthp_prev", "0");
    Deleted : user_pref("extensions.asktb.o", "15785");
    Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
    Deleted : user_pref("extensions.asktb.pstate", "");
    Deleted : user_pref("extensions.asktb.qsrc", "2871");
    Deleted : user_pref("extensions.asktb.r", "5");
    Deleted : user_pref("extensions.asktb.sa", "YES");
    Deleted : user_pref("extensions.asktb.saguid", "E96582C5-BEBA-4D75-A6B6-8ADCD05FB805");
    Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
    Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
    Deleted : user_pref("extensions.asktb.socialmini-first", true);
    Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
    Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
    Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
    Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
    Deleted : user_pref("extensions.asktb.socialmini-speed", "10000");
    Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
    Deleted : user_pref("extensions.asktb.themeid", "");
    Deleted : user_pref("extensions.asktb.timeinstalled", "25-6-2012 12:52:32");
    Deleted : user_pref("extensions.asktb.to", "");
    Deleted : user_pref("extensions.asktb.v", "3.15.2.100013");
    Deleted : user_pref("extensions.asktb.version", "5.15.2.23037");
    Deleted : user_pref("extensions.asktb.volume", "");
    Deleted : user_pref("extensions.enabledAddons", "[email protected]:2.0.2.039,[email protected][...]
    Deleted : user_pref("extensions.foxlingo.addit.defaultAddons", "{ \"software\": {\"20\": {\"id\": \"20\",\"tit[...]
    Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=IMB&o=15785&locale=e[...]

    File : C:\Users\Johnny Natrium\AppData\Roaming\Mozilla\Firefox\Profiles\q3fmh2ap.default\prefs.js

    Deleted : user_pref("CT3220468.BT_Stats", "{\"last_log\":1349688576,\"uuid\":123994198455058,\"seq_id\":5,\"ss[...]
    Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
    Deleted : user_pref("CT3220468.FirstTime", "true");
    Deleted : user_pref("CT3220468.FirstTimeFF3", "true");
    Deleted : user_pref("CT3220468.UserID", "UN09981107346171576");
    Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
    Deleted : user_pref("CT3220468.autoDisableScopes", -1);
    Deleted : user_pref("CT3220468.cb_experience_000", "36");
    Deleted : user_pref("CT3220468.cb_firstuse0100", "1");
    Deleted : user_pref("CT3220468.cbcountry_001", "NL");
    Deleted : user_pref("CT3220468.cbfirsttime", "Wed Oct 03 2012 19:54:36 GMT+0200");
    Deleted : user_pref("CT3220468.defaultSearch", "FALSE");
    Deleted : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...]
    Deleted : user_pref("CT3220468.enableAlerts", "always");
    Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");
    Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");
    Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");
    Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
    Deleted : user_pref("CT3220468.fixUrls", true);
    Deleted : user_pref("CT3220468.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES", "op[...]
    Deleted : user_pref("CT3220468.installId", "fft7477.tmp.exe");
    Deleted : user_pref("CT3220468.installType", "XPE");
    Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3220468.isNewTabEnabled", true);
    Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
    Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
    Deleted : user_pref("CT3220468.openThankYouPage", "true");
    Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");
    Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");
    Deleted : user_pref("CT3220468.search.searchCount", "0");
    Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
    Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
    Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
    Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
    Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
    Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
    Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1349286875273");
    Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1349688694560");
    Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1349286875625");
    Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1349746296544");
    Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1349286875646");
    Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1349688694647");
    Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1349688693639");
    Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1349286875354");
    Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1349746298934");
    Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1349688693707");
    Deleted : user_pref("CT3220468.settingsINI", true);
    Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");
    Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");
    Deleted : user_pref("CT3220468.smartbar.Uninstall", "0");
    Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
    Deleted : user_pref("CT3220468.toolbarBornServerTime", "3-10-2012");
    Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "9-10-2012");
    Deleted : user_pref("CT3220468.url_history0001", "hxxps://www.google.com:::clickhandler:::1349725329940,,,hxxp[...]

    -\\ Google Chrome v24.0.1312.57

    File : C:\Users\Johnny Natrium\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [37427 octets] - [21/02/2013 15:15:25]

    ########## EOF - C:\AdwCleaner[S1].txt - [37488 octets] ##########
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,378
    First Name:
    Kevin
    I wait for the ESET online AV scan result, see what log indicates...
     
  10. JohnnyNatrium

    JohnnyNatrium Thread Starter

    Joined:
    Feb 21, 2013
    Messages:
    17
    Yeah.. It's still scanning
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,378
    First Name:
    Kevin
    OK thanks, I do not wish to know why you run a Keylogger on your system, same with P2P applications. Combofix will remove or try to remove such Keyloggers because of what they are designed to do. All related files you mention are held in the Quarantine folder and can be re-instated if necessary.
    You mention 64 bit versions of svchost running from system32 folder. 64 bit systems do actually run all 64 bit files from the system32 folder, 32 bit versions run from the SysWOW64 folder, can be confusing I guess.
     
  12. JohnnyNatrium

    JohnnyNatrium Thread Starter

    Joined:
    Feb 21, 2013
    Messages:
    17
    I meant that the process svchost.exe was a 32Bit instance, whereas svchost.exe on 64Bit windows are normally 64bit as far as I know. It also turned out to have been causing huge performance issues when I first terminated it.
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,378
    First Name:
    Kevin
    Okey dokey, I`m assuming this is the rogue version you mention:
    c:\users\JOHNNY~1\AppData\Local\Temp\svchost.exe

    Doesn`t really matter how many times you stop or delete that version, it will reappear. There will be a dropper, patched file or possibly a rootkit that will continue to reinstall the rogue file until we find it.
    We can progress after we get the ESET log. You also mentioned running GMER, also the log being excessive. Can you zip up that log file and attach to next reply with ESET log...

    Nearly midnight local time for me, wont be about much longer, sleepy time me thinks...

    Thnk you,

    Kevin..
     
  14. JohnnyNatrium

    JohnnyNatrium Thread Starter

    Joined:
    Feb 21, 2013
    Messages:
    17
    That's the one and I know there's a dropper, but at least the performance gets less bad when don't have it running so I still terminate it after rebooting (when it doesn't run the performance is still not up to speed though).
    Yeah it's after 1am here so I'll send you the logs in the morning and we'll continue.
    Thanks a lot for the help.

    ~Johnny
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,378
    First Name:
    Kevin
    Thanks for the update.....
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1090423

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice