Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 34

Thread: click.giftload infection

  1. #11
    Junior Member
    Join Date
    May 2011
    Posts
    19

    Default

    It deleted a openoffice file or register, but not much more. Though you'll prob 'll make more of this report

    ComboFix 11-05-19.02 - Ole 21/05/2011 17:48:40.1.2 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.32.1043.18.3326.1700 [GMT 2:00]
    Gestart vanuit: c:\users\Ole\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
    AV: PC Tools AntiVirus Free *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
    SP: PC Tools AntiVirus Free *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Ole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3 .lnk
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-04-21 to 2011-05-21 ))))))))))))))))))))))))))))))
    .
    .
    2011-05-21 16:06 . 2011-05-21 16:08 -------- d-----w- c:\users\Ole\AppData\Local\temp
    2011-05-21 16:06 . 2011-05-21 16:06 -------- d-----w- c:\users\Gast\AppData\Local\temp
    2011-05-21 16:06 . 2011-05-21 16:06 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-19 17:30 . 2011-05-19 17:30 -------- d-----w- c:\program files\ERUNT
    2011-05-12 06:59 . 2011-04-14 16:57 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-05-10 06:52 . 2011-04-27 13:36 767952 ----a-w- c:\windows\BDTSupport.dll
    2011-05-06 22:16 . 2011-04-14 16:57 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
    2011-05-06 22:16 . 2011-04-14 16:57 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
    2011-05-06 22:16 . 2011-04-14 16:57 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
    2011-05-06 22:16 . 2011-04-14 16:57 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
    2011-05-06 22:16 . 2011-04-14 16:57 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
    2011-05-06 22:16 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
    2011-05-06 22:16 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
    2011-05-02 14:40 . 2011-05-02 14:40 -------- d-----w- c:\program files\ParetoLogic
    2011-05-02 14:40 . 2011-05-02 14:40 -------- d-----w- c:\program files\Common Files\ParetoLogic
    2011-05-02 13:33 . 2011-02-22 11:57 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
    2011-05-02 13:33 . 2011-02-22 11:57 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
    2011-05-02 13:33 . 2011-02-22 11:57 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
    2011-05-02 13:33 . 2011-05-10 06:50 -------- d-----w- c:\programdata\PC Tools
    2011-05-02 13:33 . 2011-05-02 13:33 -------- d-----w- c:\program files\ThreatFire
    2011-05-02 08:51 . 2011-05-02 08:51 -------- d-----w- c:\users\Ole\AppData\Roaming\Panda Security
    2011-05-02 08:35 . 2011-05-02 08:35 -------- d-----w- c:\users\Ole\AppData\Roaming\SurfSecret Privacy Suite
    2011-05-02 08:34 . 2011-05-02 08:34 -------- d-----w- c:\users\Ole\AppData\Local\panda2_0dn
    2011-05-02 08:34 . 2011-05-21 12:31 -------- d-----w- c:\programdata\Panda Security URL Filtering
    2011-05-02 08:33 . 2011-05-02 08:35 -------- d-----w- c:\program files\Panda Security
    2011-05-02 08:33 . 2011-05-02 08:33 -------- d-----w- c:\programdata\Panda Security
    2011-05-02 08:32 . 2010-10-07 06:50 428352 ----a-w- c:\windows\system32\StubInstaller.exe
    2011-04-27 17:58 . 2011-04-27 17:58 -------- d-----w- c:\users\Ole\AppData\Roaming\Unity
    2011-04-22 17:12 . 2011-04-22 17:12 -------- d-----w- c:\users\Ole\AppData\Local\PackageAware
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-10 12:10 . 2010-07-13 06:08 40112 ----a-w- c:\windows\avastSS.scr
    2011-05-10 12:10 . 2009-05-20 21:09 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-05-10 12:03 . 2011-03-15 17:06 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-05-10 12:03 . 2009-05-20 21:09 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-05-10 12:02 . 2009-05-20 21:09 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-05-10 11:59 . 2009-05-20 21:09 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-05-10 11:59 . 2009-05-20 21:09 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-05-10 11:59 . 2009-05-20 21:09 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-03-13 14:50 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-13 10:25 . 2011-03-13 10:25 161280 ----a-w- c:\windows\system32\msls31.dll
    2011-03-13 10:25 . 2011-03-13 10:25 1125376 ----a-w- c:\windows\system32\wininet.dll
    2011-03-13 10:25 . 2011-03-13 10:25 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-03-13 10:25 . 2011-03-13 10:25 74752 ----a-w- c:\windows\system32\iesetup.dll
    2011-03-13 10:25 . 2011-03-13 10:25 1426432 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-03-13 10:25 . 2011-03-13 10:25 23552 ----a-w- c:\windows\system32\licmgr10.dll
    2011-03-13 10:25 . 2011-03-13 10:25 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-13 10:25 . 2011-03-13 10:25 2382336 ----a-w- c:\windows\system32\mshtml.tlb
    2011-03-13 10:25 . 2011-03-13 10:25 152064 ----a-w- c:\windows\system32\wextract.exe
    2011-03-13 10:25 . 2011-03-13 10:25 150528 ----a-w- c:\windows\system32\iexpress.exe
    2011-03-13 10:25 . 2011-03-13 10:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-03-13 10:25 . 2011-03-13 10:25 11776 ----a-w- c:\windows\system32\mshta.exe
    2011-03-13 10:25 . 2011-03-13 10:25 35840 ----a-w- c:\windows\system32\imgutil.dll
    2011-03-13 10:25 . 2011-03-13 10:25 1791488 ----a-w- c:\windows\system32\jscript9.dll
    2011-03-13 10:25 . 2011-03-13 10:25 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-03-13 10:25 . 2011-03-13 10:25 101888 ----a-w- c:\windows\system32\admparse.dll
    2011-03-13 10:25 . 2011-03-13 10:25 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-03-13 10:25 . 2011-03-13 10:25 86528 ----a-w- c:\windows\system32\iesysprep.dll
    2011-03-13 10:25 . 2011-03-13 10:25 63488 ----a-w- c:\windows\system32\tdc.ocx
    2011-03-13 10:25 . 2011-03-13 10:25 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-03-13 10:25 . 2011-03-13 10:25 367104 ----a-w- c:\windows\system32\html.iec
    2011-03-12 15:31 . 2011-03-12 15:31 17408 ----a-w- c:\windows\START32.EXE
    2011-03-12 15:31 . 2011-03-12 15:31 9728 ----a-w- c:\windows\system32\rnaph.dll
    2011-04-14 16:57 . 2011-05-12 06:59 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
    2010-12-19 14:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2010-03-17 13:45 2355224 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
    "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-12-19 86696]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
    @="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
    [HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
    2010-12-16 16:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
    @="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
    [HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
    2010-12-16 16:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FujiKeyboard"="c:\acer\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe" [2008-09-18 79416]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
    "Skytel"="Skytel.exe" [2007-11-20 1826816]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    "EaseUs Watch"="c:\program files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe" [2011-01-22 69000]
    "PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232]
    "Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2010-12-19 223400]
    "ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2011-02-22 378128]
    "PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-04-27 247760]
    .
    c:\users\Ole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    "HideFastUserSwitching"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-03-07 13:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    "PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe"
    "PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe"
    "RtHDVCpl"=RtHDVCpl.exe
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "B2C_AGENT"=c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
    "CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe"
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    .
    R0 PsBoot;Panda boot driver;c:\windows\system32\Drivers\PsBoot.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 EASEUS Agent;EASEUS Agent;c:\program files\EASEUS\Todo Backup 2.0\bin\Agent.exe [2011-01-22 55688]
    R2 srv4B8;srv4B8;c:\windows\system32\svchost.exe [2008-01-21 21504]
    R3 lgmdbus;LG Mobile driver (WDM);c:\windows\system32\DRIVERS\lgmdbus.sys [2008-07-08 89600]
    R3 lgmdmdfl;LG Mobile USB WMC Modem Filter;c:\windows\system32\DRIVERS\lgmdmdfl.sys [2008-07-08 14976]
    R3 lgmdmdm;LG Mobile USB WMC Modem Driver;c:\windows\system32\DRIVERS\lgmdmdm.sys [2008-07-08 121344]
    R3 lgmdmgmt;LG Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\lgmdmgmt.sys [2008-07-08 114944]
    R3 lgmdobex;LG Mobile USB WMC OBEX Interface;c:\windows\system32\DRIVERS\lgmdobex.sys [2008-07-08 111232]
    R3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [2009-05-20 110576]
    R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-01-22 31112]
    S0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2011-01-22 21896]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-03-10 263888]
    S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
    S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-02-22 51984]
    S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-02-22 69392]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-01-22 15240]
    S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [2011-03-10 233976]
    S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-12-16 126536]
    S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\CyberLink\PlayMovie\000.fcl [2008-03-31 41456]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
    S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [2011-04-27 337872]
    S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
    S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-12-16 140608]
    S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-12-16 141384]
    S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-12-16 99400]
    S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-12-16 111176]
    S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-12-16 113736]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
    S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\DRIVERS\EuDisk.sys [2011-01-22 188296]
    S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
    S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
    S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
    S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-02-22 33552]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    bthsvcs REG_MULTI_SZ BthServ
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    srv4B8
    ezSharedSvc
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-05-21 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\WindowsMaintenance\Glary Utilities\initialize.exe [2009-11-10 16:24]
    .
    2011-05-21 c:\windows\Tasks\ParetoLogic Registration3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-03-29 23:17]
    .
    2011-05-02 c:\windows\Tasks\ParetoLogic Update Version3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:17]
    .
    2011-05-02 c:\windows\Tasks\PC Health Advisor Defrag.job
    - c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
    .
    2011-05-02 c:\windows\Tasks\PC Health Advisor.job
    - c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
    .
    2011-04-17 c:\windows\Tasks\SmartDefrag.job
    - c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-01-19 17:08]
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://www.telenet.be
    mStart Page = hxxp://www.telenet.be
    mWindow Title = Telenet Internet
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    FF - ProfilePath - c:\users\Ole\AppData\Roaming\Mozilla\Firefox\Profiles\0rgkufor.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&PC=VIATDF&q=
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.standaard.be/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1143&p=
    FF - prefs.js: network.proxy.type - 0
    .
    .
    ------- Bestandsassociaties -------
    .
    .scr=AutoCADScriptFile
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-21 18:07
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scannen van verborgen processen ...
    .
    scannen van verborgen autostart items ...
    .
    scannen van verborgen bestanden ...
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv4B8]
    "servicedll"="\\?\globalroot\Device\HarddiskVolume2\Users\Ole\AppData\Local\Temp\srv4B8.tmp"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ThreatFire]
    "AlternateImagePath"=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
    "ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl"
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1100745386-3923300980-3176444086-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:21,91,34,eb,2f,15,42,83,06,49,14,b9,c5,70,88,33,85,5e,26,cd,0d,0b,a7,
    8b,9f,d9,c5,c7,20,0d,c0,05,95,af,12,cc,25,f7,af,b8,b8,ca,a7,58,ea,49,8d,62,\
    "??"=hex:42,e1,6f,b6,7b,13,85,b2,11,f1,48,93,2f,8c,d2,19
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------
    .
    - - - - - - - > 'winlogon.exe'(924)
    c:\program files\ThreatFire\TFWAH.dll
    .
    - - - - - - - > 'lsass.exe'(876)
    c:\program files\ThreatFire\TFWAH.dll
    .
    Voltooingstijd: 2011-05-21 18:16:23
    ComboFix-quarantined-files.txt 2011-05-21 16:16
    .
    Pre-Run: 133.797.531.648 bytes beschikbaar
    Post-Run: 133.888.950.272 bytes beschikbaar
    .
    Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
    - - End Of File - - FE9AE8BC500BE2C940189D532DB91815

  2. #12
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    avast
    Panda Cloud Antivirus
    PC Tools AntiVirus Free

    You have 3 antivirus programs running and that counter productive and a bit of overkill, they will suck up system resources and cause all sorts of problems, its recommended that you just have one, keep it updated and run regular scans. Your call but you need to go to Programs and Features in the Control panel and uninstall two of them.


    Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Registry::


    Code:
    Registry::
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv4B8]
    
    File::
    globalroot\Device\HarddiskVolume2\Users\Ole\AppData\Local\Temp\srv4B8.tmp
    Save this as CFScript to your desktop.

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.





    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #13
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    If you have not run Combofix yet please do not run the fix or combofix at all please.

    What I need you to do is drag Combofix to the trash and download a new copy and just run the program, not the fix

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop
    Last edited by ken545; 2011-05-22 at 13:41.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  4. #14
    Junior Member
    Join Date
    May 2011
    Posts
    19

    Default

    I usually run only avast and spybot, I installed the other systems in an attempt to clean my system. That didnt help, but you sure are. Here are the reports:

    Combofix wanted to update, I said NO, report:

    ComboFix 11-05-19.02 - Ole 22/05/2011 12:25:43.2.2 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.32.1043.18.3326.1934 [GMT 2:00]
    Gestart vanuit: c:\users\Ole\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Ole\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
    AV: PC Tools AntiVirus Free *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
    SP: PC Tools AntiVirus Free *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    J:\Autorun.inf
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-04-22 to 2011-05-22 ))))))))))))))))))))))))))))))
    .
    .
    2011-05-22 10:46 . 2011-05-22 10:47 -------- d-----w- c:\users\Ole\AppData\Local\temp
    2011-05-22 10:46 . 2011-05-22 10:46 -------- d-----w- c:\users\Gast\AppData\Local\temp
    2011-05-22 10:46 . 2011-05-22 10:46 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-22 03:26 . 2011-05-22 03:26 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2011-05-22 03:22 . 2011-05-18 10:37 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E28523AC-D2CD-43CF-8531-1314813C8E4A}\mpengine.dll
    2011-05-19 17:30 . 2011-05-19 17:30 -------- d-----w- c:\program files\ERUNT
    2011-05-12 06:59 . 2011-04-14 16:57 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-05-10 06:52 . 2011-04-27 13:36 767952 ----a-w- c:\windows\BDTSupport.dll
    2011-05-06 22:16 . 2011-04-14 16:57 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
    2011-05-06 22:16 . 2011-04-14 16:57 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
    2011-05-06 22:16 . 2011-04-14 16:57 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
    2011-05-06 22:16 . 2011-04-14 16:57 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
    2011-05-06 22:16 . 2011-04-14 16:57 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
    2011-05-06 22:16 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
    2011-05-06 22:16 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
    2011-05-02 14:40 . 2011-05-02 14:40 -------- d-----w- c:\program files\ParetoLogic
    2011-05-02 14:40 . 2011-05-02 14:40 -------- d-----w- c:\program files\Common Files\ParetoLogic
    2011-05-02 13:33 . 2011-02-22 11:57 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
    2011-05-02 13:33 . 2011-02-22 11:57 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
    2011-05-02 13:33 . 2011-02-22 11:57 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
    2011-05-02 13:33 . 2011-05-10 06:50 -------- d-----w- c:\programdata\PC Tools
    2011-05-02 13:33 . 2011-05-02 13:33 -------- d-----w- c:\program files\ThreatFire
    2011-05-02 08:51 . 2011-05-02 08:51 -------- d-----w- c:\users\Ole\AppData\Roaming\Panda Security
    2011-05-02 08:35 . 2011-05-02 08:35 -------- d-----w- c:\users\Ole\AppData\Roaming\SurfSecret Privacy Suite
    2011-05-02 08:34 . 2011-05-02 08:34 -------- d-----w- c:\users\Ole\AppData\Local\panda2_0dn
    2011-05-02 08:34 . 2011-05-22 10:05 -------- d-----w- c:\programdata\Panda Security URL Filtering
    2011-05-02 08:33 . 2011-05-02 08:35 -------- d-----w- c:\program files\Panda Security
    2011-05-02 08:33 . 2011-05-02 08:33 -------- d-----w- c:\programdata\Panda Security
    2011-05-02 08:32 . 2010-10-07 06:50 428352 ----a-w- c:\windows\system32\StubInstaller.exe
    2011-04-27 17:58 . 2011-04-27 17:58 -------- d-----w- c:\users\Ole\AppData\Roaming\Unity
    2011-04-22 17:12 . 2011-04-22 17:12 -------- d-----w- c:\users\Ole\AppData\Local\PackageAware
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-10 12:10 . 2010-07-13 06:08 40112 ----a-w- c:\windows\avastSS.scr
    2011-05-10 12:10 . 2009-05-20 21:09 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-05-10 12:03 . 2011-03-15 17:06 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-05-10 12:03 . 2009-05-20 21:09 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-05-10 12:02 . 2009-05-20 21:09 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-05-10 11:59 . 2009-05-20 21:09 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-05-10 11:59 . 2009-05-20 21:09 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-05-10 11:59 . 2009-05-20 21:09 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-03-13 14:50 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-13 10:25 . 2011-03-13 10:25 161280 ----a-w- c:\windows\system32\msls31.dll
    2011-03-13 10:25 . 2011-03-13 10:25 1125376 ----a-w- c:\windows\system32\wininet.dll
    2011-03-13 10:25 . 2011-03-13 10:25 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-03-13 10:25 . 2011-03-13 10:25 74752 ----a-w- c:\windows\system32\iesetup.dll
    2011-03-13 10:25 . 2011-03-13 10:25 1426432 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-03-13 10:25 . 2011-03-13 10:25 23552 ----a-w- c:\windows\system32\licmgr10.dll
    2011-03-13 10:25 . 2011-03-13 10:25 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-13 10:25 . 2011-03-13 10:25 2382336 ----a-w- c:\windows\system32\mshtml.tlb
    2011-03-13 10:25 . 2011-03-13 10:25 152064 ----a-w- c:\windows\system32\wextract.exe
    2011-03-13 10:25 . 2011-03-13 10:25 150528 ----a-w- c:\windows\system32\iexpress.exe
    2011-03-13 10:25 . 2011-03-13 10:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-03-13 10:25 . 2011-03-13 10:25 11776 ----a-w- c:\windows\system32\mshta.exe
    2011-03-13 10:25 . 2011-03-13 10:25 35840 ----a-w- c:\windows\system32\imgutil.dll
    2011-03-13 10:25 . 2011-03-13 10:25 1791488 ----a-w- c:\windows\system32\jscript9.dll
    2011-03-13 10:25 . 2011-03-13 10:25 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-03-13 10:25 . 2011-03-13 10:25 101888 ----a-w- c:\windows\system32\admparse.dll
    2011-03-13 10:25 . 2011-03-13 10:25 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-03-13 10:25 . 2011-03-13 10:25 86528 ----a-w- c:\windows\system32\iesysprep.dll
    2011-03-13 10:25 . 2011-03-13 10:25 63488 ----a-w- c:\windows\system32\tdc.ocx
    2011-03-13 10:25 . 2011-03-13 10:25 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-03-13 10:25 . 2011-03-13 10:25 367104 ----a-w- c:\windows\system32\html.iec
    2011-03-12 15:31 . 2011-03-12 15:31 17408 ----a-w- c:\windows\START32.EXE
    2011-03-12 15:31 . 2011-03-12 15:31 9728 ----a-w- c:\windows\system32\rnaph.dll
    2011-04-14 16:57 . 2011-05-12 06:59 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
    2010-12-19 14:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2010-03-17 13:45 2355224 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
    "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-12-19 86696]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
    @="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
    [HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
    2010-12-16 16:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
    @="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
    [HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
    2010-12-16 16:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FujiKeyboard"="c:\acer\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe" [2008-09-18 79416]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
    "Skytel"="Skytel.exe" [2007-11-20 1826816]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    "EaseUs Watch"="c:\program files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe" [2011-01-22 69000]
    "PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232]
    "Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2010-12-19 223400]
    "ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2011-02-22 378128]
    "PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-04-27 247760]
    .
    c:\users\Ole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    "HideFastUserSwitching"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-03-07 13:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    "PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe"
    "PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe"
    "RtHDVCpl"=RtHDVCpl.exe
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "B2C_AGENT"=c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
    "CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe"
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    .
    R0 PsBoot;Panda boot driver;c:\windows\system32\Drivers\PsBoot.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 EASEUS Agent;EASEUS Agent;c:\program files\EASEUS\Todo Backup 2.0\bin\Agent.exe [2011-01-22 55688]
    R3 lgmdbus;LG Mobile driver (WDM);c:\windows\system32\DRIVERS\lgmdbus.sys [2008-07-08 89600]
    R3 lgmdmdfl;LG Mobile USB WMC Modem Filter;c:\windows\system32\DRIVERS\lgmdmdfl.sys [2008-07-08 14976]
    R3 lgmdmdm;LG Mobile USB WMC Modem Driver;c:\windows\system32\DRIVERS\lgmdmdm.sys [2008-07-08 121344]
    R3 lgmdmgmt;LG Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\lgmdmgmt.sys [2008-07-08 114944]
    R3 lgmdobex;LG Mobile USB WMC OBEX Interface;c:\windows\system32\DRIVERS\lgmdobex.sys [2008-07-08 111232]
    R3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [2009-05-20 110576]
    R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]
    S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-01-22 31112]
    S0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2011-01-22 21896]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-03-10 263888]
    S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
    S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-01-22 15240]
    S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [2011-03-10 233976]
    S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-12-16 126536]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
    S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [2011-04-27 337872]
    S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
    S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-12-16 140608]
    S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-12-16 141384]
    S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-12-16 99400]
    S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-12-16 111176]
    S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-12-16 113736]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\DRIVERS\EuDisk.sys [2011-01-22 188296]
    S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
    S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
    S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    bthsvcs REG_MULTI_SZ BthServ
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    srv4B8
    ezSharedSvc
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-05-22 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\WindowsMaintenance\Glary Utilities\initialize.exe [2009-11-10 16:24]
    .
    2011-05-21 c:\windows\Tasks\ParetoLogic Registration3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-03-29 23:17]
    .
    2011-05-02 c:\windows\Tasks\ParetoLogic Update Version3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:17]
    .
    2011-05-02 c:\windows\Tasks\PC Health Advisor Defrag.job
    - c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
    .
    2011-05-02 c:\windows\Tasks\PC Health Advisor.job
    - c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://www.telenet.be
    mStart Page = hxxp://www.telenet.be
    mWindow Title = Telenet Internet
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    FF - ProfilePath - c:\users\Ole\AppData\Roaming\Mozilla\Firefox\Profiles\0rgkufor.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&PC=VIATDF&q=
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.standaard.be/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1143&p=
    FF - prefs.js: network.proxy.type - 0
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-22 12:47
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scannen van verborgen processen ...
    .
    scannen van verborgen autostart items ...
    .
    scannen van verborgen bestanden ...
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ThreatFire]
    "AlternateImagePath"=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
    "ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl"
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1100745386-3923300980-3176444086-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:21,91,34,eb,2f,15,42,83,06,49,14,b9,c5,70,88,33,85,5e,26,cd,0d,0b,a7,
    8b,9f,d9,c5,c7,20,0d,c0,05,95,af,12,cc,25,f7,af,b8,b8,ca,a7,58,ea,49,8d,62,\
    "??"=hex:42,e1,6f,b6,7b,13,85,b2,11,f1,48,93,2f,8c,d2,19
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------
    .
    - - - - - - - > 'winlogon.exe'(884)
    c:\program files\ThreatFire\TFWAH.dll
    .
    - - - - - - - > 'lsass.exe'(924)
    c:\program files\ThreatFire\TFWAH.dll
    .
    Voltooingstijd: 2011-05-22 12:55:14
    ComboFix-quarantined-files.txt 2011-05-22 10:55
    ComboFix2.txt 2011-05-21 16:16
    .
    Pre-Run: 133.484.859.392 bytes beschikbaar
    Post-Run: 133.564.506.112 bytes beschikbaar
    .
    Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,10,11
    - - End Of File - - 8B66B4F8A4BA95A65716FFE9FB22B815

  5. #15
    Junior Member
    Join Date
    May 2011
    Posts
    19

    Default

    otl:

    OTL logfile created on: 22/05/2011 13:17:07 - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Ole\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8080.16413)
    Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 48,00% Memory free
    7,00 Gb Paging File | 5,00 Gb Available in Paging File | 72,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 285,09 Gb Total Space | 124,48 Gb Free Space | 43,66% Space Free | Partition Type: NTFS
    Drive J: | 931,28 Gb Total Space | 657,12 Gb Free Space | 70,56% Space Free | Partition Type: FAT32

    Computer Name: PC_OLE | User Name: Ole | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Ole\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
    PRC - C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
    PRC - C:\Program Files\ThreatFire\TFService.exe (PC Tools)
    PRC - C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
    PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
    PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
    PRC - C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\AOSD.exe (Packard Bell BV)
    PRC - C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe (Packard Bell BV)
    PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Ole\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
    MOD - C:\Program Files\ThreatFire\TFWAH.dll (PC Tools)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (srv4B8) -- File not found
    SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
    SRV - (sdCoreService) -- C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
    SRV - (ThreatFire) -- C:\Program Files\ThreatFire\TFService.exe (PC Tools)
    SRV - (sdAuxService) -- C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
    SRV - (EASEUS Agent) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
    SRV - (NanoServiceMain) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (Partner Service) -- C:\ProgramData\Partner\partner.exe (Google Inc.)
    SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
    SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()


    ========== Driver Services (SafeList) ==========

    DRV - (catchme) -- File not found
    DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
    DRV - (PCTSD) -- C:\Windows\System32\drivers\PCTSD.sys (PC Tools)
    DRV - (TfSysMon) -- C:\Windows\system32\drivers\TfSysMon.sys (PC Tools)
    DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys (PC Tools)
    DRV - (TfFsMon) -- C:\Windows\system32\drivers\TfFsMon.sys (PC Tools)
    DRV - (EUFS) -- C:\Windows\system32\drivers\eufs.sys (CHENGDU YIWO Tech Development Co., Ltd)
    DRV - (EUDSKACS) -- C:\Windows\System32\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)
    DRV - (EUBAKUP) -- C:\Windows\system32\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)
    DRV - (EuDisk) -- C:\Windows\System32\drivers\EuDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
    DRV - (PSINProt) -- C:\Windows\System32\drivers\PSINProt.sys (Panda Security, S.L.)
    DRV - (PSINProc) -- C:\Windows\System32\drivers\PSINProc.sys (Panda Security, S.L.)
    DRV - (PSINKNC) -- C:\Windows\System32\drivers\PSINKNC.sys (Panda Security, S.L.)
    DRV - (PSINFile) -- C:\Windows\System32\drivers\PSINFile.sys (Panda Security, S.L.)
    DRV - (PSINAflt) -- C:\Windows\System32\drivers\PSINAflt.sys (Panda Security, S.L.)
    DRV - (pctEFA) -- C:\Windows\system32\drivers\pctEFA.sys (PC Tools)
    DRV - (pctDS) -- C:\Windows\system32\drivers\pctDS.sys (PC Tools)
    DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
    DRV - (LgBttPort) -- C:\Windows\System32\drivers\lgbtport.sys (LG Electronics Inc.)
    DRV - (LGVMODEM) -- C:\Windows\System32\drivers\lgvmodem.sys (LG Electronics Inc.)
    DRV - (lgbusenum) -- C:\Windows\System32\drivers\lgbtbus.sys (LG Electronics Inc.)
    DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (lgmdmdm) -- C:\Windows\System32\drivers\lgmdmdm.sys (MCCI Corporation)
    DRV - (lgmdmgmt) LG Mobile USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\lgmdmgmt.sys (MCCI Corporation)
    DRV - (lgmdobex) -- C:\Windows\System32\drivers\lgmdobex.sys (MCCI Corporation)
    DRV - (lgmdbus) LG Mobile driver (WDM) -- C:\Windows\System32\drivers\lgmdbus.sys (MCCI Corporation)
    DRV - (lgmdmdfl) -- C:\Windows\System32\drivers\lgmdmdfl.sys (MCCI Corporation)
    DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
    DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\CyberLink\PlayMovie\000.fcl (Cyberlink Corp.)
    DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be
    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be
    IE - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    IE - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&PC=VIATDF&q="
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Ask.com"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.standaard.be/"
    FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
    FF - prefs.js..extensions.enabledItems: nl-NL@dictionaries.addons.mozilla.org:3.0.1
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
    FF - prefs.js..extensions.enabledItems: {2bfc8624-5b8a-4060-b86a-e78ccbc38509}:2.4
    FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
    FF - prefs.js..extensions.enabledItems: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:2.0
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=panda&type=PCAFSI1143&p="
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/05/11 20:50:06 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2011/05/10 08:52:36 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/12 08:59:17 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 00:16:11 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/06 10:38:41 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

    [2009/12/12 11:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ole\AppData\Roaming\mozilla\Extensions
    [2009/12/12 11:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ole\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2009/05/20 17:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ole\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
    [2009/06/16 11:20:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ole\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
    [2011/05/06 22:14:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ole\AppData\Roaming\mozilla\Firefox\Profiles\0rgkufor.default\extensions
    [2010/04/27 10:59:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ole\AppData\Roaming\mozilla\Firefox\Profiles\0rgkufor.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/12/28 11:12:06 | 000,000,000 | ---D | M] ("BetterSearch") -- C:\Users\Ole\AppData\Roaming\mozilla\Firefox\Profiles\0rgkufor.default\extensions\{2bfc8624-5b8a-4060-b86a-e78ccbc38509}
    [2011/05/02 10:34:35 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Ole\AppData\Roaming\mozilla\Firefox\Profiles\0rgkufor.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
    [2010/12/13 18:14:09 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Ole\AppData\Roaming\mozilla\Firefox\Profiles\0rgkufor.default\extensions\en-GB@dictionaries.addons.mozilla.org
    [2010/11/27 08:25:29 | 000,000,000 | ---D | M] (Woordenboek Nederlands) -- C:\Users\Ole\AppData\Roaming\mozilla\Firefox\Profiles\0rgkufor.default\extensions\nl-NL@dictionaries.addons.mozilla.org
    [2011/03/14 17:17:43 | 000,002,397 | ---- | M] () -- C:\Users\Ole\AppData\Roaming\Mozilla\Firefox\Profiles\0rgkufor.default\searchplugins\askcom.xml
    [2010/01/17 10:53:12 | 000,002,185 | ---- | M] () -- C:\Users\Ole\AppData\Roaming\Mozilla\Firefox\Profiles\0rgkufor.default\searchplugins\bing.xml
    [2011/05/12 08:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/01/14 10:59:40 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    File not found (No name found) --
    [2011/05/11 20:50:06 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
    [2011/05/10 08:52:36 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX
    [2011/04/14 18:57:43 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
    [2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
    [2010/01/01 10:00:00 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
    [2010/01/01 10:00:00 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
    [2010/01/01 10:00:00 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
    [2010/01/01 10:00:00 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml

    O1 HOSTS File: ([2011/05/22 12:46:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
    O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
    O3 - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
    O4 - HKLM..\Run: [FujiKeyboard] c:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe (Packard Bell BV)
    O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
    O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
    O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
    O4 - Startup: C:\Users\Ole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
    O7 - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
    O7 - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx (SpinTop DRM Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.131.5 195.130.130.133
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Ole\Pictures\Windows_by_serpim [DesktopNexus.com].jpg
    O24 - Desktop BackupWallPaper: C:\Users\Ole\Pictures\Windows_by_serpim [DesktopNexus.com].jpg
    O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/12/26 19:51:21 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/22 12:55:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/05/22 12:55:25 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\temp
    [2011/05/22 12:18:46 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011/05/22 12:15:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/05/22 12:15:33 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/05/22 12:10:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Ole\Desktop\OTL.exe
    [2011/05/22 05:31:53 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/05/22 05:26:37 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
    [2011/05/21 18:16:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/05/21 17:44:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/05/21 17:44:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/05/21 17:44:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/05/21 17:41:22 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/05/21 14:26:33 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ole\Desktop\TDSSKiller.exe
    [2011/05/21 07:55:27 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Ole\Desktop\aswMBR.exe
    [2011/05/19 19:31:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/05/19 19:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2011/05/19 19:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2011/05/10 08:52:34 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
    [2011/05/10 08:52:33 | 002,074,576 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
    [2011/05/10 08:52:33 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
    [2011/05/10 08:50:17 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
    [2011/05/10 08:50:17 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
    [2011/05/10 08:50:15 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
    [2011/05/10 08:50:15 | 000,105,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
    [2011/05/10 08:50:07 | 000,263,888 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
    [2011/05/10 08:50:07 | 000,160,576 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
    [2011/05/10 08:50:02 | 000,233,976 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
    [2011/05/10 08:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
    [2011/05/10 08:49:57 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
    [2011/05/10 08:49:45 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
    [2011/05/10 08:49:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2011/05/02 16:40:59 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
    [2011/05/02 16:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
    [2011/05/02 16:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
    [2011/05/02 15:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThreatFire
    [2011/05/02 15:33:45 | 000,069,392 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
    [2011/05/02 15:33:45 | 000,051,984 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
    [2011/05/02 15:33:45 | 000,033,552 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
    [2011/05/02 15:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatFire
    [2011/05/02 15:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2011/05/02 10:51:06 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Roaming\Panda Security
    [2011/05/02 10:35:09 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Roaming\SurfSecret Privacy Suite
    [2011/05/02 10:34:52 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\panda2_0dn
    [2011/05/02 10:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security URL Filtering
    [2011/05/02 10:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
    [2011/05/02 10:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
    [2011/05/02 10:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
    [2011/05/02 10:32:48 | 000,428,352 | ---- | C] (Panda Security) -- C:\Windows\System32\StubInstaller.exe
    [2011/04/27 19:58:21 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Roaming\Unity
    [2011/04/22 19:12:10 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\PackageAware
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/05/22 12:46:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/05/22 12:11:16 | 000,689,956 | ---- | M] () -- C:\Windows\System32\perfh013.dat
    [2011/05/22 12:11:16 | 000,607,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/05/22 12:11:16 | 000,135,744 | ---- | M] () -- C:\Windows\System32\perfc013.dat
    [2011/05/22 12:11:16 | 000,108,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/05/22 12:11:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ole\Desktop\OTL.exe
    [2011/05/22 12:05:17 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
    [2011/05/22 12:05:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/05/22 12:05:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/05/22 12:04:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/05/22 05:43:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2011/05/22 05:29:26 | 002,172,450 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
    [2011/05/21 18:00:01 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
    [2011/05/21 17:37:25 | 004,352,567 | R--- | M] () -- C:\Users\Ole\Desktop\ComboFix.exe
    [2011/05/21 16:39:35 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/21 13:18:21 | 000,000,512 | ---- | M] () -- C:\Users\Ole\Desktop\MBR.dat
    [2011/05/21 07:55:28 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Ole\Desktop\aswMBR.exe
    [2011/05/21 07:53:58 | 000,000,133 | ---- | M] () -- C:\Users\Ole\Desktop\regfix.reg
    [2011/05/20 19:56:13 | 369,589,978 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/05/19 19:30:30 | 000,000,915 | ---- | M] () -- C:\Users\Ole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/05/19 19:30:14 | 000,000,735 | ---- | M] () -- C:\Users\Ole\Desktop\NTREGOPT.lnk
    [2011/05/19 19:30:14 | 000,000,716 | ---- | M] () -- C:\Users\Ole\Desktop\ERUNT.lnk
    [2011/05/13 13:21:28 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ole\Desktop\TDSSKiller.exe
    [2011/05/12 08:59:20 | 000,000,872 | ---- | M] () -- C:\Users\Ole\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/05/12 08:59:20 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/05/11 20:50:10 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2011/05/11 02:45:48 | 000,110,592 | ---- | M] (LG Electronics) -- C:\Users\Ole\Documents\LGMobileDL.dll
    [2011/05/10 18:48:38 | 000,433,997 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110512-123349.backup
    [2011/05/10 14:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/05/10 14:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2011/05/10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2011/05/10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2011/05/10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2011/05/10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2011/05/10 13:59:44 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2011/05/10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2011/05/10 08:50:03 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools AntiVirus Free.lnk
    [2011/05/10 08:47:39 | 000,513,008 | ---- | M] () -- C:\Users\Ole\Desktop\avinstall.exe
    [2011/05/06 09:10:47 | 000,028,259 | ---- | M] () -- C:\Users\Ole\AppData\Roaming\Comma Separated Values (Windows).ADR
    [2011/05/06 09:10:19 | 000,012,939 | ---- | M] () -- C:\Users\Ole\AppData\Roaming\Comma Separated Values (Windows).CAL
    [2011/05/05 19:57:34 | 000,000,032 | ---- | M] () -- C:\Windows\System32\EUOD.DAT
    [2011/05/02 16:58:01 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
    [2011/05/02 16:58:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
    [2011/05/02 16:58:01 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
    [2011/05/02 16:40:59 | 000,000,904 | ---- | M] () -- C:\Users\Ole\Desktop\ParetoLogic PC Health Advisor.lnk
    [2011/05/02 15:33:47 | 000,000,769 | ---- | M] () -- C:\Users\Ole\Application Data\Microsoft\Internet Explorer\Quick Launch\ThreatFire.lnk
    [2011/05/02 15:33:46 | 000,000,745 | ---- | M] () -- C:\Users\Public\Desktop\ThreatFire.lnk
    [2011/05/02 14:53:17 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
    [2011/05/02 10:34:09 | 000,000,264 | ---- | M] () -- C:\Windows\System32\PSUNCpl.dat
    [2011/05/01 19:34:35 | 000,043,520 | ---- | M] () -- C:\Users\Ole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/01 15:12:43 | 000,433,297 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110510-184838.backup
    [2011/04/27 15:37:12 | 000,149,456 | ---- | M] (PC Tools) -- C:\Windows\SGDetectionTool.dll
    [2011/04/27 15:37:06 | 002,074,576 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
    [2011/04/27 15:37:06 | 001,533,904 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
    [2011/04/27 15:36:58 | 000,767,952 | ---- | M] () -- C:\Windows\BDTSupport.dll
    [2011/04/25 07:47:05 | 000,000,680 | ---- | M] () -- C:\Users\Ole\AppData\Local\d3d9caps.dat
    [2011/04/22 19:28:57 | 000,002,590 | ---- | M] () -- C:\Users\Ole\Documents\cc_20110422_192853.reg
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/05/21 17:44:10 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/05/21 17:44:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/05/21 17:44:10 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/05/21 17:44:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/05/21 17:44:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/05/21 17:37:10 | 004,352,567 | R--- | C] () -- C:\Users\Ole\Desktop\ComboFix.exe
    [2011/05/21 07:56:27 | 000,000,512 | ---- | C] () -- C:\Users\Ole\Desktop\MBR.dat
    [2011/05/21 07:53:58 | 000,000,133 | ---- | C] () -- C:\Users\Ole\Desktop\regfix.reg
    [2011/05/19 19:30:30 | 000,000,915 | ---- | C] () -- C:\Users\Ole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/05/19 19:30:14 | 000,000,735 | ---- | C] () -- C:\Users\Ole\Desktop\NTREGOPT.lnk
    [2011/05/19 19:30:14 | 000,000,716 | ---- | C] () -- C:\Users\Ole\Desktop\ERUNT.lnk
    [2011/05/12 08:59:20 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/05/12 07:50:43 | 369,589,978 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/05/10 08:52:35 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
    [2011/05/10 08:52:34 | 000,002,125 | ---- | C] () -- C:\Windows\UDB.zip
    [2011/05/10 08:52:34 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
    [2011/05/10 08:52:34 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
    [2011/05/10 08:52:34 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
    [2011/05/10 08:50:22 | 002,172,450 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
    [2011/05/10 08:50:03 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools AntiVirus Free.lnk
    [2011/05/10 08:47:57 | 000,513,008 | ---- | C] () -- C:\Users\Ole\Desktop\avinstall.exe
    [2011/05/06 09:10:19 | 000,012,939 | ---- | C] () -- C:\Users\Ole\AppData\Roaming\Comma Separated Values (Windows).CAL
    [2011/05/06 09:05:44 | 008,326,420 | ---- | C] () -- C:\Users\Ole\Documents\GUG_Packard Bell_1.0_NL_DT.pdf
    [2011/05/02 16:41:21 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
    [2011/05/02 16:40:59 | 000,000,904 | ---- | C] () -- C:\Users\Ole\Desktop\ParetoLogic PC Health Advisor.lnk
    [2011/05/02 16:40:59 | 000,000,414 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
    [2011/05/02 16:40:59 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
    [2011/05/02 16:40:58 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor.job
    [2011/05/02 15:33:47 | 000,000,769 | ---- | C] () -- C:\Users\Ole\Application Data\Microsoft\Internet Explorer\Quick Launch\ThreatFire.lnk
    [2011/05/02 15:33:46 | 000,000,745 | ---- | C] () -- C:\Users\Public\Desktop\ThreatFire.lnk
    [2011/05/02 10:34:09 | 000,000,264 | ---- | C] () -- C:\Windows\System32\PSUNCpl.dat
    [2011/04/22 19:28:55 | 000,002,590 | ---- | C] () -- C:\Users\Ole\Documents\cc_20110422_192853.reg
    [2011/04/10 15:43:27 | 000,000,032 | ---- | C] () -- C:\Windows\System32\EUOD.DAT
    [2011/03/12 17:31:57 | 000,017,408 | ---- | C] () -- C:\Windows\START32.EXE
    [2011/03/12 17:31:56 | 000,000,335 | ---- | C] () -- C:\Windows\mozregistry.dat
    [2011/03/12 15:29:05 | 000,028,259 | ---- | C] () -- C:\Users\Ole\AppData\Roaming\Comma Separated Values (Windows).ADR
    [2011/01/04 12:14:37 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
    [2011/01/04 12:14:37 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
    [2011/01/03 18:38:15 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
    [2010/12/25 12:02:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2010/12/25 11:21:47 | 000,887,296 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2010/12/25 11:21:47 | 000,198,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2010/11/10 19:28:18 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
    [2010/11/10 19:25:29 | 000,291,328 | ---- | C] () -- C:\Windows\System32\binkw32.dll
    [2010/05/30 16:50:51 | 000,000,195 | ---- | C] () -- C:\Users\Ole\AppData\Roaming\default.rss
    [2009/12/10 18:38:40 | 000,000,680 | ---- | C] () -- C:\Users\Ole\AppData\Local\d3d9caps.dat
    [2009/12/03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2009/11/08 00:51:58 | 000,057,344 | ---- | C] () -- C:\Windows\rzrunins.exe
    [2009/10/31 23:35:48 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
    [2009/10/19 22:28:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/10/19 22:28:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/07/26 20:29:29 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
    [2009/07/26 20:23:42 | 000,000,032 | ---- | C] () -- C:\Windows\start.INI
    [2009/05/21 20:22:50 | 000,001,821 | ---- | C] () -- C:\Windows\CDPlayer.ini
    [2009/05/21 15:24:28 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2009/05/21 15:24:27 | 000,043,520 | ---- | C] () -- C:\Users\Ole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/05/21 08:45:43 | 000,000,000 | ---- | C] () -- C:\Users\Ole\AppData\Roaming\wklnhst.dat
    [2009/05/20 22:45:55 | 000,079,360 | ---- | C] () -- C:\Windows\System32\acdbres.dll
    [2009/05/20 17:26:37 | 000,000,608 | ---- | C] () -- C:\Windows\nsreg.dat
    [2009/05/20 11:36:09 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
    [2009/05/20 11:36:02 | 000,008,164 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
    [2008/09/28 06:46:56 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2008/09/28 06:19:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/01/21 07:45:56 | 000,689,956 | ---- | C] () -- C:\Windows\System32\perfh013.dat
    [2008/01/21 07:45:56 | 000,336,440 | ---- | C] () -- C:\Windows\System32\perfi013.dat
    [2008/01/21 07:45:56 | 000,135,744 | ---- | C] () -- C:\Windows\System32\perfc013.dat
    [2008/01/21 07:45:56 | 000,041,976 | ---- | C] () -- C:\Windows\System32\perfd013.dat
    [2006/11/02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 14:44:53 | 000,480,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 12:33:01 | 000,607,470 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 12:33:01 | 000,108,742 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 12:25:25 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscld.dll
    [2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2002/03/13 16:46:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\ZLib.dll
    [2001/04/23 01:07:28 | 000,045,056 | ---- | C] () -- C:\Windows\System32\mtstack.exe

    ========== LOP Check ==========

    [2010/12/25 01:04:57 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Azureus
    [2011/03/14 12:27:46 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Aid4Mail2
    [2010/12/29 11:57:23 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Autodesk
    [2011/05/21 19:47:14 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Azureus
    [2010/11/11 20:57:29 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Chessmaster Challenge
    [2010/11/10 19:32:55 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\DriverCure
    [2009/08/02 20:17:13 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\GARMIN
    [2010/05/31 13:05:05 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\GlarySoft
    [2009/11/10 12:25:18 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\IObit
    [2010/05/27 18:56:07 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\iWin
    [2011/02/02 12:24:20 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\LG Electronics
    [2010/11/11 20:57:30 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\LimeWire
    [2010/11/11 20:51:29 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\My Games
    [2009/05/24 06:42:10 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\OpenOffice.org
    [2009/05/20 22:30:45 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Packard Bell
    [2011/05/02 10:51:06 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Panda Security
    [2009/12/12 18:48:43 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\PandoraRecovery
    [2010/11/10 19:32:54 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\ParetoLogic
    [2010/05/31 16:43:50 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\RegistryTool
    [2009/06/16 11:20:39 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Songbird2
    [2011/01/25 17:57:25 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\SpeedSim
    [2010/05/27 18:54:50 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\SpinTop
    [2011/05/02 10:35:09 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\SurfSecret Privacy Suite
    [2011/01/20 14:50:20 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Template
    [2009/12/12 11:38:56 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Thunderbird
    [2010/11/27 21:08:27 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Tibia
    [2011/01/20 16:51:22 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\TuneUpMedia
    [2011/04/27 19:58:21 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Unity
    [2010/11/11 20:57:29 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\uTorrent
    [2011/01/06 15:19:58 | 000,000,000 | -H-D | M] -- C:\Users\Ole\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
    [2011/05/22 12:05:17 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
    [2011/05/21 18:00:01 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
    [2011/05/02 16:58:01 | 000,000,414 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
    [2011/05/02 16:58:01 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
    [2011/05/02 16:58:01 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor.job
    [2011/05/22 05:43:41 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:C947F6D9
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D158BAF9
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:93E9C78D

    < End of report >

  6. #16
    Junior Member
    Join Date
    May 2011
    Posts
    19

    Default

    and extras

    OTL Extras logfile created on: 22/05/2011 13:17:07 - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Ole\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8080.16413)
    Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 48,00% Memory free
    7,00 Gb Paging File | 5,00 Gb Available in Paging File | 72,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 285,09 Gb Total Space | 124,48 Gb Free Space | 43,66% Space Free | Partition Type: NTFS
    Drive J: | 931,28 Gb Total Space | 657,12 Gb Free Space | 70,56% Space Free | Partition Type: FAT32

    Computer Name: PC_OLE | User Name: Ole | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1100745386-3923300980-3176444086-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0C246BF7-95DB-44CB-873C-4EF1DBA5FF47}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{1394F062-D7B5-4796-AE6A-C88E0A6C7CBC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{15D263D1-1132-4AF0-8F93-D3E9A760AEFB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{286BE7BF-05F8-4136-B831-D86CEBFF46CA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{3AE671F9-943D-4C2F-99D6-E31A663BF20C}" = lport=139 | protocol=6 | dir=in | app=system |
    "{43BE1A85-04D6-4F1B-81D3-CCD68DCBF3DF}" = lport=445 | protocol=6 | dir=in | app=system |
    "{5283A80B-F3A4-4DC2-B718-B7F8F014CBD5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5B02420C-5DCF-4F46-9F02-CBFD2ED122A8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6373A076-D19F-417B-85FC-656B753B239E}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{72CEF336-32FD-4E4C-8835-57E2E8606BE4}" = rport=139 | protocol=6 | dir=out | app=system |
    "{73D87C1E-13E3-405E-8D6B-94AE161D7849}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{99F89AED-8DB9-4048-8C21-52A5619F18D4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{A0006EF2-F265-49D8-A68F-3266B67B3808}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A25D6F7B-4206-4A29-AE6B-CBC8D1367CC8}" = rport=137 | protocol=17 | dir=out | app=system |
    "{A60C724E-8BCF-428E-99E7-E041BFF20158}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{B9DAFC81-9DAB-4711-96C7-363E94F7E10A}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C1811E21-959A-4547-AE11-3D18D5309279}" = lport=138 | protocol=17 | dir=in | app=system |
    "{C280417A-D31B-456F-880A-631CF5111814}" = rport=138 | protocol=17 | dir=out | app=system |
    "{D07C1AC9-68B8-4EFE-B756-052DC3AE893A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D2D266C3-8A51-4671-A9F6-9B6093AF24F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{DB383A13-40DC-47DA-8C1E-D3AD63E616F8}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{E1734D65-B610-49C9-973A-3F6F82690491}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{F610A382-3928-4433-A9C1-C1F31B4032A1}" = rport=445 | protocol=6 | dir=out | app=system |
    "{FDE77E36-B8B4-4169-B588-EF7257386D56}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02C868E8-C7AF-40D3-8266-7535FE591AED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{0D00F60F-D05A-4411-B036-A14EEF9518E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{0F131D0C-0E70-4741-8BA8-5B9CCFFA4D3B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{0FB102A3-AA83-472B-80FE-241AEE9A1018}" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
    "{10AE7E74-8921-4286-B54B-7F074B4D396A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{1864CB26-77D4-4F9D-8B11-E270D5054D45}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dms\clmsservice.exe |
    "{23790076-AC7F-49BD-9EE5-76C7F50E680F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{2EAC0C32-2631-4824-8A68-012B737DFB1F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{390943A3-4B9A-4713-9E47-0D6FA71BEA2F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{3A72AC33-1011-4499-B7AD-EA78B648A5BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{3C1A14E4-7A98-4F02-8CD3-197D3CF369AC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{44FCA262-8837-4369-9FB5-1F47F505C142}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{4854CAAC-FFB4-4512-BFD2-FC5F36751C55}" = protocol=6 | dir=in | app=c:\program files\alwil software\avast5\avastui.exe |
    "{501944CA-1947-4DC8-ABA5-9B19F621FCB4}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{62BE9993-A38B-4432-B27B-F488F84BF2E7}" = protocol=17 | dir=in | app=c:\program files\alwil software\avast5\avastui.exe |
    "{640240E2-84E5-48D7-95B3-B825C481664F}" = dir=in | app=c:\program files\cyberlink\powercinema\powercinema.exe |
    "{64874A23-1484-4058-86F9-2C4824DCD1CB}" = protocol=6 | dir=out | app=system |
    "{6861D8F6-0699-4EEC-BAE5-3F8406E05FD0}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dmp\clbrowserengine.exe |
    "{6A126AEB-529B-4452-B7A5-3998DBE0C1A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{75BCD450-228C-4B1A-861D-4A50EA9DD4C4}" = dir=in | app=c:\program files\cyberlink\powercinema\pcmservice.exe |
    "{7629F64C-AF19-4288-B6A9-584CA4C195ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{76CE1AE0-C48E-4BFE-AD0F-8662F0B98574}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{88BDCB52-ECEC-443B-8A8B-D6E94334B6A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8FCA368C-3279-4927-B5D3-61ECDD209554}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{95F3D5BA-B72F-4C48-92E2-088493A3A756}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{99F31ADC-20FC-42E2-BF51-F8687AA5FBF5}" = dir=in | app=c:\program files\cyberlink\playmovie\pmvservice.exe |
    "{AD52A467-428A-4848-A098-33498A71878B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{AF25F85E-CAAA-498B-80A1-87F31EAC0F95}" = dir=in | app=c:\program files\cyberlink\playmovie\playmovie.exe |
    "{B7E25367-8E41-4B6C-B6D6-1DD6676117FF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{BC9C8E79-3519-4414-8449-036EB7B8A01C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{BF88595E-40A0-4F76-87B2-93308E761697}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{C2E08CAC-1AAF-4C79-B381-F87D90F15351}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C6D5E019-C928-4775-B9B1-FAD3ED6BBF26}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{CB07866D-0349-47F9-9797-DF4EC69A74F3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{CE4B8425-67B3-48DF-A6D2-62D451C8089C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{D635691F-7A2E-4F37-A1AF-653032060FB6}" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
    "{DE1F91FB-BD99-4019-944F-06F03B4AD84F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{EDBBDED4-FE20-42F9-8FEF-A191EF16DF14}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{F126673C-AB8A-472A-A590-106B9F0F018C}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{F21A0B4D-8BE7-4BD2-B111-76722130EAA9}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{F5E6DC3B-1B76-4E24-9A0C-5651A13AC447}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{FCEA7489-9F2F-4D14-8AD0-2EEA4E9D53B9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{FF3C0E11-3AC1-4F3C-B493-32B33488F2E1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "TCP Query User{765066B5-0486-47C1-84AF-66D00F4647A7}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "TCP Query User{9CE9C2A5-7B82-4FC6-ABA6-636FF7474F77}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "UDP Query User{88DDFA7D-099B-4B6E-9E19-2CBDC94EE609}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "UDP Query User{A99D952A-F2CA-4249-8332-A08CB318BFC4}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
    "{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
    "{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
    "{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
    "{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
    "{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
    "{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
    "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
    "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
    "{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
    "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
    "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
    "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
    "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
    "{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{3559CDE0-11FC-4D7B-A65C-D646035B1043}" = Nero 8 Essentials
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
    "{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
    "{461B11E8-BF34-4ACB-962A-1CBE905BD9EB}" = LG United Mobile Drivers
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C2BF3B9-7E8A-49DE-B662-3656FE60BB01}" = Civ3 Conquests v1.22 Full
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
    "{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
    "{5158F1F5-FA1B-4D49-B546-55A5004B89BD}" = Microsoft Works
    "{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
    "{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5783F2D7-0101-0409-0000-0060B0CE6BBA}" = AutoCAD 2002
    "{5783F2D7-8001-0409-0002-0060B0CE6BBA}" = AutoCAD 2010 - English
    "{5783F2D7-8001-0409-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
    "{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
    "{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
    "{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
    "{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
    "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
    "{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
    "{90120000-0016-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
    "{90120000-0018-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
    "{90120000-001B-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
    "{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0413-0000-0000000FF1CE}" = Compatibiliteitspakket voor het 2007 Microsoft Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
    "{90120000-006E-0413-0000-0000000FF1CE}_HOMESTUDENTR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
    "{90120000-00A1-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91EBCCB9-A539-4306-AC5A-F372E0D6092B}" = OpenOffice.org 3.3
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
    "{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
    "{95120000-00AF-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Dutch)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
    "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
    "{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
    "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
    "{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
    "{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver
    "{AC76BA86-7AD7-1043-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Nederlands
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
    "{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
    "{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
    "{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
    "{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
    "{CD19EDD9-1632-4002-9212-7478E4BA0423}" = Windows Live Sync
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{d50f1a09-5349-4f96-a93e-d7524549896c}" = Nero 9
    "{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
    "{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = Installatie van LG PC Suite III ongedaan maken
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
    "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
    "{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
    "{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter
    "{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
    "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
    "{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC}" = Panda Cloud Antivirus
    "3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
    "8461-7759-5462-8226" = Vuze
    "Activision_CivCTPUninstallKey" = Civilization: Call To Power
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
    "AnswerWorks" = AnswerWorks Runtime
    "AutoCAD 2010 - English" = AutoCAD 2010 - English
    "avast" = avast! Free Antivirus
    "Browser Defender_is1" = Browser Defender 3.0
    "CCleaner" = CCleaner
    "Codec_is1" = Codec 8.3p
    "EASEUS Todo Backup Home 2.0_is1" = EASEUS Todo Backup Home 2.0
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ERUNT_is1" = ERUNT 1.1j
    "Glary Utilities_is1" = Glary Utilities 2.33.0.1158
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
    "Mozilla Firefox 4.0.1 (x86 nl)" = Mozilla Firefox 4.0.1 (x86 nl)
    "Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
    "NVIDIA Drivers" = NVIDIA Drivers
    "Office2007" = Microsoft Office Home and Student
    "Panda Cloud Antivirus" = Panda Cloud Antivirus
    "Panda Security URL Filtering" = Panda Security URL Filtering
    "pandasecuritytb" = Panda Security Toolbar
    "PandoraRecovery" = PandoraRecovery (Remove Only)
    "Pixie_is1" = Pixie 1.7.6
    "Smart Defrag_is1" = Smart Defrag
    "SpeedSim" = SpeedSim
    "Spyware Doctor" = PC Tools AntiVirus Free 8.0
    "Starcraft Brood War (RAZOR 1911)" = Starcraft Brood War (RAZOR 1911)
    "Tibia_is1" = Tibia
    "TuneUpMedia" = TuneUp Companion 1.9.0
    "VLC media player" = VLC media player 1.0.1
    "Volo View Express" = Volo View Express
    "Vuze_Remote Toolbar" = Vuze_Remote Toolbar
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "Works9" = Microsoft Works 9.0
    "Xvid_is1" = Xvid 1.2.1 final uninstall

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1100745386-3923300980-3176444086-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "UnityWebPlayer" = Unity Web Player

    ========== Last 10 Event Log Errors ==========

    [ Antivirus Events ]
    Error - 3/06/2009 7:02:31 | Computer Name = PC_Ole | Source = avast! | ID = 33554522
    Description =

    Error - 23/07/2009 9:19:09 | Computer Name = PC_Ole | Source = avast! | ID = 33554522
    Description =

    Error - 9/08/2009 16:14:42 | Computer Name = PC_Ole | Source = avast! | ID = 33554522
    Description =

    Error - 9/08/2009 16:14:42 | Computer Name = PC_Ole | Source = avast! | ID = 33554522
    Description =

    Error - 1/11/2009 5:13:28 | Computer Name = PC_Ole | Source = avast! | ID = 33554522
    Description =

    Error - 12/01/2010 21:04:40 | Computer Name = PC_Ole | Source = avast! | ID = 33554522
    Description =

    Error - 4/02/2010 3:16:04 | Computer Name = PC_Ole | Source = avast! | ID = 33554522
    Description =

    Error - 16/02/2010 3:07:02 | Computer Name = PC_Ole | Source = avast! | ID = 33554522
    Description =

    Error - 16/02/2010 3:20:55 | Computer Name = PC_Ole | Source = avast! | ID = 33554522
    Description =

    Error - 27/04/2010 7:30:48 | Computer Name = PC_Ole | Source = avast! | ID = 33554522
    Description =

    [ Application Events ]
    Error - 24/11/2010 15:42:56 | Computer Name = PC_Ole | Source = WinMgmt | ID = 10
    Description =

    Error - 25/11/2010 11:19:58 | Computer Name = PC_Ole | Source = WinMgmt | ID = 10
    Description =

    Error - 26/11/2010 2:43:33 | Computer Name = PC_Ole | Source = WinMgmt | ID = 10
    Description =

    Error - 26/11/2010 15:02:51 | Computer Name = PC_Ole | Source = WinMgmt | ID = 10
    Description =

    Error - 27/11/2010 2:17:27 | Computer Name = PC_Ole | Source = WinMgmt | ID = 10
    Description =

    Error - 27/11/2010 7:58:49 | Computer Name = PC_Ole | Source = WinMgmt | ID = 10
    Description =

    Error - 27/11/2010 8:00:39 | Computer Name = PC_Ole | Source = WinMgmt | ID = 10
    Description =

    Error - 27/11/2010 10:22:26 | Computer Name = PC_Ole | Source = Application Hang | ID = 1002
    Description = Programma ShowTime.exe, versie 5.0.13.100 reageert niet meer op Windows
    en is afgesloten. Als u wilt zien of meer informatie over het probleem beschikbaar
    is, kunt u de probleemgeschiedenis in onderdeel Probleemrapporten en -oplossingen
    in het Configuratiescherm controleren. Proces-id: 117c Starttijd: 01cb8e3e69c8a326
    Eindtijd:
    73

    Error - 27/11/2010 10:23:12 | Computer Name = PC_Ole | Source = Application Error | ID = 1000
    Description = Toepassing met fout Civilization3.exe, versie 0.0.0.0, tijdstempel
    0x504d6947, module met fout unknown, versie 0.0.0.0, tijdstempel 0x00000000, uitzonderingscode
    0xc0000005, foutmarge 0x00000384, proces-id 0x131c, starttijd van toepassing 0x01cb8e3e9eeee646.

    Error - 27/11/2010 10:23:33 | Computer Name = PC_Ole | Source = Application Error | ID = 1000
    Description = Toepassing met fout Civilization3.exe, versie 0.0.0.0, tijdstempel
    0x504d6947, module met fout unknown, versie 0.0.0.0, tijdstempel 0x00000000, uitzonderingscode
    0xc0000005, foutmarge 0x00000384, proces-id 0x1490, starttijd van toepassing 0x01cb8e3eab9e1f56.

    [ OSession Events ]
    Error - 6/11/2010 9:40:58 | Computer Name = PC_Ole | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 21/04/2011 1:20:33 | Computer Name = PC_Ole | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 63
    seconds with 60 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 21/05/2011 23:40:27 | Computer Name = PC_Ole | Source = Service Control Manager | ID = 7000
    Description =

    Error - 21/05/2011 23:40:53 | Computer Name = PC_Ole | Source = Service Control Manager | ID = 7009
    Description =

    Error - 21/05/2011 23:40:53 | Computer Name = PC_Ole | Source = Service Control Manager | ID = 7000
    Description =

    Error - 21/05/2011 23:41:22 | Computer Name = PC_Ole | Source = DCOM | ID = 10010
    Description =

    Error - 22/05/2011 6:05:38 | Computer Name = PC_Ole | Source = Service Control Manager | ID = 7023
    Description =

    Error - 22/05/2011 6:05:58 | Computer Name = PC_Ole | Source = Service Control Manager | ID = 7026
    Description =

    Error - 22/05/2011 6:15:53 | Computer Name = PC_Ole | Source = Service Control Manager | ID = 7034
    Description =

    Error - 22/05/2011 6:24:26 | Computer Name = PC_Ole | Source = Service Control Manager | ID = 7030
    Description =

    Error - 22/05/2011 6:35:43 | Computer Name = PC_Ole | Source = Service Control Manager | ID = 7030
    Description =

    Error - 22/05/2011 6:46:52 | Computer Name = PC_Ole | Source = Service Control Manager | ID = 7030
    Description =


    < End of report >

  7. #17
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Just a few things need to be removed, one of them is Ask Toolbar, but this is your call, read this and let me know

    * It promotes its toolbars on sites targeted at kids.
    * It promotes its toolbars through ads that appear to be part of other companies' sites.
    * It promotes its toolbars through other companies' spyware.
    * It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
    * It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
    * It makes confusing changes to user's browsers - increasing Ask's revenues while taking users to pages they didn't intend to visit.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #18
    Junior Member
    Join Date
    May 2011
    Posts
    19

    Default

    I removed Panda and Threatfire, but I can't find how to remove 'ask jeeves'.

    And I still got some strange things here: In the program removal menu of windows I only get shown blank fields, no txt inside, and I can't seem to remove any programs there. I 'm using Glary Utilities for that now.

    Next to that, whenever I close my Firefox it gives me a malfunction notice and it want's to search for an sollution for the problem. This could well be a glitch in Firefox, since it 's the brand new 4.0.1 version. I tried a quick reinstall, but it didn't help.

    Next to that, I believe I'm in the clear, right? I'm really grateful and you 'll notice soon. http://forums.spybot.info/images/smilies/MrGreen.gif

  9. #19
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Looks like your Hostsfile is infected, this will fix it, make sure if your hooked up to a router that its all enabled. After the fix let me know if your still having issues with Firefox


    Backup Your Registry with ERUNT:
    • Download erunt.zip to your Desktop from here:
      http://aumha.org/downloads/erunt.zip
    • Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
    • Inside the new folder, double-click ERUNT.exe to start the program
    • OK all the prompts to back up your registry to the default location.
    Note: to restore your registry, go to the backup folder and start ERDNT.exe







    Open OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :processes
      killallprocesses
      
      :OTL
      SRV - (srv4B8) -- File not found
      FF - prefs.js..browser.search.defaultengine: "Ask.com"
      FF - prefs.js..browser.search.defaultenginename: "Ask.com"
      FF - prefs.js..browser.search.order.1: "Ask.com"
      FF - prefs.js..browser.search.selectedEngine: "Ask.com"
      [2011/03/14 17:17:43 | 000,002,397 | ---- | M] () -- C:\Users\Ole\AppData\Roaming\Mozilla\Firefox\Profiles\0rgkufor.default\searchplugins\askcom.xml
      [2011/05/10 18:48:38 | 000,433,997 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110512-123349.backup
      
      
      :Services
      
      :Reg
      
      :Files
      ipconfig /release /c
      ipconfig /renew /c
      ipconfig /flushdns /c
      
      
      
      
      
      :Commands
      [purity]
      [resethosts]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Then click the Run Fix button at the top. <--Not run Scan
    • Let the program run unhindered, reboot when it is done
    • Then post the results of the log it produces.
    • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #20
    Junior Member
    Join Date
    May 2011
    Posts
    19

    Default

    ask bar is gone, Firefox closes normally.

    In my remove programs list, i still see a empty drop down and side menu.

    Here is the report after the fix, scanning after this post.

    All processes killed
    ========== PROCESSES ==========
    ========== OTL ==========
    Error: No service named srv4B8 was found to stop!
    Service\Driver key srv4B8 not found.
    File File not found not found.
    Prefs.js: "Ask.com" removed from browser.search.defaultengine
    Prefs.js: "Ask.com" removed from browser.search.defaultenginename
    Prefs.js: "Ask.com" removed from browser.search.order.1
    Prefs.js: "Ask.com" removed from browser.search.selectedEngine
    C:\Users\Ole\AppData\Roaming\Mozilla\Firefox\Profiles\0rgkufor.default\searchplugins\askcom.xml moved successfully.
    C:\Windows\System32\drivers\etc\hosts.20110512-123349.backup moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    < ipconfig /release /c >
    Windows IP-configuratie
    Ethernet-adapter LAN-verbinding:
    Verbindingsspec. DNS-achtervoegsel:
    Link-local IPv6-adres . . . . . . : fe80::2101:9a6e:7e99:764b%10
    Standaardgateway. . . . . . . . . :
    Tunnel-adapter LAN-verbinding*:
    Mediumstatus. . . . . . . . . . . : medium ontkoppeld
    Verbindingsspec. DNS-achtervoegsel:
    Tunnel-adapter LAN-verbinding* 2:
    Mediumstatus. . . . . . . . . . . : medium ontkoppeld
    Verbindingsspec. DNS-achtervoegsel:
    Tunnel-adapter LAN-verbinding* 6:
    Verbindingsspec. DNS-achtervoegsel:
    IPv6-adres. . . . . . . . . . . . : 2001:0:5ef5:79fd:2c46:3dfe:4d8a:3526
    Link-local IPv6-adres . . . . . . : fe80::2c46:3dfe:4d8a:3526%11
    Standaardgateway. . . . . . . . . :
    Tunnel-adapter LAN-verbinding* 11:
    Mediumstatus. . . . . . . . . . . : medium ontkoppeld
    Verbindingsspec. DNS-achtervoegsel:
    Tunnel-adapter LAN-verbinding* 12:
    Mediumstatus. . . . . . . . . . . : medium ontkoppeld
    Verbindingsspec. DNS-achtervoegsel:
    Tunnel-adapter LAN-verbinding* 13:
    Mediumstatus. . . . . . . . . . . : medium ontkoppeld
    Verbindingsspec. DNS-achtervoegsel:
    Tunnel-adapter LAN-verbinding* 15:
    Mediumstatus. . . . . . . . . . . : medium ontkoppeld
    Verbindingsspec. DNS-achtervoegsel:
    Tunnel-adapter LAN-verbinding* 16:
    Mediumstatus. . . . . . . . . . . : medium ontkoppeld
    Verbindingsspec. DNS-achtervoegsel:
    C:\Users\Ole\Desktop\cmd.bat deleted successfully.
    C:\Users\Ole\Desktop\cmd.txt deleted successfully.
    < ipconfig /renew /c >
    Windows IP-configuratie
    Ethernet-adapter LAN-verbinding:
    Verbindingsspec. DNS-achtervoegsel: telenet.be
    Link-local IPv6-adres . . . . . . : fe80::2101:9a6e:7e99:764b%10
    IPv4-adres. . . . . . . . . . . . : 178.117.202.217
    Subnetmasker. . . . . . . . . . . : 255.255.240.0
    Standaardgateway. . . . . . . . . : 178.117.192.1
    Tunnel-adapter LAN-verbinding*:
    Mediumstatus. . . . . . . . . . . : medium ontkoppeld
    Verbindingsspec. DNS-achtervoegsel: telenet.be
    Tunnel-adapter LAN-verbinding* 2:
    Verbindingsspec. DNS-achtervoegsel: telenet.be
    IPv6-adres. . . . . . . . . . . . : 2002:b275:cad9::b275:cad9
    Standaardgateway. . . . . . . . . : 2002:c058:6301::c058:6301
    Tunnel-adapter LAN-verbinding* 6:
    Verbindingsspec. DNS-achtervoegsel:
    IPv6-adres. . . . . . . . . . . . : 2001:0:5ef5:79fd:2c46:3dfe:4d8a:3526
    Link-local IPv6-adres . . . . . . : fe80::2c46:3dfe:4d8a:3526%11
    Standaardgateway. . . . . . . . . :
    Tunnel-adapter LAN-verbinding* 11:
    Mediumstatus. . . . . . . . . . . : medium ontkoppeld
    Verbindingsspec. DNS-achtervoegsel:
    Tunnel-adapter LAN-verbinding* 12:
    Mediumstatus. . . . . . . . . . . : medium ontkoppeld
    Verbindingsspec. DNS-achtervoegsel:
    Tunnel-adapter LAN-verbinding* 13:
    Mediumstatus. . . . . . . . . . . : medium ontkoppeld
    Verbindingsspec. DNS-achtervoegsel:
    Tunnel-adapter LAN-verbinding* 15:
    Mediumstatus. . . . . . . . . . . : medium ontkoppeld
    Verbindingsspec. DNS-achtervoegsel:
    Tunnel-adapter LAN-verbinding* 16:
    Mediumstatus. . . . . . . . . . . : medium ontkoppeld
    Verbindingsspec. DNS-achtervoegsel:
    C:\Users\Ole\Desktop\cmd.bat deleted successfully.
    C:\Users\Ole\Desktop\cmd.txt deleted successfully.
    < ipconfig /flushdns /c >
    Windows IP-configuratie
    De DNS-omzettingscache is leeggemaakt.
    C:\Users\Ole\Desktop\cmd.bat deleted successfully.
    C:\Users\Ole\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Gast
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 373470 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 85199598 bytes
    ->Flash cache emptied: 562 bytes

    User: Ole
    ->Temp folder emptied: 6682235 bytes
    ->Temporary Internet Files folder emptied: 2191053 bytes
    ->Java cache emptied: 65937201 bytes
    ->FireFox cache emptied: 50763247 bytes
    ->Flash cache emptied: 9592 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 201,00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 05222011_202237

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •