OTL logfile created on: 26.04.2012 20:09:03 - Run 1
OTL by OldTimer - Version 3.2.42.1     Folder = F:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy
 
1,86 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 46,06% Memory free
3,72 Gb Paging File | 2,64 Gb Available in Paging File | 70,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 16,35 Gb Free Space | 14,04% Space Free | Partition Type: NTFS
Drive D: | 116,05 Gb Total Space | 109,45 Gb Free Space | 94,31% Space Free | Partition Type: NTFS
Drive F: | 1,85 Gb Total Space | 0,01 Gb Free Space | 0,35% Space Free | Partition Type: FAT
 
Computer Name: BUKKENBRUSEBHG | User Name: Bukkenbruse | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012.04.26 20:06:32 | 000,595,968 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2012.02.01 14:18:04 | 000,871,264 | ---- | M] (Norman ASA) -- C:\Programfiler\Norman\Nvc\Bin\nhs.exe
PRC - [2011.11.14 11:27:02 | 000,231,216 | ---- | M] (Norman ASA) -- C:\Programfiler\Norman\Ngs\Bin\nnf.exe
PRC - [2011.10.24 11:59:21 | 000,076,232 | ---- | M] (Norman ASA) -- C:\Programfiler\Norman\Npm\Bin\elogsvc.exe
PRC - [2011.10.19 13:07:18 | 000,100,936 | ---- | M] (Norman ASA) -- C:\Programfiler\Norman\Npm\Bin\nvoy.exe
PRC - [2010.06.03 18:09:00 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010.03.03 16:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.03 16:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.01.15 15:08:38 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.03.10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2009.07.28 16:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2012.02.20 12:07:19 | 000,276,984 | ---- | M] (Norman ASA) [On_Demand | Stopped] -- C:\Programfiler\Norman\Nvc\Bin\nvcoas.exe -- (nvcoas)
SRV - [2012.02.13 17:01:55 | 000,431,320 | ---- | M] (Norman ASA) [Auto | Stopped] -- C:\Programfiler\Norman\Npm\Bin\zanda.exe -- (Norman ZANDA)
SRV - [2012.02.03 11:13:36 | 000,116,056 | ---- | M] () [On_Demand | Stopped] -- C:\Programfiler\Norman\Npm\Bin\njeeves.exe -- (Norman NJeeves)
SRV - [2012.02.01 14:18:04 | 000,871,264 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Programfiler\Norman\Nvc\Bin\nhs.exe -- (NHS)
SRV - [2011.12.28 15:29:50 | 000,355,368 | ---- | M] (Norman ASA) [Auto | Stopped] -- C:\Programfiler\Norman\Npf\Bin\npfsvc32.exe -- (NPFSvc32)
SRV - [2011.11.14 11:27:02 | 000,231,216 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Programfiler\Norman\Ngs\Bin\nnf.exe -- (NNFSVC)
SRV - [2011.10.24 11:59:21 | 000,076,232 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Programfiler\Norman\Npm\Bin\elogsvc.exe -- (eLoggerSvc6)
SRV - [2011.10.19 13:07:18 | 000,100,936 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Programfiler\Norman\Npm\Bin\nvoy.exe -- (NVOY)
SRV - [2011.04.11 11:38:36 | 000,148,240 | ---- | M] (Norman ASA) [On_Demand | Stopped] -- C:\Programfiler\Norman\Npm\Bin\scheduler.exe -- (Scheduler)
SRV - [2011.03.08 16:36:22 | 000,423,752 | ---- | M] (Norman ASA) [On_Demand | Stopped] -- C:\Programfiler\Norman\Nse\Bin\nsesvc.exe -- (nsesvc)
SRV - [2010.12.10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programfiler\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programfiler\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.05.25 22:08:30 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programfiler\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2010.05.11 10:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.03 16:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.03.03 16:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.02.05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Programfiler\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010.01.28 18:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2010.01.15 15:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programfiler\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.10.06 11:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012.02.15 12:15:43 | 000,056,888 | ---- | M] (Norman ASA) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvcv64mf.sys -- (NvcMFlt)
DRV:[b]64bit:[/b] - [2011.12.02 11:32:54 | 000,108,864 | ---- | M] (Norman ASA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ale_nf64.sys -- (ALE_NF)
DRV:[b]64bit:[/b] - [2011.05.10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:[b]64bit:[/b] - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2011.03.11 09:33:31 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:[b]64bit:[/b] - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010.07.29 07:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2010.06.23 17:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2010.04.28 13:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:[b]64bit:[/b] - [2010.03.22 12:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:[b]64bit:[/b] - [2010.03.10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2010.02.27 09:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:[b]64bit:[/b] - [2010.01.15 14:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2010.01.07 11:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:[b]64bit:[/b] - [2009.09.17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:[b]64bit:[/b] - [2009.07.30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:[b]64bit:[/b] - [2009.07.14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:[b]64bit:[/b] - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009.06.22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011.11.11 16:55:43 | 000,063,032 | ---- | M] (Norman ASA) [Kernel | Auto | Running] -- C:\Programfiler\Norman\Ngs\Bin\nregsec64.sys -- (nregsec)
DRV - [2011.07.12 13:37:08 | 000,022,368 | ---- | M] (Norman ASA) [Kernel | System | Running] -- c:\Programfiler\Norman\Ngs\Bin\ngs64.sys -- (NGS)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {F05DB90A-4AF5-4C66-A627-D4C3B4C1EA33}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{F05DB90A-4AF5-4C66-A627-D4C3B4C1EA33}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {F7723ABB-4FFD-45F5-BB10-3AA9D16A8E1C}
IE - HKLM\..\SearchScopes\{F7723ABB-4FFD-45F5-BB10-3AA9D16A8E1C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3235787128-354290465-986403023-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3235787128-354290465-986403023-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba.msn.com
IE - HKU\S-1-5-21-3235787128-354290465-986403023-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3235787128-354290465-986403023-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3235787128-354290465-986403023-1000\..\SearchScopes,DefaultScope = {F7723ABB-4FFD-45F5-BB10-3AA9D16A8E1C}
IE - HKU\S-1-5-21-3235787128-354290465-986403023-1000\..\SearchScopes\{12A22A8C-3845-4B31-A22E-567F5FD6A137}: "URL" = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-3235787128-354290465-986403023-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-3235787128-354290465-986403023-1000\..\SearchScopes\{763F82E0-3944-47D4-AF87-787EA74F2711}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3235787128-354290465-986403023-1000\..\SearchScopes\{CA220424-AC53-4FAC-904F-F185A569E680}: "URL" = http://rover.ebay.com/rover/1/710-71511-9400-6/4?satitle={searchTerms}
IE - HKU\S-1-5-21-3235787128-354290465-986403023-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3235787128-354290465-986403023-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.03.11 17:42:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.17 17:12:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.11 07:51:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.20 08:54:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.17 17:12:09 | 000,000,000 | ---D | M]
 
[2011.03.11 14:18:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bukkenbruse\AppData\Roaming\mozilla\Extensions
[2011.10.07 07:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bukkenbruse\AppData\Roaming\mozilla\Firefox\Profiles\9ipwl0wa.default\extensions
[2011.10.07 07:51:22 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Bukkenbruse\AppData\Roaming\mozilla\Firefox\Profiles\9ipwl0wa.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.01.16 14:34:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.11 07:51:05 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.09 10:07:48 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012.02.09 10:07:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.09 10:07:48 | 000,001,218 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bok-NO.xml
[2012.02.09 10:07:48 | 000,000,968 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\qxl-NO.xml
[2012.02.09 10:07:48 | 000,001,203 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\telefonkatalogen-NO.xml
[2012.02.09 10:07:48 | 000,001,176 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-NO.xml
[2012.02.09 10:07:48 | 000,001,192 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-NO.xml
 
O1 HOSTS File: ([2012.04.26 18:03:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:[b]64bit:[/b] - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programfiler\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [00TCrdMain] C:\Programfiler\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [SmartFaceVWatcher] C:\Programfiler\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [SmoothView] C:\Programfiler\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Toshiba Registration] C:\Programfiler\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:[b]64bit:[/b] - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:[b]64bit:[/b] - HKLM..\Run: [TosNC] C:\Programfiler\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TosReelTimeMonitor] C:\Programfiler\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TosSENotify] C:\Programfiler\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TosVolRegulator] C:\Programfiler\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TPwrMain] C:\Programfiler\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\Bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-3235787128-354290465-986403023-1000..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3235787128-354290465-986403023-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3235787128-354290465-986403023-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:[b]64bit:[/b] - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8:[b]64bit:[/b] - Extra context menu item: Se&nd til OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd til OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O9:[b]64bit:[/b] - Extra Button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programfiler\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Se&nd til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programfiler\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: &Koblede OneNote-notater - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programfiler\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : &Koblede OneNote-notater - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programfiler\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programfiler\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programfiler\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programfiler\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{068B1CD2-F50B-4D25-8224-C79A6E80EC7F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D88B8595-8F93-420C-A831-F9C42A3642EB}: DhcpNameServer = 193.216.1.9 193.216.69.4
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programfiler\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012.04.26 18:11:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.04.26 17:44:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.04.26 17:44:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.04.26 17:44:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.04.26 17:44:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.04.26 17:44:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.04.26 17:28:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.04.26 16:04:51 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\DoctorWeb
[2012.04.25 22:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2012.04.25 22:01:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2012.04.19 09:00:22 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{2B92B98D-538C-4B56-9891-8DBEF4B5FB7A}
[2012.04.18 22:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012.04.18 19:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.04.18 19:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.04.18 19:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.04.18 17:57:08 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Roaming\ESET
[2012.04.18 17:57:08 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\ESET
[2012.04.18 13:13:33 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{485F4F75-F11A-4A0C-AE98-92263A4DB562}
[2012.04.18 11:59:09 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\Microsoft Games
[2012.04.18 08:59:27 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{02A10C26-3204-4AE8-A2ED-7EB6EC98EE42}
[2012.04.18 08:51:06 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{568664A3-5AA2-426A-85D6-BAF0FCBF0C6D}
[2012.04.18 07:51:49 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{4A57004C-D0CC-43E6-9AD5-B7BC561FBEFB}
[2012.04.18 07:45:01 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{033A5718-C869-43E4-A101-1A353C94289B}
[2012.04.18 07:40:47 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{2D64D41E-7D04-49BA-9468-42C6CC110F26}
[2012.04.17 08:20:03 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{1C9B3040-C0F1-44D5-B365-488C1AF10038}
[2012.04.17 08:19:50 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{4E4C2D74-D4A5-442D-926D-34DF3F659DE5}
[2012.04.16 12:54:07 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{661DA0C8-A8C6-4C89-B9EB-1926E111928E}
[2012.04.16 12:53:55 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{809FBCA6-4ACE-4F58-99E5-A389DAA1784C}
[2012.04.16 07:49:38 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{D508BE92-F55B-427E-B9F3-92B04CF60056}
[2012.04.16 07:49:23 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{67E25D4D-F079-4650-8791-F8C8883A7AF9}
[2012.04.13 11:55:05 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{FB00EE3C-D0E0-45FA-84E1-241D23138C50}
[2012.04.13 11:54:53 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{74639076-6895-4382-8E1A-1EC5441E102F}
[2012.04.13 07:34:47 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{39681537-9238-4B58-AE33-44A7EB253216}
[2012.04.12 07:32:42 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{F7297140-1C3F-427A-9E65-EABA5D2B70DC}
[2012.04.11 16:46:42 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.04.11 16:46:41 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.04.11 16:46:41 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.04.11 16:44:09 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.04.11 16:44:09 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.04.11 16:44:09 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.04.11 10:17:29 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{96E75873-FDAD-4FC3-94F6-6F6B161B8F20}
[2012.04.11 07:58:24 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.04.11 07:58:23 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.04.11 07:58:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.04.11 07:58:23 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.04.11 07:58:23 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.04.11 07:58:22 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.04.11 07:58:22 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.04.10 07:38:48 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{52F91393-3FBC-4186-8811-CE619B2E734D}
[2012.04.10 07:30:39 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{2CF1A033-BDFC-4C7D-958A-819D25C78989}
[2012.04.10 07:28:22 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{CAFD4EB0-467A-438B-B0BA-BBF43CF524CF}
[2012.04.09 20:57:52 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{E7B7BAF7-FD50-4691-8818-87D38CEB69D1}
[2012.03.30 09:15:29 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{D399608F-60DB-4375-8B41-BEA713FCEE7C}
[2012.03.29 09:20:28 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{3DE75BBC-30BE-4CD8-814E-AE9010AA72EA}
[2012.03.28 13:49:49 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{0CFE156A-574E-49C0-8F99-7719A10F00F1}
[2012.03.28 13:49:36 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{F14EF524-8415-4C02-9610-7760DBCF8DCC}
[2012.03.28 09:08:00 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{08B9A132-DDDE-4035-972E-FA5D226BB625}
[2012.03.28 09:07:48 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{BA9FECAB-16F8-487C-92B4-0A180A3D7ADC}
[2012.03.28 09:06:11 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{67AAF833-29F6-438A-B013-E922A759735E}
[2012.03.28 09:05:27 | 000,000,000 | ---D | C] -- C:\Users\Bukkenbruse\AppData\Local\{C58DC655-E319-4C94-AA62-41D7D9E1CB7B}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012.04.26 20:11:15 | 001,380,026 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.26 20:11:15 | 000,662,950 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.26 20:11:15 | 000,503,686 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat
[2012.04.26 20:11:15 | 000,124,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.26 20:11:15 | 000,094,974 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat
[2012.04.26 20:01:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.26 18:11:04 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.26 18:11:04 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.26 18:03:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.04.26 18:01:45 | 1499,467,776 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.18 21:52:41 | 000,000,017 | ---- | M] () -- C:\Users\Bukkenbruse\AppData\Local\resmon.resmoncfg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012.04.26 17:44:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.04.26 17:44:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.04.26 17:44:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.04.26 17:44:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.04.26 17:44:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.04.18 21:52:41 | 000,000,017 | ---- | C] () -- C:\Users\Bukkenbruse\AppData\Local\resmon.resmoncfg
[2011.11.07 08:58:14 | 000,007,168 | ---- | C] () -- C:\Users\Bukkenbruse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.24 15:34:57 | 001,274,542 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.24 14:30:21 | 000,015,840 | ---- | C] () -- C:\Windows\SysWow64\Machnm1.exe
[2011.03.24 14:30:21 | 000,010,760 | ---- | C] () -- C:\Windows\SysWow64\Machnm64.sys
[2011.03.24 14:30:21 | 000,007,432 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2011.03.17 17:03:10 | 000,211,464 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011.03.17 15:32:26 | 000,013,612 | ---- | C] () -- C:\Windows\hplj1010.ini
[2011.03.11 09:43:58 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011.03.11 09:38:14 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010.07.29 07:08:46 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.07.29 07:08:44 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.07.29 07:08:42 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.07.29 06:14:38 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.07.29 06:14:38 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011.03.15 13:41:00 | 000,000,000 | ---D | M] -- C:\Users\Bukkenbruse\AppData\Roaming\BitZipper
[2012.04.18 17:57:08 | 000,000,000 | ---D | M] -- C:\Users\Bukkenbruse\AppData\Roaming\ESET
[2011.05.03 10:33:25 | 000,000,000 | ---D | M] -- C:\Users\Bukkenbruse\AppData\Roaming\Fighters
[2011.06.29 09:57:24 | 000,000,000 | ---D | M] -- C:\Users\Bukkenbruse\AppData\Roaming\GARMIN
[2011.04.29 09:49:20 | 000,000,000 | ---D | M] -- C:\Users\Bukkenbruse\AppData\Roaming\ICAClient
[2011.03.11 11:09:38 | 000,000,000 | ---D | M] -- C:\Users\Bukkenbruse\AppData\Roaming\Toshiba
[2012.02.17 12:16:17 | 000,000,000 | ---D | M] -- C:\Users\Bukkenbruse\AppData\Roaming\uTorrent
[2011.04.05 07:52:02 | 000,000,000 | ---D | M] -- C:\Users\Bukkenbruse\AppData\Roaming\Windows Live Writer
[2012.01.13 11:40:28 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >