1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

FunMoods once more

Discussion in 'Virus & Other Malware Removal' started by Sypke, Jan 16, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Sypke

    Sypke Thread Starter

    Joined:
    Jan 16, 2013
    Messages:
    31
    Hello all,
    I found your site in my search to remove FunMoods from my Chrome browser (its in Firefox also).
    Glaswegian has given someone detailed instructions on what to do, can someone help me too?
    I think I got it while searching for a driver for my webcam which isnt working anymore cause the driver seems to be compromised (BisonCam NP Pro) and it was included in some download.. Yeah call me stupid.. :S
    Hope someone can help me.

    Regards

    ps. I have run yr Utility but nothing else yet since Im afraid now to do more damage, waiting for yr instructions.

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
    Processor: Intel(R) Pentium(R) CPU P6300 @ 2.27GHz, Intel64 Family 6 Model 37 Stepping 5
    Processor Count: 2
    RAM: 5812 Mb
    Graphics Card: Intel(R) HD Graphics, -1317 Mb
    Hard Drives: C: Total - 299898 MB, Free - 127297 MB; D: Total - 176938 MB, Free - 53480 MB; F: Total - 1430795 MB, Free - 801839 MB;
    Motherboard: CLEVO CO., E7130
    Antivirus: Microsoft Security Essentials, Updated and Enabled
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Hi Sypke,
    -------------------------------------------------------------
    AdwCleaner Download
    Please download AdwCleaner from HERE and save it to your desktop or somewhere you can find it.
    -------------------------------------------------------------
    AdwCleaner Scan
    • Close all open programs and internet browsers.
    • Double click to Start AdwCleaner. (Right click and choose "Run as administrator" in Vista/Win7).
    • Click on the Search button.
    • When the results log pops up, please copy and paste the contents in your reply.
    The log file is saved in the C: drive main directory with this filepath: C:\AdwCleaner[R1].txt. (x in the filename represents the run number)
    When you close/exit adwCleaner, if you get a message about not performing any Deletions, that's OK. We need to evaluate the scan log first.
    ---------------------------------------------
    Download the OTL Scanner
    Please download OTL.exe by OldTimer and save it to your desktop.
    ---------------------------------------------
    Run a Scan with OTL
    • Right click the OTL icon and choose "Run as administrator" to run it.
    • Check the box at the top, labeled Include 64 bit scans
    • Check the boxes labeled :
      • Scan All Users
      • LOP check
      • Purity check
      • Extra Registry > Use SafeList
    • Make sure all other windows are closed to let it run uninterrupted.
    • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
    OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
    The Extras.txt file will only appear the very first time you run OTL.
    Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

    So, we are looking for the log from adwCleaner, and the two logs from OTL.
    Don't attach any. Please post the text from all three. Use separate replies if more convenient.

    askey127
     
  3. Sypke

    Sypke Thread Starter

    Joined:
    Jan 16, 2013
    Messages:
    31
    sorry, I'm having problems posting my scans. It only gives me blank screens in return.. so this is a check to see if I CAN post anything...
     
  4. Sypke

    Sypke Thread Starter

    Joined:
    Jan 16, 2013
    Messages:
    31
    then I'll send them 1 by 1..
    First Adw Cleaner:
    # AdwCleaner v2.106 - Verslag gemaakt op 21/01/2013 om 13:26:10
    # Geactualiseerd op 17/01/2013 door Xplode
    # Besturingssysteem : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Gebruiker : Moon - MOON-PC
    # Opstarten Modus : Normale modus
    # Gelanceerd vanaf : C:\Users\Moon\Desktop\adwcleaner.exe
    # Optie [Zoeken]


    ***** [Diensten] *****


    ***** [Files / Mappen] *****

    File Aanwezig : C:\Users\Moon\AppData\Local\funmoods.crx
    File Aanwezig : C:\Users\Moon\AppData\Local\funmoods-speeddial_sf.crx
    File Aanwezig : C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
    File Aanwezig : C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\zlayglry.default\searchplugins\funmoods.xml
    Map Aanwezig : C:\Program Files (x86)\Funmoods
    Map Aanwezig : C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Map Aanwezig : C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Map Aanwezig : C:\Users\Moon\AppData\Roaming\Funmoods
    Map Aanwezig : C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\zlayglry.default\extensions\[email protected]

    ***** [Register] *****

    Sleutel Aanwezig : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Sleutel Aanwezig : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Sleutel Aanwezig : HKCU\Software\InstallCore
    Sleutel Aanwezig : HKCU\Software\Softonic
    Sleutel Aanwezig : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\f
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\funmoods.dskBnd
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Sleutel Aanwezig : HKLM\Software\InstallCore
    Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
    Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
    Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
    Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
    Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
    Sleutel Aanwezig : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
    Sleutel Aanwezig : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Sleutel Aanwezig : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
    Sleutel Aanwezig : HKU\S-1-5-21-337270257-3910524971-2982363216-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
    Waarde Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Run []
    Waarde Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]

    ***** [Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=download&ir=download&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztB0AtC0AyDtAyB0CyDyEtAtN0D0Tzu0CtAzztCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1969122703
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=download&ir=download&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztB0AtC0AyDtAyB0CyDyEtAtN0D0Tzu0CtAzztCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1969122703
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=download&ir=download&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztB0AtC0AyDtAyB0CyDyEtAtN0D0Tzu0CtAzztCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1969122703
    [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=download&ir=download&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztB0AtC0AyDtAyB0CyDyEtAtN0D0Tzu0CtAzztCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1969122703

    -\\ Mozilla Firefox v16.0.1 (en-US)

    File : C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\zlayglry.default\prefs.js

    Aanwezig : user_pref("browser.search.selectedEngine", "Funmoods");
    Aanwezig : user_pref("browser.startup.homepage", "hxxp://searchfunmoods.com/?f=1&a=download&ir=download&cd=2Xzu[...]
    Aanwezig : user_pref("extensions.enabledAddons", "{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.2,[email protected][...]
    Aanwezig : user_pref("extensions.funmoods.aflt", "download");
    Aanwezig : user_pref("extensions.funmoods.autoRvrt", false);
    Aanwezig : user_pref("extensions.funmoods.cntry", "NL");
    Aanwezig : user_pref("extensions.funmoods.cv", "cv5");
    Aanwezig : user_pref("extensions.funmoods.dfltLng", "");
    Aanwezig : user_pref("extensions.funmoods.dfltSrch", true);
    Aanwezig : user_pref("extensions.funmoods.dnsErr", true);
    Aanwezig : user_pref("extensions.funmoods.envrmnt", "production");
    Aanwezig : user_pref("extensions.funmoods.excTlbr", false);
    Aanwezig : user_pref("extensions.funmoods.hdrMd5", "A97D64EF06B0F39C3CF4B2BB34536963");
    Aanwezig : user_pref("extensions.funmoods.hmpg", true);
    Aanwezig : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=download&ir=download&cd=2[...]
    Aanwezig : user_pref("extensions.funmoods.id", "8CA982A1A537C543");
    Aanwezig : user_pref("extensions.funmoods.instlDay", "15720");
    Aanwezig : user_pref("extensions.funmoods.instlRef", "download");
    Aanwezig : user_pref("extensions.funmoods.isdcmntcmplt", true);
    Aanwezig : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2219:44:38");
    Aanwezig : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
    Aanwezig : user_pref("extensions.funmoods.newTab", true);
    Aanwezig : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=download&ir=download&cd[...]
    Aanwezig : user_pref("extensions.funmoods.prdct", "funmoods");
    Aanwezig : user_pref("extensions.funmoods.prtnrId", "funmoods");
    Aanwezig : user_pref("extensions.funmoods.sg", "none");
    Aanwezig : user_pref("extensions.funmoods.smplGrp", "none");
    Aanwezig : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
    Aanwezig : user_pref("extensions.funmoods.tlbrId", "base");
    Aanwezig : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=download&ir=download&[...]
    Aanwezig : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
    Aanwezig : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2219:44:38");
    Aanwezig : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
    Aanwezig : user_pref("extensions.funmoods_i.newTab", true);
    Aanwezig : user_pref("extensions.funmoods_i.smplGrp", "none");
    Aanwezig : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2219:44:38");

    -\\ Google Chrome v24.0.1312.52

    File : C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Aanwezig [l.17] : urls_to_restore_on_startup = [ "hxxp://www.google.com", "hxxp://searchfunmoods.com/?f=1&a=download&ir=download&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztB0AtC0AyDtAyB0CyDyEtAtN0D0Tzu0CtAzztCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1969122703" ]
    Aanwezig [l.60] : icon_url = "hxxp://searchfunmoods.com/favicon.ico",
    Aanwezig [l.63] : keyword = "funmoods.com",
    Aanwezig [l.66] : search_url = "hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&ir=download&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztB0AtC0AyDtAyB0CyDyEtAtN0D0Tzu0CtAzztCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1969122703",
    Aanwezig [l.2616] : urls_to_restore_on_startup = [ "hxxp://www.google.com", "hxxp://searchfunmoods.com/?f=1&a=download&ir=download&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztB0AtC0AyDtAyB0CyDyEtAtN0D0Tzu0CtAzztCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1969122703" ]

    File : C:\Users\ET\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] De file bevat geen enkele ongeoorloofde invoer.

    *************************

    AdwCleaner[R1].txt - [14169 octets] - [21/01/2013 13:26:10]

    ########## EOF - C:\AdwCleaner[R1].txt - [14230 octets] ##########
     
  5. Sypke

    Sypke Thread Starter

    Joined:
    Jan 16, 2013
    Messages:
    31
    OTL

    OTL logfile created on: 21-1-2013 13:29:15 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Moon\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    5,68 Gb Total Physical Memory | 4,11 Gb Available Physical Memory | 72,43% Memory free
    11,35 Gb Paging File | 9,61 Gb Available in Paging File | 84,65% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 292,87 Gb Total Space | 126,56 Gb Free Space | 43,21% Space Free | Partition Type: NTFS
    Drive D: | 172,79 Gb Total Space | 52,22 Gb Free Space | 30,22% Space Free | Partition Type: NTFS
    Drive F: | 1397,26 Gb Total Space | 774,07 Gb Free Space | 55,40% Space Free | Partition Type: NTFS

    Computer Name: MOON-PC | User Name: Moon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013-01-21 13:24:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Moon\Desktop\OTL.exe
    PRC - [2013-01-11 16:08:20 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Moon\AppData\Local\Facebook\Update\FacebookUpdate.exe
    PRC - [2012-12-22 04:01:00 | 028,538,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Moon\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012-12-18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012-12-14 11:08:52 | 002,255,360 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    PRC - [2012-11-12 14:49:26 | 000,843,208 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    PRC - [2012-10-27 10:19:58 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Moon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2012-10-11 01:33:54 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    PRC - [2012-10-11 01:33:52 | 000,966,072 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
    PRC - [2012-10-09 01:17:54 | 000,580,096 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
    PRC - [2012-09-05 16:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
    PRC - [2012-06-04 09:31:40 | 001,466,760 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
    PRC - [2011-09-23 17:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
    PRC - [2010-07-21 12:41:08 | 002,553,856 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe
    PRC - [2010-03-03 10:49:04 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
    PRC - [2010-02-04 01:28:02 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmsdmon.exe
    PRC - [2010-02-04 01:27:55 | 000,672,424 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
    PRC - [2010-02-04 00:28:07 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86) (x86)\Lexmark 3600-4600 Series\ezprint.exe
    PRC - [2009-06-09 15:03:16 | 000,077,824 | ---- | M] (mychat) -- C:\Program Files (x86)\BisonCam\BisonHK.exe
    PRC - [2007-09-02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013-01-16 22:05:18 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\ab66575fd910b8a98f1799657ca10655\System.Management.ni.dll
    MOD - [2013-01-16 21:25:30 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0e3090b00276c880c156ffd4dba182d8\System.ServiceProcess.ni.dll
    MOD - [2013-01-16 21:24:48 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\eac643efc98dc9a6a4a99aeaa9b29476\System.Windows.Forms.ni.dll
    MOD - [2013-01-16 21:24:41 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4c90787455fc1267eb0ed34fae251d63\System.Drawing.ni.dll
    MOD - [2013-01-16 21:24:39 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\057af5320f0635b638f47ae068a61609\Accessibility.ni.dll
    MOD - [2013-01-16 21:24:22 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\882c3ae8efab45a84545384448d1d8f8\System.Xml.ni.dll
    MOD - [2013-01-16 21:24:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b770dfc28e339820216570f2d70a48c4\System.Configuration.ni.dll
    MOD - [2013-01-16 21:24:18 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\8f587533a8a6189a500496145cc05d07\System.ni.dll
    MOD - [2013-01-16 21:24:13 | 011,495,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9315e3217e6b1345b4ac9008193dc354\mscorlib.ni.dll
    MOD - [2013-01-16 20:22:49 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7f6c86879d27a285cc97c12d59424dd0\System.ServiceProcess.ni.dll
    MOD - [2013-01-16 20:22:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll
    MOD - [2013-01-16 20:22:33 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\2b8c61f577f1ffdd781e18d96d97ee3a\System.Xml.Linq.ni.dll
    MOD - [2013-01-16 20:22:14 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
    MOD - [2013-01-16 20:10:49 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll
    MOD - [2013-01-16 20:10:49 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\af7e2da8fcdb0d788cea0638e157c54b\System.Windows.Forms.ni.dll
    MOD - [2013-01-16 20:10:41 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll
    MOD - [2013-01-16 20:10:40 | 000,745,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\29e65d865f3d8f3710b44d4f7a09fbfc\System.Security.ni.dll
    MOD - [2013-01-16 20:10:37 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll
    MOD - [2013-01-16 20:10:35 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\60674dde4b56087c189f576f36f6720f\PresentationFramework.Aero.ni.dll
    MOD - [2013-01-16 20:10:34 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll
    MOD - [2013-01-16 20:10:34 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
    MOD - [2013-01-16 20:10:29 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll
    MOD - [2013-01-16 20:10:24 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll
    MOD - [2013-01-16 20:10:22 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
    MOD - [2013-01-16 20:10:16 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
    MOD - [2011-09-27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011-09-27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011-08-07 09:52:07 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
    MOD - [2010-07-21 12:41:08 | 002,553,856 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe
    MOD - [2010-02-04 01:28:02 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmsdmon.exe
    MOD - [2010-02-04 01:27:55 | 000,672,424 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
    MOD - [2010-02-04 00:05:09 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxcaps.dll
    MOD - [2010-02-04 00:04:53 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxscw.dll
    MOD - [2010-02-04 00:04:52 | 000,782,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxdrs.dll
    MOD - [2010-02-04 00:02:13 | 000,364,544 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 3600-4600 Series\iptk.dll
    MOD - [2010-02-03 23:52:37 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxdatr.dll
    MOD - [2010-02-03 23:52:33 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxcnv4.dll
    MOD - [2010-02-03 23:52:28 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxcats.dll
    MOD - [2010-02-02 03:30:16 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\app4r.monitor.core.dll
    MOD - [2010-02-02 03:30:16 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\app4r.monitor.common.dll
    MOD - [2010-02-02 03:29:04 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\app4r.devmons.mcmdevmon.dll
    MOD - [2010-01-30 01:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2009-06-06 13:50:32 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Audiodll.dll
    MOD - [2009-02-18 20:57:54 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\BisonCam\KBHookDLL.dll
    MOD - [2007-11-22 03:55:48 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
    MOD - [2007-09-06 04:11:34 | 000,151,552 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 3600-4600 Series\lxdxptp.dll
    MOD - [2007-09-02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
    MOD - [2007-09-02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
    MOD - [2006-12-11 01:10:26 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Hotkey\AudioControlDLL.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012-09-12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012-09-12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011-08-07 10:15:20 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2010-02-03 23:44:10 | 001,039,872 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdxcoms.exe -- (lxdx_device)
    SRV:64bit: - [2010-02-03 23:28:35 | 000,029,184 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)
    SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013-01-08 23:59:16 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013-01-08 21:38:52 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012-12-18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012-12-14 11:08:50 | 002,466,304 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2012-11-09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012-09-05 16:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
    SRV - [2011-09-23 17:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010-03-03 10:49:04 | 000,032,256 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe -- (PowerBiosServer)
    SRV - [2010-02-03 23:43:56 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdxcoms.exe -- (lxdx_device)
    SRV - [2010-02-03 23:28:35 | 000,029,184 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)
    SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012-09-20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
    DRV:64bit: - [2012-09-20 05:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
    DRV:64bit: - [2012-08-30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012-08-21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012-07-09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012-06-27 09:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
    DRV:64bit: - [2012-06-27 09:37:56 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
    DRV:64bit: - [2012-06-27 09:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
    DRV:64bit: - [2012-06-27 09:37:56 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
    DRV:64bit: - [2012-06-27 09:37:56 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
    DRV:64bit: - [2012-06-27 09:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
    DRV:64bit: - [2012-06-27 09:37:56 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV:64bit: - [2012-06-27 09:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
    DRV:64bit: - [2012-03-12 22:06:46 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
    DRV:64bit: - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012-01-10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011-08-07 10:42:57 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011-08-07 10:42:57 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011-08-07 09:55:12 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
    DRV:64bit: - [2011-08-07 08:52:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010-11-21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010-11-21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010-11-21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
    DRV:64bit: - [2010-11-21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010-11-21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2010-11-21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010-11-21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010-11-09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
    DRV:64bit: - [2010-10-15 00:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010-07-27 04:35:33 | 000,168,536 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
    DRV:64bit: - [2010-07-21 10:07:42 | 000,125,920 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)
    DRV:64bit: - [2010-02-26 15:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009-09-17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009-09-08 09:54:44 | 001,178,352 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BisonC07.sys -- (Cam5607)
    DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009-03-18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV - [2009-12-18 10:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
    DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=do...AzztCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1969122703
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&ir=download&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztB0AtC0AyDtAyB0CyDyEtAtN0D0Tzu0CtAzztCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1969122703
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=do...AzztCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1969122703
    IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&ir=download&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztB0AtC0AyDtAyB0CyDyEtAtN0D0Tzu0CtAzztCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1969122703


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-337270257-3910524971-2982363216-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl
    IE - HKU\S-1-5-21-337270257-3910524971-2982363216-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.nl
    IE - HKU\S-1-5-21-337270257-3910524971-2982363216-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
    IE - HKU\S-1-5-21-337270257-3910524971-2982363216-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=do...AzztCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1969122703
    IE - HKU\S-1-5-21-337270257-3910524971-2982363216-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = www,google.nl
    IE - HKU\S-1-5-21-337270257-3910524971-2982363216-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
    IE - HKU\S-1-5-21-337270257-3910524971-2982363216-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 F8 83 EF DE 24 CA 01 [binary data]
    IE - HKU\S-1-5-21-337270257-3910524971-2982363216-1000\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
    IE - HKU\S-1-5-21-337270257-3910524971-2982363216-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-337270257-3910524971-2982363216-1000\..\SearchScopes\{7113DC5C-E4AD-44E7-92C1-29E755753943}: "URL" = http://www.google.nl/search?hl=nl&q={searchTerms}
    IE - HKU\S-1-5-21-337270257-3910524971-2982363216-1000\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&ir=download&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztB0AtC0AyDtAyB0CyDyEtAtN0D0Tzu0CtAzztCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1969122703
    IE - HKU\S-1-5-21-337270257-3910524971-2982363216-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-337270257-3910524971-2982363216-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Funmoods"
    FF - prefs.js..browser.startup.homepage: "http://searchfunmoods.com/?f=1&a=download&ir=download&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztB0AtC0AyDtAyB0CyDyEtAtN0D0Tzu0CtAzztCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1969122703"
    FF - prefs.js..extensions.enabledAddons: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.2
    FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.1


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\Program Files (x86)\Common Files\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Moon\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Moon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Moon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Moon\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Moon\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-12-02 11:10:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-01-11 09:38:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013-01-08 21:38:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

    [2011-09-13 15:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moon\AppData\Roaming\mozilla\Extensions
    [2013-01-15 19:52:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moon\AppData\Roaming\mozilla\Firefox\Profiles\zlayglry.default\extensions
    [2012-10-12 15:03:47 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Moon\AppData\Roaming\mozilla\Firefox\Profiles\zlayglry.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    [2013-01-15 19:52:53 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Moon\AppData\Roaming\mozilla\Firefox\Profiles\zlayglry.default\extensions\[email protected]
    [2012-12-22 18:12:14 | 000,222,578 | ---- | M] () (No name found) -- C:\Users\Moon\AppData\Roaming\mozilla\firefox\profiles\zlayglry.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi
    [2011-09-19 15:01:17 | 000,879,991 | ---- | M] () (No name found) -- C:\Users\Moon\AppData\Roaming\mozilla\firefox\profiles\zlayglry.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}.xpi
    [2013-01-15 19:52:56 | 000,002,349 | ---- | M] () -- C:\Users\Moon\AppData\Roaming\mozilla\firefox\profiles\zlayglry.default\searchplugins\Funmoods.xml
    [2013-01-16 00:41:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012-12-02 11:10:19 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012-10-03 11:08:00 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012-12-02 11:09:53 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Funmoods (Enabled)
    CHR - default_search_provider: search_url = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&ir=download&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztB0AtC0AyDtAyB0CyDyEtAtN0D0Tzu0CtAzztCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1969122703
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Moon\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\Program Files (x86)\Common Files\Nero\BROWSE~1\NPBROW~1.DLL
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\Program Files (x86)\MICROS~2\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\Program Files (x86)\MICROS~2\Office14\NPSPWRAP.DLL
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: Angry Birds = C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
    CHR - Extension: AccuWeather Forecast = C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\anaabbcbolfcclofcpdipmefibpgacgc\1.3_0\
    CHR - Extension: Funmoods = C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.0.1_0\
    CHR - Extension: Weather Forecast = C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfjegdffnhcebgpfhkglkfndolliicdi\1.7_0\
    CHR - Extension: Weather Forecast = C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfjegdffnhcebgpfhkglkfndolliicdi\1.7_0\~
    CHR - Extension: Nieuw tabblad = C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\6.0_0\
    CHR - Extension: Weerplaza = C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\djakjaebiehcbcjclfgifnhipfcobpaa\43_0\
    CHR - Extension: Type Scout = C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedokkaolmkkoeedicihicdeppjjeamj\4_0\
    CHR - Extension: Accuweather For Google Chrome = C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nggdfhmoncbddllphjadgnklmghkiblm\1.0_0\

    O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
    O4:64bit: - HKLM..\Run: [BisonHK] C:\Program Files (x86)\BisonCam\BisonHK.exe (mychat)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [lxdxamon] C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe ()
    O4:64bit: - HKLM..\Run: [lxdxmon.exe] C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe ()
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Rocketdock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Driver Genius] File not found
    O4 - HKLM..\Run: [EzPrint] C:\Program Files (x86) (x86)\Lexmark 3600-4600 Series\ezprint.exe (Lexmark International Inc.)
    O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files (x86) (x86)\Lexmark 3600-4600 Series\lxdxmon.exe ()
    O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-337270257-3910524971-2982363216-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
    O4 - HKU\S-1-5-21-337270257-3910524971-2982363216-1000..\Run: [Facebook Update] C:\Users\Moon\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKU\S-1-5-21-337270257-3910524971-2982363216-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
    O4 - HKU\S-1-5-21-337270257-3910524971-2982363216-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
    O4 - HKU\S-1-5-21-337270257-3910524971-2982363216-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
    O4 - HKU\S-1-5-21-337270257-3910524971-2982363216-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
    O4 - HKU\S-1-5-21-337270257-3910524971-2982363216-1000..\Run: [Spotify Web Helper] C:\Users\Moon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
    O4 - Startup: C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Moon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKU\S-1-5-21-337270257-3910524971-2982363216-1000\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKU\S-1-5-21-337270257-3910524971-2982363216-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F8A16C2-1475-4BA1-9E77-855D12A1AD87}: DhcpNameServer = 192.168.2.254
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010-01-21 03:45:49 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ]
    O32 - AutoRun File - [2002-10-17 03:56:50 | 000,000,036 | RH-- | M] () - F:\autorun.inf -- [ NTFS ]
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013-01-21 13:24:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Moon\Desktop\OTL.exe
    [2013-01-17 10:51:59 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013-01-17 10:51:59 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013-01-17 10:51:59 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013-01-17 10:51:08 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013-01-17 09:15:48 | 000,176,128 | ---- | C] (Bison Inc.) -- C:\Windows\SysWow64\BisonRem.dll
    [2013-01-17 09:15:47 | 000,806,320 | ---- | C] (Bison Electronics. Inc. ) -- C:\Windows\SysWow64\drivers\BisonCam.sys
    [2013-01-17 09:15:26 | 000,000,000 | ---D | C] -- C:\Users\Moon\AppData\Roaming\InstallShield
    [2013-01-16 20:00:59 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
    [2013-01-16 20:00:59 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
    [2013-01-16 19:52:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2013-01-16 19:52:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2013-01-16 19:52:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013-01-16 19:52:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013-01-16 19:52:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2013-01-16 19:52:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2013-01-16 19:52:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2013-01-16 19:52:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2013-01-16 19:52:11 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013-01-16 19:52:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2013-01-16 19:52:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2013-01-16 19:52:11 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013-01-16 19:52:09 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013-01-16 19:52:09 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013-01-16 19:52:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2013-01-16 19:51:33 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
    [2013-01-16 19:51:33 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
    [2013-01-16 19:51:33 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
    [2013-01-16 19:51:33 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
    [2013-01-16 19:51:32 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
    [2013-01-16 19:51:32 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
    [2013-01-16 19:50:52 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
    [2013-01-16 19:50:51 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
    [2013-01-16 19:50:51 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
    [2013-01-16 19:50:51 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
    [2013-01-16 19:44:03 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
    [2013-01-16 19:44:03 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
    [2013-01-16 19:43:55 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
    [2013-01-16 19:43:55 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
    [2013-01-16 19:43:55 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
    [2013-01-16 19:43:55 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
    [2013-01-16 19:43:55 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2013-01-16 19:43:55 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2013-01-16 19:43:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2013-01-16 19:43:55 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
    [2013-01-16 19:43:55 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2013-01-16 19:43:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
    [2013-01-16 19:43:54 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
    [2013-01-16 19:43:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2013-01-16 19:43:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
    [2013-01-16 19:43:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2013-01-16 19:43:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
    [2013-01-16 19:43:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2013-01-16 19:43:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
    [2013-01-16 19:43:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2013-01-16 19:43:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
    [2013-01-16 19:43:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2013-01-16 19:43:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
    [2013-01-16 19:43:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2013-01-16 19:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2013-01-16 19:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2013-01-16 19:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
    [2013-01-16 19:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2013-01-16 19:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
    [2013-01-16 19:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
    [2013-01-16 19:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2013-01-16 19:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
    [2013-01-16 19:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
    [2013-01-16 19:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2013-01-16 19:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
    [2013-01-16 19:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2013-01-16 19:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
    [2013-01-16 19:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2013-01-16 19:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2013-01-16 19:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
    [2013-01-16 19:43:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2013-01-16 19:43:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
    [2013-01-16 19:43:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2013-01-16 19:43:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2013-01-16 19:43:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2013-01-16 19:43:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
    [2013-01-16 19:43:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2013-01-16 19:43:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
    [2013-01-16 19:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2013-01-16 19:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2013-01-16 19:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
    [2013-01-16 19:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2013-01-16 19:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2013-01-16 19:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
    [2013-01-16 19:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2013-01-16 19:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2013-01-16 19:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2013-01-16 19:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
    [2013-01-16 19:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
    [2013-01-16 19:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2013-01-16 19:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
    [2013-01-16 19:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2013-01-16 19:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
    [2013-01-16 19:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
    [2013-01-16 19:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2013-01-16 19:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
    [2013-01-16 19:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2013-01-16 19:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
    [2013-01-16 19:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2013-01-16 19:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
    [2013-01-16 19:43:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2013-01-16 19:43:42 | 000,755,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
    [2013-01-16 19:43:42 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
    [2013-01-16 19:43:16 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
    [2013-01-16 19:43:16 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
    [2013-01-16 19:43:16 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
    [2013-01-16 19:43:16 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
    [2013-01-16 19:43:16 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
    [2013-01-16 19:43:16 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
    [2013-01-16 19:43:16 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
    [2013-01-16 19:43:16 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
    [2013-01-16 19:43:16 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
    [2013-01-16 19:43:16 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
    [2013-01-16 19:43:16 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
    [2013-01-16 19:43:16 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
    [2013-01-16 19:43:16 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
    [2013-01-16 19:43:16 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
    [2013-01-16 19:43:16 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
    [2013-01-16 19:43:16 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
    [2013-01-16 19:43:16 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
    [2013-01-16 19:43:16 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
    [2013-01-16 19:43:15 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
    [2013-01-16 19:43:15 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
    [2013-01-16 19:43:15 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
    [2013-01-16 19:43:15 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
    [2013-01-16 19:43:15 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
    [2013-01-16 19:43:15 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
    [2013-01-16 19:43:15 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
    [2013-01-16 19:43:15 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
    [2013-01-16 19:43:15 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
    [2013-01-16 19:43:15 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
    [2013-01-16 19:43:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
    [2013-01-16 19:43:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
    [2013-01-16 19:43:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
    [2013-01-16 19:43:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
    [2013-01-16 19:42:33 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
    [2013-01-16 19:42:27 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
    [2013-01-16 19:42:27 | 000,288,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
    [2013-01-16 19:42:27 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
    [2013-01-16 19:42:27 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
    [2013-01-16 19:42:27 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
    [2013-01-16 19:42:27 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
    [2013-01-16 19:42:26 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
    [2013-01-16 19:42:26 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
    [2013-01-16 19:42:22 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
    [2013-01-16 19:42:22 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
    [2013-01-16 19:42:22 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
    [2013-01-16 19:42:20 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
    [2013-01-16 19:42:20 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
    [2013-01-16 19:42:19 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
    [2013-01-16 19:42:18 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
    [2013-01-16 00:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
    [2013-01-15 19:45:14 | 000,000,000 | ---D | C] -- C:\hp
    [2013-01-15 19:44:50 | 000,000,000 | ---D | C] -- C:\Users\Moon\AppData\Roaming\Funmoods
    [2013-01-15 19:44:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funmoods
    [2013-01-12 18:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
    [2013-01-12 17:40:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin GPS Plugin
    [2013-01-12 17:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
    [2013-01-12 17:40:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin
    [2013-01-12 17:40:21 | 000,000,000 | ---D | C] -- C:\Users\Moon\AppData\Roaming\Garmin
    [2013-01-12 14:01:09 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
    [2013-01-12 13:53:21 | 000,000,000 | ---D | C] -- C:\Users\Moon\AppData\Local\LogMeIn Hamachi
    [2013-01-12 13:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
    [2013-01-12 13:52:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
    [2013-01-08 21:38:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
    [2013-01-04 22:49:49 | 000,000,000 | ---D | C] -- C:\Users\Moon\AppData\Roaming\logs
    [2013-01-04 22:49:49 | 000,000,000 | ---D | C] -- C:\Users\Moon\AppData\Roaming\.techniclauncher
    [2013-01-04 22:49:40 | 000,059,392 | ---- | C] (Technic) -- C:\Users\Moon\Desktop\TechnicLauncher.exe
    [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013-01-21 13:28:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-337270257-3910524971-2982363216-1000UA.job
    [2013-01-21 13:24:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Moon\Desktop\OTL.exe
    [2013-01-21 13:21:51 | 000,574,677 | ---- | M] () -- C:\Users\Moon\Desktop\adwcleaner.exe
    [2013-01-21 13:15:17 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013-01-21 13:13:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-337270257-3910524971-2982363216-1000UA.job
    [2013-01-21 13:12:03 | 000,024,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013-01-21 13:12:03 | 000,024,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013-01-21 13:05:05 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
    [2013-01-21 13:04:56 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe
    [2013-01-21 13:04:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013-01-21 13:04:27 | 276,140,031 | -HS- | M] () -- C:\hiberfil.sys
    [2013-01-20 23:59:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013-01-20 23:33:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013-01-20 16:28:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-337270257-3910524971-2982363216-1000Core.job
    [2013-01-20 16:13:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-337270257-3910524971-2982363216-1000Core.job
    [2013-01-18 09:41:57 | 001,671,354 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013-01-18 09:41:57 | 000,746,336 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
    [2013-01-18 09:41:57 | 000,655,090 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013-01-18 09:41:57 | 000,153,510 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
    [2013-01-18 09:41:57 | 000,121,962 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013-01-16 21:18:46 | 000,438,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013-01-16 20:12:04 | 001,649,514 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013-01-15 19:44:40 | 000,368,102 | ---- | M] () -- C:\Users\Moon\AppData\Local\funmoods-speeddial_sf.crx
    [2013-01-15 19:44:40 | 000,031,465 | ---- | M] () -- C:\Users\Moon\AppData\Local\funmoods.crx
    [2013-01-13 01:55:07 | 000,029,303 | ---- | M] () -- C:\Users\Moon\Documents\Mogushan Vaults.odt
    [2013-01-12 18:45:13 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Lifetime Updater.lnk
    [2013-01-12 17:45:03 | 000,019,761 | ---- | M] () -- C:\Users\Moon\Documents\janine.odt
    [2013-01-12 03:30:18 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013-01-12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013-01-12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013-01-11 20:31:46 | 000,002,293 | ---- | M] () -- C:\Users\Moon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013-01-09 20:52:13 | 000,002,124 | ---- | M] () -- C:\Users\Moon\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
    [2013-01-08 23:59:15 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013-01-08 23:59:15 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013-01-07 15:24:08 | 000,582,227 | ---- | M] () -- C:\Users\Moon\AppData\Roaming\technic-launcher.jar
    [2013-01-06 09:03:11 | 000,583,353 | ---- | M] () -- C:\Users\Moon\AppData\Roaming\technic-launcher.jar.bak
    [2013-01-04 22:49:42 | 000,059,392 | ---- | M] (Technic) -- C:\Users\Moon\Desktop\TechnicLauncher.exe
    [2012-12-27 16:20:40 | 000,001,051 | ---- | M] () -- C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2012-12-27 16:19:58 | 000,001,017 | ---- | M] () -- C:\Users\Moon\Desktop\Dropbox.lnk
    [2012-12-22 21:29:03 | 000,633,773 | ---- | M] () -- C:\Users\Moon\Desktop\2012-12-017.jpg
    [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013-01-21 13:21:45 | 000,574,677 | ---- | C] () -- C:\Users\Moon\Desktop\adwcleaner.exe
    [2013-01-17 09:15:51 | 000,180,224 | ---- | C] () -- C:\Windows\System\StillDrv.dll
    [2013-01-17 09:15:51 | 000,126,976 | ---- | C] () -- C:\Windows\System\BisonCam.dll
    [2013-01-17 09:15:51 | 000,090,112 | ---- | C] () -- C:\Windows\System\BisonVfw.dll
    [2013-01-17 09:15:51 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
    [2013-01-17 09:15:51 | 000,013,448 | ---- | C] () -- C:\Windows\M2000Twn.src
    [2013-01-17 09:15:51 | 000,002,264 | ---- | C] () -- C:\Windows\System\S20H0220.csr
    [2013-01-17 09:15:51 | 000,002,264 | ---- | C] () -- C:\Windows\System\S20F0220.csr
    [2013-01-16 20:01:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2013-01-16 19:50:50 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2013-01-15 19:44:49 | 000,368,102 | ---- | C] () -- C:\Users\Moon\AppData\Local\funmoods-speeddial_sf.crx
    [2013-01-15 19:44:47 | 000,031,465 | ---- | C] () -- C:\Users\Moon\AppData\Local\funmoods.crx
    [2013-01-12 20:59:19 | 000,029,303 | ---- | C] () -- C:\Users\Moon\Documents\Mogushan Vaults.odt
    [2013-01-12 18:45:13 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Garmin Lifetime Updater.lnk
    [2013-01-11 16:08:22 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-337270257-3910524971-2982363216-1000UA.job
    [2013-01-11 16:08:22 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-337270257-3910524971-2982363216-1000Core.job
    [2013-01-04 22:49:49 | 000,583,353 | ---- | C] () -- C:\Users\Moon\AppData\Roaming\technic-launcher.jar.bak
    [2013-01-04 22:49:49 | 000,582,227 | ---- | C] () -- C:\Users\Moon\AppData\Roaming\technic-launcher.jar
    [2012-12-22 21:29:03 | 000,633,773 | ---- | C] () -- C:\Users\Moon\Desktop\2012-12-017.jpg
    [2012-11-27 21:51:07 | 000,003,584 | ---- | C] () -- C:\Users\Moon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012-08-10 19:51:42 | 000,001,176 | ---- | C] () -- C:\Users\Moon\OpenOffice.org 3.4.lnk
    [2012-07-08 11:17:37 | 000,001,803 | ---- | C] () -- C:\Users\Moon\Spotify.lnk
    [2012-07-05 09:17:56 | 000,001,184 | ---- | C] () -- C:\Users\Moon\Paint.NET.lnk
    [2012-06-04 13:02:13 | 000,002,288 | ---- | C] () -- C:\Users\Moon\MediaImpression 3.1 for PENTAX.lnk
    [2012-05-29 14:31:25 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe
    [2012-05-29 14:14:47 | 000,001,221 | ---- | C] () -- C:\Users\Moon\Driver Genius Professional Edition.lnk
    [2012-05-24 10:51:56 | 000,002,001 | ---- | C] () -- C:\Users\Moon\Kies Air Discovery Service.lnk
    [2012-05-12 16:31:32 | 000,001,825 | ---- | C] () -- C:\Users\Moon\Tango.lnk
    [2012-04-05 12:39:44 | 000,001,012 | ---- | C] () -- C:\Users\Moon\IrfanView.lnk
    [2012-03-28 20:35:07 | 000,001,077 | ---- | C] () -- C:\Users\Moon\rustano.png
    [2012-02-29 21:18:28 | 000,002,033 | ---- | C] () -- C:\Users\Moon\Adobe Reader X .lnk
    [2012-01-20 15:59:25 | 000,001,085 | ---- | C] () -- C:\Users\Moon\PIXresizer.lnk
    [2012-01-10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2011-12-03 17:36:38 | 000,001,080 | ---- | C] () -- C:\Users\Moon\VLC media player.lnk
    [2011-12-02 15:55:40 | 000,151,272 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2011-12-02 13:46:07 | 000,001,967 | ---- | C] () -- C:\Users\Moon\Samsung Kies.lnk
    [2011-11-29 16:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2011-11-29 16:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
    [2011-11-29 16:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
    [2011-11-29 16:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
    [2011-11-29 16:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
    [2011-11-16 16:03:54 | 000,001,114 | ---- | C] () -- C:\Users\Moon\Lexmark Productivity Studio - 3600-4600 Series.LNK
    [2011-11-16 16:03:40 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxinpa.dll
    [2011-11-16 16:03:40 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDXinst.dll
    [2011-11-16 16:03:40 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdxcomx.dll
    [2011-11-16 16:03:39 | 001,105,920 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxserv.dll
    [2011-11-16 16:03:39 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxusb1.dll
    [2011-11-16 16:03:39 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxpmui.dll
    [2011-11-16 16:03:39 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxiesc.dll
    [2011-11-16 16:03:39 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\lxdxinsr.dll
    [2011-11-16 16:03:39 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxdxcur.dll
    [2011-11-16 16:03:38 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxhbn3.dll
    [2011-11-16 16:03:38 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcoms.exe
    [2011-11-16 16:03:38 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxlmpm.dll
    [2011-11-16 16:03:38 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxih.exe
    [2011-11-16 16:03:38 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxprox.dll
    [2011-11-16 16:03:37 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomc.dll
    [2011-11-16 16:03:37 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomm.dll
    [2011-11-16 16:03:37 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcfg.exe
    [2011-10-11 20:58:01 | 000,001,797 | ---- | C] () -- C:\Users\Moon\iTunes.lnk
    [2011-10-11 08:52:49 | 000,000,690 | ---- | C] () -- C:\Users\Moon\D-Downloads.lnk
    [2011-09-29 19:04:49 | 000,000,536 | ---- | C] () -- C:\Users\Moon\SABnzbd.lnk
    [2011-09-27 17:46:33 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdxdrs.dll
    [2011-09-27 17:46:33 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdxcaps.dll
    [2011-09-21 09:11:06 | 000,001,859 | ---- | C] () -- C:\Users\Moon\QuickTime Player.lnk
    [2011-09-19 14:40:38 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdxcnv4.dll
    [2011-09-13 21:37:53 | 000,000,921 | ---- | C] () -- C:\Users\Moon\Ventrilo.lnk
    [2011-09-13 21:37:50 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2011-09-13 13:01:56 | 000,000,226 | ---- | C] () -- C:\Windows\OEM.ini
    [2011-09-13 13:01:55 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
    [2011-08-31 11:51:16 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2011-08-31 11:51:16 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2011-08-31 11:51:16 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2011-08-11 13:08:57 | 001,649,514 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011-08-07 10:28:00 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2011-07-30 10:57:46 | 003,999,744 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
    [2011-07-12 18:56:50 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2011-07-03 21:48:42 | 000,147,456 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
    [2011-06-17 08:26:10 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2011-06-17 08:17:28 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

    ========== ZeroAccess Check ==========

    [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012-06-05 06:54:35 | 000,000,000 | ---D | M] -- C:\Users\ET\AppData\Roaming\Thunderbird
    [2013-01-20 09:11:45 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\.minecraft
    [2013-01-07 16:24:37 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\.techniclauncher
    [2012-03-30 09:55:44 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\Belastingdienst
    [2011-10-13 19:00:22 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\DAEMON Tools Lite
    [2013-01-21 13:15:36 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\Dropbox
    [2011-12-25 10:24:02 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\flightgear.org
    [2011-12-25 10:25:36 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\fltk.org
    [2013-01-15 19:44:50 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\Funmoods
    [2013-01-12 18:44:35 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\Garmin
    [2012-04-05 12:39:44 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\IrfanView
    [2012-08-21 13:06:26 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\Lexmark Productivity Studio
    [2013-01-07 16:24:06 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\logs
    [2011-10-24 13:46:52 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\OpenOffice.org
    [2012-08-31 09:13:58 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\Samsung
    [2013-01-07 12:10:40 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\Spotify
    [2012-07-04 21:46:31 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\Temp
    [2011-09-13 15:14:42 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\Thunderbird
    [2012-06-27 00:03:20 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\TS3Client
    [2012-01-28 20:22:15 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\ts3overlay

    ========== Purity Check ==========



    < End of report >
     
  6. Sypke

    Sypke Thread Starter

    Joined:
    Jan 16, 2013
    Messages:
    31
    OTL Extras logfile created on: 21-1-2013 13:29:15 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Moon\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    5,68 Gb Total Physical Memory | 4,11 Gb Available Physical Memory | 72,43% Memory free
    11,35 Gb Paging File | 9,61 Gb Available in Paging File | 84,65% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 292,87 Gb Total Space | 126,56 Gb Free Space | 43,21% Space Free | Partition Type: NTFS
    Drive D: | 172,79 Gb Total Space | 52,22 Gb Free Space | 30,22% Space Free | Partition Type: NTFS
    Drive F: | 1397,26 Gb Total Space | 774,07 Gb Free Space | 55,40% Space Free | Partition Type: NTFS

    Computer Name: MOON-PC | User Name: Moon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-337270257-3910524971-2982363216-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UacDisableNotify" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03FF2141-8487-4A5F-88B2-24D254355EF9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{15CF0C69-DA66-48C6-9820-7D23C0B319AB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{1C5E7933-2110-4E76-B9F5-2AA65975F68E}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{2248721B-3501-4861-8505-25E285C7BF87}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{25C0E8C6-AB83-4509-B69C-3A6FD303BC0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3423B294-1FB3-4B35-AE8B-775615048F9E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{34D00712-B469-4760-B22F-1C10EB0AAA18}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{37319D36-9C0A-4EAD-AD33-1F21C745A65F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{3CD49B40-1D92-4377-B1A8-D6100F2A2965}" = lport=138 | protocol=17 | dir=in | app=system |
    "{3ECC7EBE-7259-452A-9DCF-C0CD1D9F66A8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{499A4906-1F69-4D09-8ACB-B79B89319A1F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{4FB3D207-A151-4AC3-9A84-FAB4C8DAD1DB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{5A87F414-C49F-4F22-8460-C5105BF7B0F5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{640D3810-1312-41B3-BB6C-6A80B54F3498}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{67469120-C1DF-43D9-BBF3-F7A7E8D876BB}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{6F752093-21E3-49CB-9E36-C1A9C0E3173C}" = lport=139 | protocol=6 | dir=in | app=system |
    "{76CF5A29-798E-45B8-B479-6C8A393147E8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{781EA8B5-91B4-4EC4-B337-DC8B1AE3ABE7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{8E14643A-0A0F-4B1C-98B6-04ADFCE925AD}" = rport=137 | protocol=17 | dir=out | app=system |
    "{A03F10BE-5567-478F-BBCF-59B2248CE009}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{A2F56DA0-306C-419A-AD3B-7416D93431C5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B3BFE844-C05D-41B6-BE7C-5B4D08E263B8}" = lport=137 | protocol=17 | dir=in | app=system |
    "{BB28F04D-219E-4877-81B5-F15C9057BA2F}" = rport=138 | protocol=17 | dir=out | app=system |
    "{C6CD0385-9116-4562-A00C-49E4BB86785B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{CB06492B-EFA7-4EFF-A1F0-7CBEB253177E}" = rport=445 | protocol=6 | dir=out | app=system |
    "{CBB21151-FB01-49EB-92EF-DD0219AD69FD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D5CE5DAF-98C0-4888-8960-9F2259F17AA0}" = rport=139 | protocol=6 | dir=out | app=system |
    "{FD89B2D0-DDD1-4F7D-968E-FA83FDB6E4C5}" = lport=445 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0247FD14-1068-46FC-9FBB-010CBF78C9FC}" = protocol=6 | dir=in | app=c:\users\moon\appdata\roaming\spotify\spotify.exe |
    "{02E802AE-C64A-49ED-9338-9BF209DE42A8}" = protocol=6 | dir=in | app=c:\users\moon\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{096A7382-E602-49D8-A6FC-DA42073866E5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{0C8F81DC-471A-43CA-BF28-8009BC929385}" = protocol=17 | dir=in | app=c:\windows\system32\lxdxcoms.exe |
    "{0CAAE223-85B2-4E1A-B01D-0FE50DAE1D66}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
    "{0D17038A-9913-43A1-B19B-80E44458FC2E}" = protocol=17 | dir=in | app=c:\users\moon\appdata\roaming\spotify\spotify.exe |
    "{12FA2569-5268-462F-B594-99D3899CDD4F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1607009C-A63B-49BF-9638-2D8B91FCA785}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
    "{16800D9D-431C-40CC-A050-BC98CC75B7F1}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe |
    "{1F5B9CA1-27B6-4678-8445-31DAB2E6B8CB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{2043FF8D-AFED-42A1-81A3-EFCA7E766615}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
    "{228ADF5F-DDE2-4E25-9A24-C38B4FC2FB92}" = protocol=17 | dir=in | app=c:\program files (x86)\tango\tango.exe |
    "{246268E8-106A-4423-99D1-49881FD66108}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{24A2369B-0DD6-4C14-A57F-53B599FE0CF5}" = protocol=6 | dir=in | app=c:\users\moon\appdata\local\apps\2.0\xlyd2132.rnb\ezyxdewh.4lz\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\curseclient.exe |
    "{264430DB-1DFD-4449-820D-A0D2D0EADD58}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{2C1DC9AD-2866-4475-95B7-861C0F1F83D5}" = protocol=58 | dir=out | [email protected],-28546 |
    "{2C238A00-FA7D-49E5-A0A6-5B9F76935D43}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxjswx.exe |
    "{2D2B811E-55B3-4343-BA8F-092854509E31}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
    "{303C031C-2FCE-44E3-94E5-2D470C408414}" = protocol=58 | dir=in | [email protected],-28545 |
    "{347A7873-2C82-4BCC-AE1C-DF200CE38DCA}" = protocol=1 | dir=in | [email protected],-28543 |
    "{36167A16-8EE2-4F11-9805-FAC47748983A}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
    "{365D7CC6-4A93-4F15-B49C-E5E63243AFD5}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\diagnostics\lxdxdiag.exe |
    "{3C8E6D60-39F3-4D9B-A721-F4506A7DB4D4}" = protocol=6 | dir=in | app=c:\users\moon\appdata\local\apps\2.0\xlyd2132.rnb\ezyxdewh.4lz\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\curseclient.exe |
    "{3E433545-4CFC-4EF6-8A9C-DE3BEE15E77B}" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 3600-4600 series\lxdxmon.exe |
    "{3EF94901-EE95-4A8B-BB6E-63A3DB9245C9}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\frun.exe |
    "{405F11C3-9136-4093-BDE8-DA8830FDCB01}" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 3600-4600 series\lxdxmon.exe |
    "{4080A1E4-E582-4297-AD59-6388854CC25D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{471DB2AD-2B21-4A75-A09B-0CD1BB4C682C}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxamon.exe |
    "{49E0C677-F006-4A92-9739-9B4E54FC070E}" = protocol=17 | dir=in | app=c:\users\moon\appdata\roaming\spotify\spotify.exe |
    "{49F62D36-91DE-4E71-9936-334AD47031E6}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe |
    "{4BF21C4F-8EE3-47D4-BEFB-4D78670C8D60}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{505061CA-6AE7-4C20-BDA3-232CC775EB75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{55604EF5-2620-41FA-8A75-FCAC55353089}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{56184715-354F-4312-9C33-1455B9210D1D}" = protocol=17 | dir=in | app=c:\users\moon\appdata\local\apps\2.0\xlyd2132.rnb\ezyxdewh.4lz\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\curseclient.exe |
    "{58381D3E-B62D-4BB7-A865-DC5DE6064A46}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxamon.exe |
    "{58ACB677-5351-4573-90A1-119604F39B72}" = protocol=17 | dir=in | app=c:\users\moon\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{58EDAA2D-8BF5-4B6C-B0E3-F4D2305F8CA3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
    "{5B88DA61-C290-4297-9AAD-67B57EFA573B}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
    "{5E0D0F72-6835-40C1-9BCD-AB11D2E4793A}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
    "{5E4DEEF4-79F4-4825-A267-A5413F333680}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{6221A8A6-9133-46B6-B355-55936BFA8D5B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
    "{62676C28-EBED-4709-BBE6-09B44043D5C5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{652D1FE5-0066-4660-8681-D81EEB947CC1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{68D13E86-378E-44BE-BCC2-26A472799BE9}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\diagnostics\lxdxdiag.exe |
    "{6A588F04-B72E-4635-8B49-FE4BBDAF08D6}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxtime.exe |
    "{71DF0B43-21C1-4DC2-9DCE-CC213125E19D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
    "{739B997A-3913-4E18-9C2F-1C0840DFA0D7}" = protocol=17 | dir=in | app=c:\users\moon\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{7767EDC1-5E54-422B-8035-DB1CFCAA9A27}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
    "{79A715A6-B26B-4382-AA4C-23D49BD42C0D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{7CDD5E3B-22AC-450B-A8CE-795BBD474410}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
    "{805EAFF5-9149-45F1-906D-C16CF63EADEB}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdxcoms.exe |
    "{80D40B02-36C8-40EB-A227-5DB6AF0425B8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{81B83A3C-0007-4FB4-852F-C2B44310DCD5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
    "{83466558-D4FE-4BAE-8871-0C96089C9F8C}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxjswx.exe |
    "{835BBB76-3924-4D83-A5CC-DFA3320CBBC6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{8AE45EDC-ACDF-4651-8D1C-A0699E26D937}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
    "{8BB6AFAB-9328-4F0F-B51B-3F5C548B4D5D}" = protocol=6 | dir=in | app=c:\program files (x86)\tango\tango.exe |
    "{8C325B37-B34C-4BE2-AE3A-620609A9F6B4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
    "{8C35D5AE-2224-4BFB-BEF9-614CE6E0BE88}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
    "{90E93BA1-732F-48FF-AF75-C4CC12B7BFAF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{937BC891-0DD2-41F8-B80D-BAC81E50927D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{93A34C27-A099-4BB0-8757-B5E64A0409E4}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe |
    "{95F91779-265E-4CFC-B3E8-34CD66454666}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
    "{97061C0D-E042-44A0-AD95-EA1A5674D334}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{986E938C-62AD-432D-90C3-73BA3030B5F3}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxtime.exe |
    "{9957EE83-8439-4A4B-A244-6E4C8E83EAD4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{9B2D84ED-3D4E-45EF-B816-6D84DAAC54D7}" = protocol=6 | dir=in | app=c:\windows\system32\lxdxcoms.exe |
    "{9DF3C284-23D9-420C-9D2D-F92E206C2676}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
    "{A00C8604-2B8A-433A-BFCE-9EF00EE57643}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
    "{A1AA0700-3982-4EA5-A5B8-1ADF58916693}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
    "{A3B276C8-0762-4902-A811-12E7821F91B7}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\frun.exe |
    "{A5ECEEB8-18C1-44D4-985B-F27AB2C91AE8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{A80AF216-6725-4080-BEF0-463B70FBD0DA}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
    "{AE51ACBD-B9AE-45BD-A6AE-F916E24DA912}" = protocol=6 | dir=out | app=system |
    "{B09B6D97-612D-477A-8A8F-0A439F9E9CA2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B178C79A-00BE-48D0-89BC-BA26BBAF035D}" = protocol=17 | dir=in | app=c:\users\moon\appdata\roaming\dropbox\bin\dropbox.exe |
    "{B2765176-9E1E-42C4-B042-87816F039091}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdxcoms.exe |
    "{B35AFD24-74A1-485F-A65A-630C883E5E7D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B518BB58-1C38-4A7C-A1AE-A5EFEF1EA07F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{B9690CAF-F227-431F-AEF0-8FB0275B3B5E}" = protocol=17 | dir=in | app=c:\users\moon\appdata\local\apps\2.0\xlyd2132.rnb\ezyxdewh.4lz\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\curseclient.exe |
    "{BBB4CD87-E906-4CCC-955D-F0F8535D3A2E}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxtime.exe |
    "{BF018CFC-5D89-40B9-9EB3-479F91C3FFF1}" = protocol=1 | dir=out | [email protected],-28544 |
    "{C0AB1E6B-3917-4ADA-BE29-E9DF26A86410}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{C16C29C8-69E6-4583-B0A0-1CB6FC25D05D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
    "{C217C8FC-E8C1-4341-9125-0F074E1C639F}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe |
    "{C25EC808-99F8-48D0-86A2-4591E061A037}" = protocol=6 | dir=in | app=c:\users\moon\appdata\roaming\dropbox\bin\dropbox.exe |
    "{C285E76D-BB7F-4FE1-91E9-E9B8DA4C0F27}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{C33F6645-1F0D-41A1-91B4-B19844787B43}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
    "{CA29C12D-5655-4F30-87E1-6AF0FD8840BB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
    "{CBE70A1F-D0D3-4B61-86E7-49987D072C1C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |
    "{CE99C138-F6DA-4EAA-80C0-E50C90776D39}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
    "{CF9999E6-EC0F-4924-B357-0F8961BA2362}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
    "{D28576F8-F4BB-47A0-B166-41DBEC1684D3}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{D2E297D4-23D3-4090-BE7C-20F1080DC1EB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{D8645307-75AF-46CE-9F9D-00371B97C715}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{DA570F99-6800-44BC-AC36-6F8DD1AF7FA6}" = protocol=58 | dir=in | app=system |
    "{DB8384F7-5D7B-498E-93CF-F39A18479976}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
    "{DBADD9EC-22C1-47B3-9382-3FB61352480D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
    "{DD522A0A-E530-451A-A1BA-506AE200D560}" = dir=in | app=c:\users\moon\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{DEFE1184-3F2D-42F1-8D85-4811D02659F2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
    "{DF4981D5-633E-4DD4-9562-F98C64F766FD}" = protocol=6 | dir=in | app=c:\users\moon\appdata\roaming\spotify\spotify.exe |
    "{E30E9E7A-E84B-4820-941E-B61C50256C86}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxtime.exe |
    "{E33FB780-BC12-40EE-9BFD-FEC220EC8399}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{E584298E-857F-4DA3-90EA-5F529B5981DF}" = protocol=58 | dir=out | [email protected],-503 |
    "{EDAF8CE9-2851-4D06-8C37-ACC8927A50F6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
    "{F089D8CA-9345-4FA0-B918-E1FB1176F9E8}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{F5CCC4EA-77BC-469D-B8EC-0AEE6E28675F}" = protocol=6 | dir=in | app=c:\users\moon\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{F88A2748-A204-4E99-81DD-E093930736CF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{FA3146D7-8982-46D9-BC1F-9B657BC937C7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |
    "{FC5015AF-F663-416D-A01F-073E7D6C7D62}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
    "{FCC0DEC8-9522-4F25-A9E5-17293DA84F67}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
    "TCP Query User{08B9F43C-64C1-48FB-B07C-70118ABB186E}D:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
    "TCP Query User{11C32145-A60B-46E2-88A2-073D6BA75E6C}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
    "TCP Query User{251F867A-F4C2-4B07-AA6C-8C3F0C25EBD0}C:\users\moon\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\moon\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{2E928980-E607-465F-858D-F5D2967DBE27}D:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
    "TCP Query User{3E2B23DC-DEC9-4103-A4C0-7E20AE874A72}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
    "TCP Query User{674A90C1-6E06-4DFA-AA87-42E2958FA462}C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe |
    "TCP Query User{88447832-8F76-4396-8664-E8A8A03F9227}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "TCP Query User{B42F87D3-ECD4-4D29-8F3E-728EC8F3CCF1}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
    "TCP Query User{B53C4D5F-071F-480E-B160-405850C54732}C:\program files (x86) (x86)\lexmark 3600-4600 series\lxdxmon.exe" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 3600-4600 series\lxdxmon.exe |
    "TCP Query User{B97C6F6B-6E8C-45E7-8E64-3D70F345BB07}D:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
    "TCP Query User{DD1933A1-2165-41B3-B869-0C6BA4C8462C}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
    "TCP Query User{E0D5F9A9-6085-4401-8EEF-75E8ABBC12E2}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
    "TCP Query User{E9B43BC5-9C5D-45B5-8187-15140DB786EB}C:\program files (x86)\tango\tango.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tango\tango.exe |
    "TCP Query User{F35F54CC-2050-4292-90E6-156BB39D64F1}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
    "TCP Query User{FC120D06-644A-4B02-AF10-A8EE99F1E45D}C:\users\moon\downloads\diablo-iii-setup-engb.exe" = protocol=6 | dir=in | app=c:\users\moon\downloads\diablo-iii-setup-engb.exe |
    "UDP Query User{1DB8A076-6386-4DAF-A23E-6B1E974AC73C}C:\users\moon\downloads\diablo-iii-setup-engb.exe" = protocol=17 | dir=in | app=c:\users\moon\downloads\diablo-iii-setup-engb.exe |
    "UDP Query User{2302F824-920F-4B82-AFF1-5F9B1D7FCAFF}C:\users\moon\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\moon\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{2AB3B2E4-B62A-4B19-92B2-877F4F2E6250}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
    "UDP Query User{331CC8A7-35C6-4BE5-8FA6-3369EC80BF99}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "UDP Query User{3C62AFCC-368A-44DF-B728-F9F34BAB0548}D:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
    "UDP Query User{6BC14376-7DED-47EA-A93D-F698E7C8F59F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
    "UDP Query User{6CCF42DA-E4C1-4F69-A5DD-37FD7074591F}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
    "UDP Query User{766A7237-58C3-4A2D-AA5A-FBE043EB182F}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
    "UDP Query User{B134DC29-D18D-4B81-AA20-63B9AEA262B7}C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe |
    "UDP Query User{B1E1E3B9-442B-43F1-A5AA-9D53B2685B11}C:\program files (x86)\tango\tango.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tango\tango.exe |
    "UDP Query User{B1E5BD38-10AB-48DC-9083-EC21D8601887}D:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
    "UDP Query User{BC718CB3-C762-4262-BD8C-FA00E38FAD7A}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
    "UDP Query User{ECE87C25-0AAC-4E88-893D-1BB2C6693392}C:\program files (x86) (x86)\lexmark 3600-4600 series\lxdxmon.exe" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 3600-4600 series\lxdxmon.exe |
    "UDP Query User{F6A44560-96C1-42A0-B217-4D3C6FAB2DBC}D:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
    "UDP Query User{FC6D648A-85E5-49B1-9125-B37F999CB953}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{021B6358-4373-3FC0-A0B4-4709B7E0D3E5}" = Microsoft .NET Framework 4 Extended NLD Language Pack
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{237D687E-9E50-4A30-B810-262764CC491B}" = Garmin Communicator Plugin x64
    "{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
    "{4567EA14-6BCA-3EF9-859B-92CE48B1D704}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D34C07CA-DCF0-4A5C-A4DD-55522B17F4F2}" = WBFS Manager 4.0
    "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client NL-NL Language Pack
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F8EDC0F8-15BC-4411-8762-77105C8AAEEC}" = Microsoft Antimalware Service NL-NL Language Pack
    "CCleaner" = CCleaner
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
    "Lexmark 3600-4600 Series" = Lexmark 3600-4600 Series
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft .NET Framework 4 Extended NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Extended - NLD
    "Microsoft Security Client" = Microsoft Security Essentials
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "WinRAR archiver" = WinRAR 4.00 (64-bit)
    "x64 Components_is1" = x64 Components v3.0.1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
    "{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
    "{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
    "{12947715-B6F0-4597-816F-5E13FB647921}_is1" = Spotnet
    "{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.2031
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{25D4A0A9-0AB1-4EFA-887C-E023588325D8}" = Ambrasoft Familiepakket 10
    "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
    "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
    "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
    "{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
    "{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
    "{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
    "{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
    "{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
    "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = USB2.0 350K WebCam
    "{4BB1DCED-84D3-47F9-B718-5947E904593E}" = BisonCam
    "{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
    "{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
    "{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
    "{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    "{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{647BB978-2876-487B-9B0E-FDB73F0EA4A2}" = Garmin Communicator Plugin
    "{64EEA791-0271-4B53-00AC-2BF05F5FBEF6}" = De Sims&#8482; Eilandverhalen
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
    "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
    "{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A7ABBD4-A617-4AE8-9C6D-1510DE46EC35}" = Nero 11
    "{8B531332-0D5D-4B3B-A22C-8330DEA695A7}" = LogMeIn Hamachi
    "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2010
    "{90140000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2010
    "{90140000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2010
    "{90140000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2010
    "{90140000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2010
    "{90140000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2010
    "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
    "{90140000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2010
    "{90140000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2010
    "{90140000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2010
    "{90140000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2010
    "{90140000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2010
    "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
    "{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9AAD03E8-4F65-4DE2-8F6C-1B079C0C8521}" = Garmin Lifetime Updater
    "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
    "{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
    "{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
    "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAE521B6-2F19-447F-8CB6-6D1E3A19F3ED}" = WebCam Installer
    "{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
    "{AC76BA86-7AD7-1043-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Nederlands
    "{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
    "{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
    "{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
    "{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
    "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
    "{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
    "{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
    "{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
    "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
    "{C0A25D74-1A95-40ED-AA67-E6F21D9C8A38}" = MediaImpression 3.1 for PENTAX
    "{C169BD5F-00C1-437C-8162-88FA6BE495D5}" = OpenOffice.org 3.4.1
    "{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
    "{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
    "{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
    "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype&#8482; 6.0
    "{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
    "{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
    "{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
    "{F86C834C-6C73-4760-9C5A-73156833820C}" = Download Manager
    "{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
    "{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
    "Aangifte inkomstenbelasting 2011" = Aangifte inkomstenbelasting 2011
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Diablo III" = Diablo III
    "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
    "funmoods" = Funmoods
    "Google Chrome" = Google Chrome
    "InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.2031
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "IrfanView" = IrfanView (remove only)
    "LogMeIn Hamachi" = LogMeIn Hamachi
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
    "Mozilla Thunderbird 17.0.2 (x86 en-US)" = Mozilla Thunderbird 17.0.2 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "OpenAL" = OpenAL
    "Picasa 3" = Picasa 3
    "PIXresizer_is1" = PIXresizer
    "RocketDock_is1" = RocketDock 1.3.5
    "SABnzbd" = SABnzbd 0.6.9
    "Type Expert Junior" = Type Expert Junior
    "VLC media player" = VLC media player 1.1.11
    "Windows Live Safety Scanner" = Windows Live Safety Scanner
    "WinLiveSuite" = Windows Live Essentials
    "World of Warcraft" = World of Warcraft
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-337270257-3910524971-2982363216-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "101a9f93b8f0bb6f" = Curse Client
    "Dropbox" = Dropbox
    "eed994fdfcf558ed" = Download Manager
    "Kies Air Discovery Service" = Kies Air Discovery Service
    "MyFreeCodec" = MyFreeCodec
    "Spotify" = Spotify
    "Tango" = Tango
    "WinBubble" = WinBubble

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 24-6-2012 10:28:24 | Computer Name = Moon-PC | Source = Application Error | ID = 1000
    Description = Naam van toepassing met fout: CECPLFKT.exe, versie: 0.9.1.1030, tijdstempel:
    0x4aefec4e Naam van module met fout: ntdll.dll, versie: 6.1.7601.21861, tijdstempel:
    0x4ec49a1c Uitzonderingscode: 0xc0000005 Foutoffset: 0x0003aca3 Id van proces met
    fout: 0x6cc Starttijd van toepassing met fout: 0x01cd521599bc0927 Pad naar toepassing
    met fout: C:\Program Files (x86)\ChiconyCam\CECPLFKT.exe Pad naar module met fout:
    C:\Windows\SysWOW64\ntdll.dll Rapport-id: dad876a3-be08-11e1-86c7-0090f5baf501

    Error - 24-6-2012 10:29:27 | Computer Name = Moon-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 25-6-2012 4:43:29 | Computer Name = Moon-PC | Source = Application Error | ID = 1000
    Description = Naam van toepassing met fout: CECPLFKT.exe, versie: 0.9.1.1030, tijdstempel:
    0x4aefec4e Naam van module met fout: ntdll.dll, versie: 6.1.7601.21861, tijdstempel:
    0x4ec49a1c Uitzonderingscode: 0xc0000005 Foutoffset: 0x0003aca3 Id van proces met
    fout: 0x708 Starttijd van toepassing met fout: 0x01cd52ae931184c9 Pad naar toepassing
    met fout: C:\Program Files (x86)\ChiconyCam\CECPLFKT.exe Pad naar module met fout:
    C:\Windows\SysWOW64\ntdll.dll Rapport-id: d5cf5d9e-bea1-11e1-86d1-0090f5baf501

    Error - 25-6-2012 4:44:25 | Computer Name = Moon-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 26-6-2012 3:14:58 | Computer Name = Moon-PC | Source = Application Error | ID = 1000
    Description = Naam van toepassing met fout: CECPLFKT.exe, versie: 0.9.1.1030, tijdstempel:
    0x4aefec4e Naam van module met fout: ntdll.dll, versie: 6.1.7601.21861, tijdstempel:
    0x4ec49a1c Uitzonderingscode: 0xc0000005 Foutoffset: 0x0003aca3 Id van proces met
    fout: 0x6f0 Starttijd van toepassing met fout: 0x01cd536b6068a1f2 Pad naar toepassing
    met fout: C:\Program Files (x86)\ChiconyCam\CECPLFKT.exe Pad naar module met fout:
    C:\Windows\SysWOW64\ntdll.dll Rapport-id: a2c4d2bd-bf5e-11e1-86d6-0090f5baf501

    Error - 26-6-2012 3:15:20 | Computer Name = Moon-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Het uitpakken van een basislijst uit het CAB-bestand voor automatische
    updates is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    met de fout: Een benodigd certificaat valt niet binnen de geldigheidsduur als gekeken
    wordt naar de huidige systeemklok of de tijdstempel in het ondertekende bestand.
    .

    Error - 26-6-2012 3:15:21 | Computer Name = Moon-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Het uitpakken van een basislijst uit het CAB-bestand voor automatische
    updates is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    met de fout: Een benodigd certificaat valt niet binnen de geldigheidsduur als gekeken
    wordt naar de huidige systeemklok of de tijdstempel in het ondertekende bestand.
    .

    Error - 26-6-2012 3:15:21 | Computer Name = Moon-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Het uitpakken van een basislijst uit het CAB-bestand voor automatische
    updates is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    met de fout: Een benodigd certificaat valt niet binnen de geldigheidsduur als gekeken
    wordt naar de huidige systeemklok of de tijdstempel in het ondertekende bestand.
    .

    Error - 26-6-2012 3:15:21 | Computer Name = Moon-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Het uitpakken van een basislijst uit het CAB-bestand voor automatische
    updates is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    met de fout: Een benodigd certificaat valt niet binnen de geldigheidsduur als gekeken
    wordt naar de huidige systeemklok of de tijdstempel in het ondertekende bestand.
    .

    Error - 26-6-2012 3:15:21 | Computer Name = Moon-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Het uitpakken van een basislijst uit het CAB-bestand voor automatische
    updates is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    met de fout: Een benodigd certificaat valt niet binnen de geldigheidsduur als gekeken
    wordt naar de huidige systeemklok of de tijdstempel in het ondertekende bestand.
    .

    [ System Events ]
    Error - 20-1-2013 8:47:02 | Computer Name = Moon-PC | Source = Service Control Manager | ID = 7000
    Description = De lxdxCATSCustConnectService-service kan vanwege de volgende fout
    niet worden gestart: %%1053

    Error - 20-1-2013 11:09:13 | Computer Name = Moon-PC | Source = Service Control Manager | ID = 7000
    Description = De CECFLPKT-service kan vanwege de volgende fout niet worden gestart:
    %%2

    Error - 20-1-2013 11:09:13 | Computer Name = Moon-PC | Source = Service Control Manager | ID = 7009
    Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
    deze service: lxdxCATSCustConnectService.

    Error - 20-1-2013 11:09:13 | Computer Name = Moon-PC | Source = Service Control Manager | ID = 7000
    Description = De lxdxCATSCustConnectService-service kan vanwege de volgende fout
    niet worden gestart: %%1053

    Error - 20-1-2013 16:40:36 | Computer Name = Moon-PC | Source = Service Control Manager | ID = 7000
    Description = De CECFLPKT-service kan vanwege de volgende fout niet worden gestart:
    %%2

    Error - 20-1-2013 16:40:38 | Computer Name = Moon-PC | Source = Service Control Manager | ID = 7009
    Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
    deze service: lxdxCATSCustConnectService.

    Error - 20-1-2013 16:40:38 | Computer Name = Moon-PC | Source = Service Control Manager | ID = 7000
    Description = De lxdxCATSCustConnectService-service kan vanwege de volgende fout
    niet worden gestart: %%1053

    Error - 21-1-2013 8:04:45 | Computer Name = Moon-PC | Source = Service Control Manager | ID = 7000
    Description = De CECFLPKT-service kan vanwege de volgende fout niet worden gestart:
    %%2

    Error - 21-1-2013 8:04:45 | Computer Name = Moon-PC | Source = Service Control Manager | ID = 7009
    Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
    deze service: lxdxCATSCustConnectService.

    Error - 21-1-2013 8:04:45 | Computer Name = Moon-PC | Source = Service Control Manager | ID = 7000
    Description = De lxdxCATSCustConnectService-service kan vanwege de volgende fout
    niet worden gestart: %%1053


    < End of report >
     
  7. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Sypke,
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    Java(TM) 6 Update 26 (64-bit)
    Java(TM) 6 Update 31
    Java(TM) 6 Update 22
    McAfee Security Scan Plus
    Funmoods

    Take extra care in answering questions posed by any Uninstaller.
    Java has been a BIG problem lately. If you have no websites that absolutely require it, I would also uninstall even the latest version Java 7 Update 11.
    Most people don't need it.

    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    -------------------------------------------------------------
    AdwCleaner Removals
    • Close all open programs and internet browsers.
    • Double click to Start AdwCleaner. (Right click and choose "Run as administrator" in Vista/Win7).
    • This time, click on the Delete button.
    • Click OK to the prompts.
    • Your computer will be rebooted automatically. A log will open after the restart.
    • Post the contents of the log in your next reply.
    You can also find the log in the main directory of the C: drive as C:\AdwCleaner[S1].txt
    ----------------------------------------------
    Perform a Custom Fix with OTL
    Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
    • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code:
      :Commands
      [CREATERESTOREPOINT]
      
      :OTL
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
      O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.5.1)
      O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
      O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
      O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
      O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
      CHR - Extension: Funmoods = C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.0.1_0\
      CHR - default_search_provider: Funmoods (Enabled)
      CHR - default_search_provider: search_url = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&ir=download&cd=2XzuyEtN2Y1L1Qzuz z0C0AzyzztB0AtC0AyDtAyB0CyDyEtAtN0D0Tzu0CtAzztCtN1L2XzutBtFtBtFtCtFyEtDyB&c r=1969122703
      [2013-01-15 19:52:53 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Moon\AppData\Roaming\mozilla\Firefox\Profiles\zlayglry.default\ext ensions\[email protected]
      FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.1
      FF - prefs.js..browser.search.selectedEngine: "Funmoods"
      FF - prefs.js..browser.startup.homepage: "http://searchfunmoods.com/?f=1&a=download&ir=download&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztB0AtC0AyDtAyB0CyD yEtAtN0D0Tzu0CtAzztCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1969122703"
      IE - HKU\S-1-5-21-337270257-3910524971-2982363216-1000\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&ir=download&cd=2XzuyEtN2Y1L1Qzuz z0C0AzyzztB0AtC0AyDtAyB0CyDyEtAtN0D0Tzu0CtAzztCtN1L2XzutBtFtBtFtCtFyEtDyB&c r=1969122703
      IE - HKU\S-1-5-21-337270257-3910524971-2982363216-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=dow...&cr=1969122703
      IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&ir=download&cd=2XzuyEtN2Y1L1Qzuz z0C0AzyzztB0AtC0AyDtAyB0CyDyEtAtN0D0Tzu0CtAzztCtN1L2XzutBtFtBtFtCtFyEtDyB&c r=1969122703
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=dow...&cr=1969122703
      IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&ir=download&cd=2XzuyEtN2Y1L1Qzuz z0C0AzyzztB0AtC0AyDtAyB0CyDyEtAtN0D0Tzu0CtAzztCtN1L2XzutBtFtBtFtCtFyEtDyB&c r=1969122703
      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=dow...&cr=1969122703
      SRV - [2012-09-05 16:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
      
      :Files
      C:\Program Files (x86)\McAfee Security Scan
      ipconfig /flushdns /c
      
      :Commands
      [emptyjava]
      [emptyflash] 
      [EMPTYTEMP]
      
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, and click to allow the Reboot when it is done.
      When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    • Copy the contents of that file and post it in your next reply.
      The file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
    ----------------------------------------------
    After posting the Resulting log, Please Rescan as follows:
    Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in your next reply.

    So we are looking for the log from adwCleaner, the Fix log from OTL, and the log from the fresh Quick Scan by OTL.

    askey127
     
  8. Sypke

    Sypke Thread Starter

    Joined:
    Jan 16, 2013
    Messages:
    31
    Hello askey 127.
    I started to do so as you told me. But there we get to problem of Funmoods right away.
    I did try to uninstall Funmoods this way before contacting you but it gives the following message when you try to uninstall it tru the normal Windows way:
    "The uninstallation requires your browsers to be closed during the process. Please make sure your browsers are closed before continuing. "
    No need to tell you I did close the browser but with no luck..

    Do you want me to go ahead with the Adw and do the Fix the same? Or do you have any more hints on how to get rid of Funmoods?

    Regards,
    S
     
  9. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Yes, go ahead with the other Uninstalls, adwRemover deletions and the OTL fix.
    That message is just nonsense they provide to prevent removals.
    The fixes we will do will remove it anyway.
    We try the Uninstall first to reduce the amount of work, but it doesn't often succeed.
     
  10. Sypke

    Sypke Thread Starter

    Joined:
    Jan 16, 2013
    Messages:
    31
    ADW cleaner after Delete:
    # AdwCleaner v2.106 - Verslag gemaakt op 21/01/2013 om 22:43:48
    # Geactualiseerd op 17/01/2013 door Xplode
    # Besturingssysteem : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Gebruiker : Moon - MOON-PC
    # Opstarten Modus : Normale modus
    # Gelanceerd vanaf : C:\Users\Moon\Desktop\adwcleaner.exe
    # Optie [Verwijderen]


    ***** [Diensten] *****


    ***** [Files / Mappen] *****

    File Verwijdert : C:\Users\Moon\AppData\Local\funmoods.crx
    File Verwijdert : C:\Users\Moon\AppData\Local\funmoods-speeddial_sf.crx
    File Verwijdert : C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
    File Verwijdert : C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\zlayglry.default\searchplugins\funmoods.xml
    Map Verwijdert : C:\Program Files (x86)\Funmoods
    Map Verwijdert : C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Map Verwijdert : C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Map Verwijdert : C:\Users\Moon\AppData\Roaming\Funmoods
    Map Verwijdert : C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\zlayglry.default\extensions\[email protected]

    ***** [Register] *****

    Sleutel Verwijdert : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Sleutel Verwijdert : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Sleutel Verwijdert : HKCU\Software\InstallCore
    Sleutel Verwijdert : HKCU\Software\Softonic
    Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\f
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\funmoods.dskBnd
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Sleutel Verwijdert : HKLM\Software\InstallCore
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
    Sleutel Verwijdert : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
    Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
    Waarde Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Run []
    Waarde Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]

    ***** [Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    Vervangen : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=download&ir=download&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztB0AtC0AyDtAyB0CyDyEtAtN0D0Tzu0CtAzztCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1969122703 --> hxxp://www.google.com
    Vervangen : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=download&ir=download&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztB0AtC0AyDtAyB0CyDyEtAtN0D0Tzu0CtAzztCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1969122703 --> hxxp://www.google.com
    Vervangen : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=download&ir=download&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztB0AtC0AyDtAyB0CyDyEtAtN0D0Tzu0CtAzztCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1969122703 --> hxxp://www.google.com
    Vervangen : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=download&ir=download&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztB0AtC0AyDtAyB0CyDyEtAtN0D0Tzu0CtAzztCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1969122703 --> hxxp://www.google.com

    -\\ Mozilla Firefox v16.0.1 (en-US)

    File : C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\zlayglry.default\prefs.js

    C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\zlayglry.default\user.js ... Verwijdert !

    Verwijdert : user_pref("browser.search.selectedEngine", "Funmoods");
    Verwijdert : user_pref("browser.startup.homepage", "hxxp://searchfunmoods.com/?f=1&a=download&ir=download&cd=2Xzu[...]
    Verwijdert : user_pref("extensions.enabledAddons", "{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.2,[email protected][...]
    Verwijdert : user_pref("extensions.funmoods.aflt", "download");
    Verwijdert : user_pref("extensions.funmoods.autoRvrt", false);
    Verwijdert : user_pref("extensions.funmoods.cntry", "NL");
    Verwijdert : user_pref("extensions.funmoods.cv", "cv5");
    Verwijdert : user_pref("extensions.funmoods.dfltLng", "");
    Verwijdert : user_pref("extensions.funmoods.dfltSrch", true);
    Verwijdert : user_pref("extensions.funmoods.dnsErr", true);
    Verwijdert : user_pref("extensions.funmoods.envrmnt", "production");
    Verwijdert : user_pref("extensions.funmoods.excTlbr", false);
    Verwijdert : user_pref("extensions.funmoods.hdrMd5", "A97D64EF06B0F39C3CF4B2BB34536963");
    Verwijdert : user_pref("extensions.funmoods.hmpg", true);
    Verwijdert : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=download&ir=download&cd=2[...]
    Verwijdert : user_pref("extensions.funmoods.id", "8CA982A1A537C543");
    Verwijdert : user_pref("extensions.funmoods.instlDay", "15720");
    Verwijdert : user_pref("extensions.funmoods.instlRef", "download");
    Verwijdert : user_pref("extensions.funmoods.isdcmntcmplt", true);
    Verwijdert : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2219:44:38");
    Verwijdert : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
    Verwijdert : user_pref("extensions.funmoods.newTab", true);
    Verwijdert : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=download&ir=download&cd[...]
    Verwijdert : user_pref("extensions.funmoods.prdct", "funmoods");
    Verwijdert : user_pref("extensions.funmoods.prtnrId", "funmoods");
    Verwijdert : user_pref("extensions.funmoods.sg", "none");
    Verwijdert : user_pref("extensions.funmoods.smplGrp", "none");
    Verwijdert : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
    Verwijdert : user_pref("extensions.funmoods.tlbrId", "base");
    Verwijdert : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=download&ir=download&[...]
    Verwijdert : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
    Verwijdert : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2219:44:38");
    Verwijdert : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
    Verwijdert : user_pref("extensions.funmoods_i.newTab", true);
    Verwijdert : user_pref("extensions.funmoods_i.smplGrp", "none");
    Verwijdert : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2219:44:38");

    -\\ Google Chrome v24.0.1312.52

    File : C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Verwijdert [l.17] : urls_to_restore_on_startup = [ "hxxp://www.google.com", "hxxp://searchfunmoods.com/?f=1&a=[...]
    Verwijdert [l.60] : icon_url = "hxxp://searchfunmoods.com/favicon.ico",
    Verwijdert [l.63] : keyword = "funmoods.com",
    Verwijdert [l.66] : search_url = "hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&ir=downloa[...]
    Verwijdert [l.2580] : urls_to_restore_on_startup = [ "hxxp://www.google.com", "hxxp://searchfunmoods.com/?f=1&a=dow[...]

    File : C:\Users\ET\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] De file bevat geen enkele ongeoorloofde invoer.

    *************************

    AdwCleaner[R1].txt - [14260 octets] - [21/01/2013 13:26:10]
    AdwCleaner[S1].txt - [14251 octets] - [21/01/2013 22:43:48]

    ########## EOF - C:\AdwCleaner[S1].txt - [14312 octets] ##########
     
  11. Sypke

    Sypke Thread Starter

    Joined:
    Jan 16, 2013
    Messages:
    31
    OTL removed:
    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\ not found.
    File C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ not found.
    File C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll not found.
    File C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.0.1_0 not found.
    Use Chrome's Settings page to remove the default_search_provider items.
    Use Chrome's Settings page to remove the default_search_provider items.
    Folder C:\Users\Moon\AppData\Roaming\mozilla\Firefox\Profiles\zlayglry.default\ext ensions\[email protected]\ not found.
    Prefs.js: [email protected]:1.5.1 removed from extensions.enabledAddons
    Prefs.js: "Funmoods" removed from browser.search.selectedEngine
    Prefs.js: "http://searchfunmoods.com/?f=1&a=download&ir=download&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztB0AtC0AyDtAyB0CyD yEtAtN0D0Tzu0CtAzztCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1969122703" removed from browser.startup.homepage
    Registry key HKEY_USERS\S-1-5-21-337270257-3910524971-2982363216-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found.
    HKU\S-1-5-21-337270257-3910524971-2982363216-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    Error: No service named McComponentHostService was found to stop!
    Service\Driver key McComponentHostService not found.
    File C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe not found.
    ========== FILES ==========
    File\Folder C:\Program Files (x86)\McAfee Security Scan not found.
    < ipconfig /flushdns /c >
    Windows IP-configuratie
    De DNS-omzettingscache is leeggemaakt.
    C:\Users\Moon\Desktop\cmd.bat deleted successfully.
    C:\Users\Moon\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: ET
    ->Java cache emptied: 0 bytes

    User: Moon
    ->Java cache emptied: 718670 bytes

    User: Public

    Total Java Files Cleaned = 1,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 56468 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: ET
    ->Flash cache emptied: 57115 bytes

    User: Moon
    ->Flash cache emptied: 328857 bytes

    User: Public

    Total Flash Files Cleaned = 0,00 mb


    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: ET
    ->Temp folder emptied: 685667 bytes
    ->Temporary Internet Files folder emptied: 4060411 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 69328079 bytes
    ->Flash cache emptied: 0 bytes

    User: Moon
    ->Temp folder emptied: 984833233 bytes
    ->Temporary Internet Files folder emptied: 132433411 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 78605354 bytes
    ->Google Chrome cache emptied: 513520362 bytes
    ->Apple Safari cache emptied: 35516416 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 20595228 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50428 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
    RecycleBin emptied: 421928 bytes

    Total Files Cleaned = 1.755,00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 01212013_225124

    Files\Folders moved on Reboot...
    C:\Users\Moon\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Moon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WDC2ZJCK\addons-v4[1].htm moved successfully.
    C:\Users\Moon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RUHYB7PP\989002608CAOM4UI5.htm moved successfully.
    C:\Users\Moon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PTFC5SNG\adoapn_AppNexusDemoActionTag_1[5].htm moved successfully.
    C:\Users\Moon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MSHDF65I\tagCA520H61.htm moved successfully.
    C:\Users\Moon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K23I1NOH\PugTrackerCALNMS46.htm moved successfully.
    C:\Users\Moon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52QZ7D6R\dpsync[1].htm moved successfully.
    C:\Users\Moon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52QZ7D6R\dpsync[2].htm moved successfully.
    C:\Users\Moon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52QZ7D6R\dpsync[3].htm moved successfully.
    C:\Users\Moon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XIMH430\addons-tracker-v4[1].htm moved successfully.
    C:\Users\Moon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XIMH430\emily[2].htm moved successfully.
    C:\Users\Moon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ZNX3NEO\300x250iframeintlv2[1].htm moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  12. Sypke

    Sypke Thread Starter

    Joined:
    Jan 16, 2013
    Messages:
    31
    oh after that last one, when I rebooted the laptop it gave me the following message:

    c:\users\Moon\AppData\Local\Temp\zlrkqt (? im not sure if there was more, it closed itself) was not found
     
  13. Sypke

    Sypke Thread Starter

    Joined:
    Jan 16, 2013
    Messages:
    31
    Then last scan..
    OTL logfile created on: 21-1-2013 23:10:40 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Moon\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    5,68 Gb Total Physical Memory | 3,89 Gb Available Physical Memory | 68,44% Memory free
    11,35 Gb Paging File | 9,44 Gb Available in Paging File | 83,19% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 292,87 Gb Total Space | 127,29 Gb Free Space | 43,46% Space Free | Partition Type: NTFS
    Drive D: | 172,79 Gb Total Space | 52,22 Gb Free Space | 30,22% Space Free | Partition Type: NTFS

    Computer Name: MOON-PC | User Name: Moon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013-01-21 13:24:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Moon\Desktop\OTL.exe
    PRC - [2012-12-22 04:01:00 | 028,538,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Moon\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012-12-18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012-12-14 11:08:52 | 002,255,360 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    PRC - [2012-11-12 14:49:26 | 000,843,208 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    PRC - [2012-10-27 10:19:58 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Moon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2012-10-11 01:33:54 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    PRC - [2012-10-11 01:33:52 | 000,966,072 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
    PRC - [2012-10-09 01:17:54 | 000,580,096 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
    PRC - [2012-06-04 09:31:40 | 001,466,760 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
    PRC - [2011-09-23 17:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
    PRC - [2010-07-21 12:41:08 | 002,553,856 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe
    PRC - [2010-03-03 10:49:04 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
    PRC - [2010-02-04 01:28:02 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmsdmon.exe
    PRC - [2010-02-04 01:27:55 | 000,672,424 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
    PRC - [2010-02-04 00:28:07 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86) (x86)\Lexmark 3600-4600 Series\ezprint.exe
    PRC - [2009-06-09 15:03:16 | 000,077,824 | ---- | M] (mychat) -- C:\Program Files (x86)\BisonCam\BisonHK.exe
    PRC - [2007-09-02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013-01-16 22:05:18 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\ab66575fd910b8a98f1799657ca10655\System.Management.ni.dll
    MOD - [2013-01-16 21:25:30 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0e3090b00276c880c156ffd4dba182d8\System.ServiceProcess.ni.dll
    MOD - [2013-01-16 21:24:48 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\eac643efc98dc9a6a4a99aeaa9b29476\System.Windows.Forms.ni.dll
    MOD - [2013-01-16 21:24:41 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4c90787455fc1267eb0ed34fae251d63\System.Drawing.ni.dll
    MOD - [2013-01-16 21:24:39 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\057af5320f0635b638f47ae068a61609\Accessibility.ni.dll
    MOD - [2013-01-16 21:24:22 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\882c3ae8efab45a84545384448d1d8f8\System.Xml.ni.dll
    MOD - [2013-01-16 21:24:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b770dfc28e339820216570f2d70a48c4\System.Configuration.ni.dll
    MOD - [2013-01-16 21:24:18 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\8f587533a8a6189a500496145cc05d07\System.ni.dll
    MOD - [2013-01-16 21:24:13 | 011,495,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9315e3217e6b1345b4ac9008193dc354\mscorlib.ni.dll
    MOD - [2013-01-16 20:22:49 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7f6c86879d27a285cc97c12d59424dd0\System.ServiceProcess.ni.dll
    MOD - [2013-01-16 20:22:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll
    MOD - [2013-01-16 20:22:33 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\2b8c61f577f1ffdd781e18d96d97ee3a\System.Xml.Linq.ni.dll
    MOD - [2013-01-16 20:22:14 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
    MOD - [2013-01-16 20:10:49 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll
    MOD - [2013-01-16 20:10:49 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\af7e2da8fcdb0d788cea0638e157c54b\System.Windows.Forms.ni.dll
    MOD - [2013-01-16 20:10:41 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll
    MOD - [2013-01-16 20:10:40 | 000,745,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\29e65d865f3d8f3710b44d4f7a09fbfc\System.Security.ni.dll
    MOD - [2013-01-16 20:10:37 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll
    MOD - [2013-01-16 20:10:35 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\60674dde4b56087c189f576f36f6720f\PresentationFramework.Aero.ni.dll
    MOD - [2013-01-16 20:10:34 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll
    MOD - [2013-01-16 20:10:34 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
    MOD - [2013-01-16 20:10:29 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll
    MOD - [2013-01-16 20:10:24 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll
    MOD - [2013-01-16 20:10:22 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
    MOD - [2013-01-16 20:10:16 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
    MOD - [2011-09-27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011-09-27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011-08-07 09:52:07 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
    MOD - [2010-07-21 12:41:08 | 002,553,856 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe
    MOD - [2010-02-04 01:28:02 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmsdmon.exe
    MOD - [2010-02-04 01:27:55 | 000,672,424 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
    MOD - [2010-02-04 00:05:09 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxcaps.dll
    MOD - [2010-02-04 00:04:53 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxscw.dll
    MOD - [2010-02-04 00:04:52 | 000,782,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxdrs.dll
    MOD - [2010-02-04 00:02:13 | 000,364,544 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 3600-4600 Series\iptk.dll
    MOD - [2010-02-03 23:52:37 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxdatr.dll
    MOD - [2010-02-03 23:52:33 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxcnv4.dll
    MOD - [2010-02-03 23:52:28 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxcats.dll
    MOD - [2010-02-02 03:30:16 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\app4r.monitor.core.dll
    MOD - [2010-02-02 03:30:16 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\app4r.monitor.common.dll
    MOD - [2010-02-02 03:29:04 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\app4r.devmons.mcmdevmon.dll
    MOD - [2010-01-30 01:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2009-06-06 13:50:32 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Audiodll.dll
    MOD - [2009-02-18 20:57:54 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\BisonCam\KBHookDLL.dll
    MOD - [2007-11-22 03:55:48 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
    MOD - [2007-09-06 04:11:34 | 000,151,552 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 3600-4600 Series\lxdxptp.dll
    MOD - [2007-09-02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
    MOD - [2007-09-02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
    MOD - [2006-12-11 01:10:26 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Hotkey\AudioControlDLL.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012-09-12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012-09-12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011-08-07 10:15:20 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2010-02-03 23:44:10 | 001,039,872 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdxcoms.exe -- (lxdx_device)
    SRV:64bit: - [2010-02-03 23:28:35 | 000,029,184 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)
    SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013-01-08 23:59:16 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013-01-08 21:38:52 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012-12-18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012-12-14 11:08:50 | 002,466,304 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2012-11-09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2011-09-23 17:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010-03-03 10:49:04 | 000,032,256 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe -- (PowerBiosServer)
    SRV - [2010-02-03 23:43:56 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdxcoms.exe -- (lxdx_device)
    SRV - [2010-02-03 23:28:35 | 000,029,184 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)
    SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012-09-20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
    DRV:64bit: - [2012-09-20 05:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
    DRV:64bit: - [2012-08-30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012-08-21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012-07-09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012-06-27 09:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
    DRV:64bit: - [2012-06-27 09:37:56 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
    DRV:64bit: - [2012-06-27 09:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
    DRV:64bit: - [2012-06-27 09:37:56 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
    DRV:64bit: - [2012-06-27 09:37:56 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
    DRV:64bit: - [2012-06-27 09:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
    DRV:64bit: - [2012-06-27 09:37:56 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV:64bit: - [2012-06-27 09:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
    DRV:64bit: - [2012-03-12 22:06:46 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
    DRV:64bit: - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012-01-10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011-08-07 10:42:57 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011-08-07 10:42:57 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011-08-07 09:55:12 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
    DRV:64bit: - [2011-08-07 08:52:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010-11-21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010-11-21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010-11-21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
    DRV:64bit: - [2010-11-21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010-11-21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2010-11-21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010-11-21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010-11-09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
    DRV:64bit: - [2010-10-15 00:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010-07-27 04:35:33 | 000,168,536 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
    DRV:64bit: - [2010-07-21 10:07:42 | 000,125,920 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)
    DRV:64bit: - [2010-02-26 15:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009-09-17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009-09-08 09:54:44 | 001,178,352 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BisonC07.sys -- (Cam5607)
    DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009-03-18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV - [2009-12-18 10:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
    DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.nl
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = www,google.nl
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 F8 83 EF DE 24 CA 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{7113DC5C-E4AD-44E7-92C1-29E755753943}: "URL" = http://www.google.nl/search?hl=nl&q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\Program Files (x86)\Common Files\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Moon\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Moon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Moon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Moon\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Moon\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-12-02 11:10:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-01-11 09:38:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013-01-08 21:38:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

    [2011-09-13 15:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moon\AppData\Roaming\mozilla\Extensions
    [2013-01-21 22:43:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moon\AppData\Roaming\mozilla\Firefox\Profiles\zlayglry.default\extensions
    [2012-10-12 15:03:47 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Moon\AppData\Roaming\mozilla\Firefox\Profiles\zlayglry.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    [2012-12-22 18:12:14 | 000,222,578 | ---- | M] () (No name found) -- C:\Users\Moon\AppData\Roaming\mozilla\firefox\profiles\zlayglry.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi
    [2011-09-19 15:01:17 | 000,879,991 | ---- | M] () (No name found) -- C:\Users\Moon\AppData\Roaming\mozilla\firefox\profiles\zlayglry.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}.xpi
    [2013-01-16 00:41:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    File not found (No name found) -- C:\USERS\MOON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZLAYGLRY.DEFAULT\EXTENSIONS\[email protected]
    [2012-12-02 11:10:19 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012-10-03 11:08:00 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012-12-02 11:09:53 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Moon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Moon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\Program Files (x86)\Common Files\Nero\BROWSE~1\NPBROW~1.DLL
    CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\Program Files (x86)\MICROS~2\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\Program Files (x86)\MICROS~2\Office14\NPSPWRAP.DLL
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Moon\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

    O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [BisonHK] C:\Program Files (x86)\BisonCam\BisonHK.exe (mychat)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [lxdxamon] C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe ()
    O4:64bit: - HKLM..\Run: [lxdxmon.exe] C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe ()
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Rocketdock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Driver Genius] File not found
    O4 - HKLM..\Run: [EzPrint] C:\Program Files (x86) (x86)\Lexmark 3600-4600 Series\ezprint.exe (Lexmark International Inc.)
    O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files (x86) (x86)\Lexmark 3600-4600 Series\lxdxmon.exe ()
    O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
    O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
    O4 - HKCU..\Run: [Facebook Update] C:\Users\Moon\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
    O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
    O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
    O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
    O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Moon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    O4 - Startup: C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
    O4 - Startup: C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Moon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F8A16C2-1475-4BA1-9E77-855D12A1AD87}: DhcpNameServer = 192.168.2.254
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013-01-21 22:51:24 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013-01-21 13:24:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Moon\Desktop\OTL.exe
    [2013-01-17 09:15:48 | 000,176,128 | ---- | C] (Bison Inc.) -- C:\Windows\SysWow64\BisonRem.dll
    [2013-01-17 09:15:47 | 000,806,320 | ---- | C] (Bison Electronics. Inc. ) -- C:\Windows\SysWow64\drivers\BisonCam.sys
    [2013-01-17 09:15:26 | 000,000,000 | ---D | C] -- C:\Users\Moon\AppData\Roaming\InstallShield
    [2013-01-16 00:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
    [2013-01-15 19:45:14 | 000,000,000 | ---D | C] -- C:\hp
    [2013-01-12 18:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
    [2013-01-12 17:40:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin GPS Plugin
    [2013-01-12 17:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
    [2013-01-12 17:40:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin
    [2013-01-12 17:40:21 | 000,000,000 | ---D | C] -- C:\Users\Moon\AppData\Roaming\Garmin
    [2013-01-12 14:01:09 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
    [2013-01-12 13:53:21 | 000,000,000 | ---D | C] -- C:\Users\Moon\AppData\Local\LogMeIn Hamachi
    [2013-01-12 13:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
    [2013-01-12 13:52:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
    [2013-01-08 21:38:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
    [2013-01-04 22:49:49 | 000,000,000 | ---D | C] -- C:\Users\Moon\AppData\Roaming\logs
    [2013-01-04 22:49:49 | 000,000,000 | ---D | C] -- C:\Users\Moon\AppData\Roaming\.techniclauncher
    [2013-01-04 22:49:40 | 000,059,392 | ---- | C] (Technic) -- C:\Users\Moon\Desktop\TechnicLauncher.exe
    [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013-01-21 23:04:59 | 000,024,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013-01-21 23:04:59 | 000,024,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013-01-21 22:59:10 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013-01-21 22:57:18 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
    [2013-01-21 22:57:14 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013-01-21 22:57:07 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe
    [2013-01-21 22:56:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013-01-21 22:56:40 | 276,140,031 | -HS- | M] () -- C:\hiberfil.sys
    [2013-01-21 22:33:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013-01-21 22:28:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-337270257-3910524971-2982363216-1000UA.job
    [2013-01-21 22:13:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-337270257-3910524971-2982363216-1000UA.job
    [2013-01-21 16:28:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-337270257-3910524971-2982363216-1000Core.job
    [2013-01-21 16:20:52 | 000,703,007 | ---- | M] () -- C:\Users\Moon\AppData\Roaming\technic-launcher.jar
    [2013-01-21 16:13:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-337270257-3910524971-2982363216-1000Core.job
    [2013-01-21 13:24:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Moon\Desktop\OTL.exe
    [2013-01-21 13:21:51 | 000,574,677 | ---- | M] () -- C:\Users\Moon\Desktop\adwcleaner.exe
    [2013-01-18 09:41:57 | 001,671,354 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013-01-18 09:41:57 | 000,746,336 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
    [2013-01-18 09:41:57 | 000,655,090 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013-01-18 09:41:57 | 000,153,510 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
    [2013-01-18 09:41:57 | 000,121,962 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013-01-16 21:18:46 | 000,438,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013-01-16 20:12:04 | 001,649,514 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013-01-13 01:55:07 | 000,029,303 | ---- | M] () -- C:\Users\Moon\Documents\Mogushan Vaults.odt
    [2013-01-12 18:45:13 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Lifetime Updater.lnk
    [2013-01-12 17:45:03 | 000,019,761 | ---- | M] () -- C:\Users\Moon\Documents\janine.odt
    [2013-01-11 20:31:46 | 000,002,293 | ---- | M] () -- C:\Users\Moon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013-01-09 20:52:13 | 000,002,124 | ---- | M] () -- C:\Users\Moon\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
    [2013-01-07 15:24:08 | 000,582,227 | ---- | M] () -- C:\Users\Moon\AppData\Roaming\technic-launcher.jar.bak
    [2013-01-04 22:49:42 | 000,059,392 | ---- | M] (Technic) -- C:\Users\Moon\Desktop\TechnicLauncher.exe
    [2012-12-27 16:20:40 | 000,001,051 | ---- | M] () -- C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2012-12-27 16:19:58 | 000,001,017 | ---- | M] () -- C:\Users\Moon\Desktop\Dropbox.lnk
    [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013-01-21 13:21:45 | 000,574,677 | ---- | C] () -- C:\Users\Moon\Desktop\adwcleaner.exe
    [2013-01-17 09:15:51 | 000,180,224 | ---- | C] () -- C:\Windows\System\StillDrv.dll
    [2013-01-17 09:15:51 | 000,126,976 | ---- | C] () -- C:\Windows\System\BisonCam.dll
    [2013-01-17 09:15:51 | 000,090,112 | ---- | C] () -- C:\Windows\System\BisonVfw.dll
    [2013-01-17 09:15:51 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
    [2013-01-17 09:15:51 | 000,013,448 | ---- | C] () -- C:\Windows\M2000Twn.src
    [2013-01-17 09:15:51 | 000,002,264 | ---- | C] () -- C:\Windows\System\S20H0220.csr
    [2013-01-17 09:15:51 | 000,002,264 | ---- | C] () -- C:\Windows\System\S20F0220.csr
    [2013-01-16 20:01:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2013-01-16 19:50:50 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2013-01-12 20:59:19 | 000,029,303 | ---- | C] () -- C:\Users\Moon\Documents\Mogushan Vaults.odt
    [2013-01-12 18:45:13 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Garmin Lifetime Updater.lnk
    [2013-01-11 16:08:22 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-337270257-3910524971-2982363216-1000UA.job
    [2013-01-11 16:08:22 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-337270257-3910524971-2982363216-1000Core.job
    [2013-01-04 22:49:49 | 000,703,007 | ---- | C] () -- C:\Users\Moon\AppData\Roaming\technic-launcher.jar
    [2013-01-04 22:49:49 | 000,582,227 | ---- | C] () -- C:\Users\Moon\AppData\Roaming\technic-launcher.jar.bak
    [2012-11-27 21:51:07 | 000,003,584 | ---- | C] () -- C:\Users\Moon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012-08-10 19:51:42 | 000,001,176 | ---- | C] () -- C:\Users\Moon\OpenOffice.org 3.4.lnk
    [2012-07-08 11:17:37 | 000,001,803 | ---- | C] () -- C:\Users\Moon\Spotify.lnk
    [2012-07-05 09:17:56 | 000,001,184 | ---- | C] () -- C:\Users\Moon\Paint.NET.lnk
    [2012-06-04 13:02:13 | 000,002,288 | ---- | C] () -- C:\Users\Moon\MediaImpression 3.1 for PENTAX.lnk
    [2012-05-29 14:31:25 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe
    [2012-05-29 14:14:47 | 000,001,221 | ---- | C] () -- C:\Users\Moon\Driver Genius Professional Edition.lnk
    [2012-05-24 10:51:56 | 000,002,001 | ---- | C] () -- C:\Users\Moon\Kies Air Discovery Service.lnk
    [2012-05-12 16:31:32 | 000,001,825 | ---- | C] () -- C:\Users\Moon\Tango.lnk
    [2012-04-05 12:39:44 | 000,001,012 | ---- | C] () -- C:\Users\Moon\IrfanView.lnk
    [2012-03-28 20:35:07 | 000,001,077 | ---- | C] () -- C:\Users\Moon\rustano.png
    [2012-02-29 21:18:28 | 000,002,033 | ---- | C] () -- C:\Users\Moon\Adobe Reader X .lnk
    [2012-01-20 15:59:25 | 000,001,085 | ---- | C] () -- C:\Users\Moon\PIXresizer.lnk
    [2012-01-10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2011-12-03 17:36:38 | 000,001,080 | ---- | C] () -- C:\Users\Moon\VLC media player.lnk
    [2011-12-02 15:55:40 | 000,151,272 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2011-12-02 13:46:07 | 000,001,967 | ---- | C] () -- C:\Users\Moon\Samsung Kies.lnk
    [2011-11-29 16:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2011-11-29 16:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
    [2011-11-29 16:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
    [2011-11-29 16:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
    [2011-11-29 16:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
    [2011-11-16 16:03:54 | 000,001,114 | ---- | C] () -- C:\Users\Moon\Lexmark Productivity Studio - 3600-4600 Series.LNK
    [2011-11-16 16:03:40 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxinpa.dll
    [2011-11-16 16:03:40 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDXinst.dll
    [2011-11-16 16:03:40 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdxcomx.dll
    [2011-11-16 16:03:39 | 001,105,920 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxserv.dll
    [2011-11-16 16:03:39 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxusb1.dll
    [2011-11-16 16:03:39 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxpmui.dll
    [2011-11-16 16:03:39 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxiesc.dll
    [2011-11-16 16:03:39 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\lxdxinsr.dll
    [2011-11-16 16:03:39 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxdxcur.dll
    [2011-11-16 16:03:38 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxhbn3.dll
    [2011-11-16 16:03:38 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcoms.exe
    [2011-11-16 16:03:38 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxlmpm.dll
    [2011-11-16 16:03:38 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxih.exe
    [2011-11-16 16:03:38 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxprox.dll
    [2011-11-16 16:03:37 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomc.dll
    [2011-11-16 16:03:37 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomm.dll
    [2011-11-16 16:03:37 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcfg.exe
    [2011-10-11 20:58:01 | 000,001,797 | ---- | C] () -- C:\Users\Moon\iTunes.lnk
    [2011-10-11 08:52:49 | 000,000,690 | ---- | C] () -- C:\Users\Moon\D-Downloads.lnk
    [2011-09-29 19:04:49 | 000,000,536 | ---- | C] () -- C:\Users\Moon\SABnzbd.lnk
    [2011-09-27 17:46:33 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdxdrs.dll
    [2011-09-27 17:46:33 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdxcaps.dll
    [2011-09-21 09:11:06 | 000,001,859 | ---- | C] () -- C:\Users\Moon\QuickTime Player.lnk
    [2011-09-19 14:40:38 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdxcnv4.dll
    [2011-09-13 21:37:53 | 000,000,921 | ---- | C] () -- C:\Users\Moon\Ventrilo.lnk
    [2011-09-13 21:37:50 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2011-09-13 13:01:56 | 000,000,226 | ---- | C] () -- C:\Windows\OEM.ini
    [2011-09-13 13:01:55 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
    [2011-08-31 11:51:16 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2011-08-31 11:51:16 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2011-08-31 11:51:16 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2011-08-11 13:08:57 | 001,649,514 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011-08-07 10:28:00 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2011-07-30 10:57:46 | 003,999,744 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
    [2011-07-12 18:56:50 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2011-07-03 21:48:42 | 000,147,456 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
    [2011-06-17 08:26:10 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2011-06-17 08:17:28 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

    ========== ZeroAccess Check ==========

    [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013-01-21 17:34:52 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\.minecraft
    [2013-01-21 16:21:01 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\.techniclauncher
    [2012-03-30 09:55:44 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\Belastingdienst
    [2011-10-13 19:00:22 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\DAEMON Tools Lite
    [2013-01-21 22:59:05 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\Dropbox
    [2011-12-25 10:24:02 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\flightgear.org
    [2011-12-25 10:25:36 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\fltk.org
    [2013-01-12 18:44:35 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\Garmin
    [2012-04-05 12:39:44 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\IrfanView
    [2012-08-21 13:06:26 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\Lexmark Productivity Studio
    [2013-01-21 16:20:49 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\logs
    [2011-10-24 13:46:52 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\OpenOffice.org
    [2012-08-31 09:13:58 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\Samsung
    [2013-01-07 12:10:40 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\Spotify
    [2012-07-04 21:46:31 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\Temp
    [2011-09-13 15:14:42 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\Thunderbird
    [2012-06-27 00:03:20 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\TS3Client
    [2012-01-28 20:22:15 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\ts3overlay

    ========== Purity Check ==========



    < End of report >
     
  14. Sypke

    Sypke Thread Starter

    Joined:
    Jan 16, 2013
    Messages:
    31
    While we are into disinstalling things..

    WHile checking for FunMoods in the configurationPanel,( it's not showing there anymore), I found also a Yahoo! Messenger installed which I can't disinstall cause it says it cant find the INSTALL.LOG
    It's not bothering in any way, but if we are into cleaning up :D maybe you can help there too?
     
  15. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Sypke,
    Looks much better.
    Just a few more:
    ----------------------------------------------
    Perform a Custom Fix with OTL
    Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
    • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code:
      :Commands
      [CREATERESTOREPOINT]
      
      :OTL
      [2012-12-22 18:12:14 | 000,222,578 | ---- | M] () (No name found) -- C:\Users\Moon\AppData\Roaming\mozilla\firefox\profiles\zlayglry.default\ext ensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi
      [2011-09-19 15:01:17 | 000,879,991 | ---- | M] () (No name found) -- C:\Users\Moon\AppData\Roaming\mozilla\firefox\profiles\zlayglry.default\ext ensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}.xpi
      [2013-01-16 00:41:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions File not found (No name found) -- C:\USERS\MOON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZLAYGLRY.DEFAULT\EXT ENSIONS\[email protected]
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
      
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [EMPTYTEMP]
      
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, and click to allow the Reboot when it is done.
      When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    • Copy the contents of that file and post it in your next reply.
      The file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log

    Tell me how it's running.
    askey127
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - FunMoods once more
  1. migolfergirl
    Replies:
    31
    Views:
    1,798
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1085524

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice