View Full Version : click.giftload infection
Quindorian
2011-05-19, 19:55
Hello,
I suppose I have a click.giftload rootkit infection. I tried to remove, but it makes my pc restarting once or twice the first time after I restart. I have not found a way to remove it myself.
click.giftload is found by spybot, and it removes it, but comes back after restarting with some trouble.
I did found some other infections and removed them with the following programs: Malwarebytes, Avast, Panda Cloud, Spybot (of course) Threatfire, pctools antivirus, Glary utilities and Ccleaner.
Now running next to each other are avast, panda, threatfire and spybot -teatimer is off-
My pc is hindered but not impossible to use. Avast regularly stops svchost.exe from linking to bad hosts. Every now and then, Threatfire finds something he calls medium dangerous (other things that are, not svchost)
I couldn't find winzip, so I had to attach "attach.txt" normally.
Here's my DDS
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Ole at 19:33:42,90 on do 19/05/2011
Internet Explorer: 9.0.8080.16413 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.32.1043.18.3326.1255 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: PC Tools AntiVirus Free *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools AntiVirus Free *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe
C:\Windows\RtHDVCpl.exe
C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\AOSD.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ole\Downloads\dds.com
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.telenet.be
uDefault_Page_URL = hxxp://www.telenet.be
uWindow Title = Telenet Internet
mStart Page = hxxp://www.telenet.be
mDefault_Page_URL = hxxp://www.telenet.be
mWindow Title = Telenet Internet
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [FujiKeyboard] c:\acer\preload\autorun\drv\fuji keyboard\ABoard.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [EaseUs Watch] "c:\program files\easeus\todo backup 2.0\bin\EuWatch.exe"
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [Panda Security URL Filtering] "c:\programdata\panda security url filtering\Panda_URL_Filtering.exe"
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
StartupFolder: c:\users\ole\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\ole\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - c:\windows\system32\EZUPBH~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ole\appdata\roaming\mozilla\firefox\profiles\0rgkufor.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&PC=VIATDF&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.standaard.be/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1143&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\users\ole\appdata\roaming\mozilla\firefox\profiles\0rgkufor.default\extensions\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}\components\dtTransparency.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\ole\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-4-10 31112]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2011-4-10 21896]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-5-10 263888]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-5-10 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-5-10 656320]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-5-2 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-5-2 69392]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-15 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-5-20 307928]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-4-10 15240]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-5-10 233976]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-12-16 126536]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\cyberlink\playmovie\000.fcl [2009-5-20 41456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-20 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-5-20 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-13 42184]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-5-10 337872]
R2 EASEUS Agent;EASEUS Agent;c:\program files\easeus\todo backup 2.0\bin\Agent.exe [2011-4-10 55688]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-12-16 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-12-16 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-12-16 99400]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-12-16 111176]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-12-16 113736]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-5-20 1153368]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2011-4-10 188296]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-5-2 33552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 srv4B8;srv4B8;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
S3 lgmdbus;LG Mobile driver (WDM);c:\windows\system32\drivers\lgmdbus.sys [2011-1-6 89600]
S3 lgmdmdfl;LG Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmdmdfl.sys [2011-1-6 14976]
S3 lgmdmdm;LG Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmdmdm.sys [2011-1-6 121344]
S3 lgmdmgmt;LG Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmdmgmt.sys [2011-1-6 114944]
S3 lgmdobex;LG Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmdobex.sys [2011-1-6 111232]
S3 Partner Service;Partner Service;c:\programdata\partner\partner.exe [2009-5-20 110576]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-5-10 371472]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-5-10 1117144]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-05-12 06:59:17 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-10 06:52:35 767952 ----a-w- c:\windows\BDTSupport.dll
2011-05-10 06:52:34 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-05-10 06:52:33 2074576 ----a-w- c:\windows\PCTBDCore.dll
2011-05-10 06:52:33 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-05-10 06:50:17 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-05-10 06:50:17 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-05-10 06:50:15 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-05-10 06:50:15 105280 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-05-10 06:50:07 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-05-10 06:50:07 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-05-10 06:50:02 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-05-10 06:49:57 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-05-10 06:49:45 -------- d-----w- c:\program files\PC Tools Security
2011-05-10 06:49:45 -------- d-----w- c:\program files\common files\PC Tools
2011-05-06 22:16:05 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-06 22:16:04 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-06 22:16:04 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-06 22:16:04 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-06 22:16:04 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-06 22:16:03 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-06 22:16:02 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-02 14:40:57 -------- d-----w- c:\program files\ParetoLogic
2011-05-02 14:40:57 -------- d-----w- c:\program files\common files\ParetoLogic
2011-05-02 13:33:45 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2011-05-02 13:33:45 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2011-05-02 13:33:45 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2011-05-02 13:33:43 -------- d-----w- c:\program files\ThreatFire
2011-05-02 13:33:43 -------- d-----w- c:\progra~2\PC Tools
2011-05-02 08:51:06 -------- d-----w- c:\users\ole\appdata\roaming\Panda Security
2011-05-02 08:35:09 -------- d-----w- c:\users\ole\appdata\roaming\SurfSecret Privacy Suite
2011-05-02 08:34:52 -------- d-----w- c:\users\ole\appdata\local\panda2_0dn
2011-05-02 08:34:46 -------- d-----w- c:\progra~2\Panda Security URL Filtering
2011-05-02 08:33:46 -------- d-----w- c:\program files\Panda Security
2011-05-02 08:33:46 -------- d-----w- c:\progra~2\Panda Security
2011-05-02 08:32:48 428352 ----a-w- c:\windows\system32\StubInstaller.exe
2011-04-27 17:58:21 -------- d-----w- c:\users\ole\appdata\roaming\Unity
2011-04-22 17:12:10 -------- d-----w- c:\users\ole\appdata\local\PackageAware
.
==================== Find3M ====================
.
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-03-12 15:31:57 17408 ----a-w- c:\windows\START32.EXE
2011-03-12 15:31:55 9728 ----a-w- c:\windows\system32\rnaph.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD32 rev.01.0 -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll >>UNKNOWN [0x874555D9]<<
c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8745b970]; MOV EAX, [0x8745b9ec]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82493912] -> \Device\Harddisk0\DR0[0x86F81820]
3 CLASSPNP[0x8B5A98B3] -> ntkrnlpa!IofCallDriver[0x82493912] -> [0x86E7E240]
5 PCTCore[0x82A1968B] -> ntkrnlpa!IofCallDriver[0x82493912] -> [0x86349700]
7 acpi[0x806436BC] -> ntkrnlpa!IofCallDriver[0x82493912] -> [0x85F13B20]
\Driver\nvstor32[0x8743FB78] -> IRP_MJ_CREATE -> 0x874555D9
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\00000062 -> \??\SCSI#Disk&Ven_WDC_WD32&Prod_00AAJS-22L7A#4&1e0d9d13&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 19:40:30,27 ===============
I'll sure be gratefully if you could solve this.
Q
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Besides Click. Giftload your infected with a nasty ROOTKIT
REGEDIT4
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION]
"svchost.exe"=-
Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.
If you saved the file correctly it should look like this http://i24.photobucket.com/albums/c30/ken545/reg.jpg
Then run this scan
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
Quindorian
2011-05-21, 08:03
Thx for the help in advance. Here follows the report
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-21 07:55:38
-----------------------------
07:55:38.230 OS Version: Windows 6.0.6002 Service Pack 2
07:55:38.230 Number of processors: 2 586 0x6B02
07:55:38.230 ComputerName: PC_OLE UserName: Ole
07:55:41.667 Initialize success
07:55:57.997 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
07:55:57.999 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
07:55:58.001 Device \Device\00000062 -> \??\SCSI#Disk&Ven_WDC_WD32&Prod_00AAJS-22L7A#4&1e0d9d13&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
07:55:58.003 Disk 0 MBR read error 0
07:55:58.006 Disk 0 MBR scan
07:55:58.009 Disk 0 unknown MBR code
07:55:58.011 MBR BIOS signature not found 0
07:55:58.017 Disk 0 scanning sectors +625139712
07:55:58.020 Disk 0 scanning C:\Windows\system32\drivers
07:56:04.450 Service scanning
07:56:05.743 Disk 0 trace - called modules:
07:56:05.747 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll >>UNKNOWN [0x874105d9]<<
07:56:05.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f3c5d8]
07:56:05.754 3 CLASSPNP.SYS[8b5b18b3] -> nt!IofCallDriver -> [0x86f3ce40]
07:56:06.101 5 PCTCore.sys[82a1f68b] -> nt!IofCallDriver -> [0x85f5ee70]
07:56:06.106 7 acpi.sys[806476bc] -> nt!IofCallDriver -> [0x85f0ec90]
07:56:06.113 \Driver\nvstor32[0x873f9a48] -> IRP_MJ_CREATE -> 0x874105d9
07:56:06.118 Scan finished successfully
07:56:27.963 Disk 0 MBR has been saved successfully to "C:\Users\Ole\Desktop\MBR.dat"
07:56:27.973 The log file has been saved successfully to "C:\Users\Ole\Desktop\aswMBR.txt"
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-21 08:01:23
-----------------------------
08:01:23.736 OS Version: Windows 6.0.6002 Service Pack 2
08:01:23.736 Number of processors: 2 586 0x6B02
08:01:23.737 ComputerName: PC_OLE UserName: Ole
08:01:24.867 Initialize success
08:01:27.076 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
08:01:27.078 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
08:01:27.080 Device \Device\00000062 -> \??\SCSI#Disk&Ven_WDC_WD32&Prod_00AAJS-22L7A#4&1e0d9d13&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
08:01:27.083 Disk 0 MBR read error 0
08:01:27.086 Disk 0 MBR scan
08:01:27.088 Disk 0 unknown MBR code
08:01:27.092 MBR BIOS signature not found 0
08:01:27.098 Disk 0 scanning sectors +625139712
08:01:27.101 Disk 0 scanning C:\Windows\system32\drivers
08:01:32.822 Service scanning
08:01:34.047 Disk 0 trace - called modules:
08:01:34.051 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll >>UNKNOWN [0x874105d9]<<
08:01:34.054 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f3c5d8]
08:01:34.058 3 CLASSPNP.SYS[8b5b18b3] -> nt!IofCallDriver -> [0x86f3ce40]
08:01:34.064 5 PCTCore.sys[82a1f68b] -> nt!IofCallDriver -> [0x85f5ee70]
08:01:34.069 7 acpi.sys[806476bc] -> nt!IofCallDriver -> [0x85f0ec90]
08:01:34.074 \Driver\nvstor32[0x873f9a48] -> IRP_MJ_CREATE -> 0x874105d9
08:01:34.081 Scan finished successfully
08:01:46.434 Disk 0 MBR has been saved successfully to "C:\Users\Ole\Desktop\MBR.dat"
08:01:46.440 The log file has been saved successfully to "C:\Users\Ole\Desktop\aswMBR.txt"
Good Morning
Re-Run aswMBR
Click Scan
On completion of the scan
Click Fix
http://public.avast.com/~gmerek/aswMBR3.png
Save the log as before and post in your next reply
Quindorian
2011-05-21, 13:21
Goodmorning, glad to hear from.
I've ran aswMBR again, scanned, and produced the following, but It seems I can't "Fix". The button doesn't light up. FixMBR does light up.
report:
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-21 13:17:53
-----------------------------
13:17:53.442 OS Version: Windows 6.0.6002 Service Pack 2
13:17:53.442 Number of processors: 2 586 0x6B02
13:17:53.443 ComputerName: PC_OLE UserName: Ole
13:17:54.560 Initialize success
13:17:56.582 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
13:17:56.585 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
13:17:56.587 Device \Device\00000062 -> \??\SCSI#Disk&Ven_WDC_WD32&Prod_00AAJS-22L7A#4&1e0d9d13&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
13:17:56.589 Disk 0 MBR read error 0
13:17:56.592 Disk 0 MBR scan
13:17:56.595 Disk 0 unknown MBR code
13:17:56.598 MBR BIOS signature not found 0
13:17:56.604 Disk 0 scanning sectors +625139712
13:17:56.608 Disk 0 scanning C:\Windows\system32\drivers
13:18:02.402 Service scanning
13:18:03.577 Disk 0 trace - called modules:
13:18:03.581 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll >>UNKNOWN [0x874105d9]<<
13:18:03.585 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f3c5d8]
13:18:03.589 3 CLASSPNP.SYS[8b5b18b3] -> nt!IofCallDriver -> [0x86f3ce40]
13:18:03.594 5 PCTCore.sys[82a1f68b] -> nt!IofCallDriver -> [0x85f5ee70]
13:18:03.599 7 acpi.sys[806476bc] -> nt!IofCallDriver -> [0x85f0ec90]
13:18:03.605 \Driver\nvstor32[0x873f9a48] -> IRP_MJ_CREATE -> 0x874105d9
13:18:03.610 Scan finished successfully
13:18:21.458 Disk 0 MBR has been saved successfully to "C:\Users\Ole\Desktop\MBR.dat"
13:18:21.464 The log file has been saved successfully to "C:\Users\Ole\Desktop\aswMBR2.txt"
Run this program instead for the time being
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
Quindorian
2011-05-21, 14:35
That seemed to have worked, must say my pc is starting up much faster, without some of the usual issues.
The report:
2011/05/21 14:28:10.0050 5776 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/21 14:28:10.0313 5776 ================================================================================
2011/05/21 14:28:10.0313 5776 SystemInfo:
2011/05/21 14:28:10.0313 5776
2011/05/21 14:28:10.0313 5776 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/21 14:28:10.0313 5776 Product type: Workstation
2011/05/21 14:28:10.0313 5776 ComputerName: PC_OLE
2011/05/21 14:28:10.0313 5776 UserName: Ole
2011/05/21 14:28:10.0313 5776 Windows directory: C:\Windows
2011/05/21 14:28:10.0313 5776 System windows directory: C:\Windows
2011/05/21 14:28:10.0314 5776 Processor architecture: Intel x86
2011/05/21 14:28:10.0314 5776 Number of processors: 2
2011/05/21 14:28:10.0314 5776 Page size: 0x1000
2011/05/21 14:28:10.0314 5776 Boot type: Normal boot
2011/05/21 14:28:10.0314 5776 ================================================================================
2011/05/21 14:28:11.0897 5776 Initialize success
2011/05/21 14:28:14.0435 1828 ================================================================================
2011/05/21 14:28:14.0435 1828 Scan started
2011/05/21 14:28:14.0435 1828 Mode: Manual;
2011/05/21 14:28:14.0435 1828 ================================================================================
2011/05/21 14:28:14.0766 1828 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/21 14:28:14.0863 1828 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/21 14:28:14.0957 1828 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/21 14:28:15.0056 1828 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/21 14:28:15.0157 1828 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/21 14:28:15.0271 1828 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/21 14:28:15.0361 1828 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/21 14:28:15.0441 1828 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/21 14:28:15.0548 1828 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/21 14:28:15.0633 1828 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/21 14:28:15.0723 1828 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/21 14:28:15.0811 1828 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/21 14:28:15.0899 1828 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/21 14:28:15.0997 1828 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/21 14:28:16.0078 1828 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/21 14:28:16.0164 1828 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\Windows\system32\drivers\aswFsBlk.sys
2011/05/21 14:28:16.0213 1828 aswMonFlt (9bdc8e9ce17b773f69d2c6696c768c4f) C:\Windows\system32\drivers\aswMonFlt.sys
2011/05/21 14:28:16.0246 1828 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\Windows\system32\drivers\aswRdr.sys
2011/05/21 14:28:16.0342 1828 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\Windows\system32\drivers\aswSnx.sys
2011/05/21 14:28:16.0427 1828 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\Windows\system32\drivers\aswSP.sys
2011/05/21 14:28:16.0451 1828 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\Windows\system32\drivers\aswTdi.sys
2011/05/21 14:28:16.0490 1828 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/21 14:28:16.0523 1828 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/21 14:28:16.0573 1828 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/21 14:28:16.0666 1828 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/21 14:28:16.0758 1828 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/21 14:28:16.0837 1828 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/21 14:28:16.0911 1828 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/21 14:28:16.0971 1828 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/21 14:28:17.0017 1828 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/21 14:28:17.0054 1828 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/21 14:28:17.0077 1828 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/21 14:28:17.0108 1828 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/21 14:28:17.0141 1828 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/21 14:28:17.0182 1828 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/21 14:28:17.0218 1828 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/05/21 14:28:17.0266 1828 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/21 14:28:17.0298 1828 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/21 14:28:17.0337 1828 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/21 14:28:17.0405 1828 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/21 14:28:17.0476 1828 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/21 14:28:17.0514 1828 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/21 14:28:17.0544 1828 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/05/21 14:28:17.0586 1828 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/21 14:28:17.0613 1828 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/21 14:28:17.0672 1828 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/21 14:28:17.0722 1828 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/21 14:28:17.0771 1828 dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/05/21 14:28:17.0802 1828 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/05/21 14:28:17.0828 1828 Dot4Scan (a84d8a9006b1ae515cc7b6b3586c295a) C:\Windows\system32\DRIVERS\Dot4Scan.sys
2011/05/21 14:28:17.0855 1828 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/05/21 14:28:17.0905 1828 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/21 14:28:17.0950 1828 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/21 14:28:17.0993 1828 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/21 14:28:18.0069 1828 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/21 14:28:18.0104 1828 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/21 14:28:18.0149 1828 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/21 14:28:18.0204 1828 EUBAKUP (0c7f516415333f854d2ce45c6f2d6420) C:\Windows\system32\drivers\eubakup.sys
2011/05/21 14:28:18.0238 1828 EuDisk (f986ee234b05769c7fbd8def8d20e32f) C:\Windows\system32\DRIVERS\EuDisk.sys
2011/05/21 14:28:18.0286 1828 EUDSKACS (db677f262ddb5de277c8f655ebd114f5) C:\Windows\system32\drivers\eudskacs.sys
2011/05/21 14:28:18.0351 1828 EUFS (42f734e7eb6c05e97df18c0eb16c350a) C:\Windows\system32\drivers\eufs.sys
2011/05/21 14:28:18.0440 1828 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/21 14:28:18.0487 1828 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/21 14:28:18.0530 1828 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/21 14:28:18.0555 1828 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/21 14:28:18.0580 1828 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/21 14:28:18.0607 1828 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/21 14:28:18.0637 1828 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/21 14:28:18.0666 1828 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/21 14:28:18.0686 1828 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/21 14:28:18.0723 1828 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/21 14:28:18.0757 1828 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\Windows\system32\drivers\grmnusb.sys
2011/05/21 14:28:18.0803 1828 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/21 14:28:18.0858 1828 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/21 14:28:18.0897 1828 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/21 14:28:18.0920 1828 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/21 14:28:18.0959 1828 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/21 14:28:18.0992 1828 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/21 14:28:19.0035 1828 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2011/05/21 14:28:19.0087 1828 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/21 14:28:19.0125 1828 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/21 14:28:19.0170 1828 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/21 14:28:19.0215 1828 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/21 14:28:19.0308 1828 IntcAzAudAddService (219ca9a36d6de2ec04f958c907673436) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/21 14:28:19.0378 1828 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/21 14:28:19.0412 1828 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/21 14:28:19.0470 1828 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/21 14:28:19.0534 1828 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/21 14:28:19.0570 1828 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/21 14:28:19.0597 1828 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/21 14:28:19.0621 1828 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/21 14:28:19.0654 1828 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/21 14:28:19.0698 1828 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/21 14:28:19.0741 1828 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/21 14:28:19.0766 1828 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/21 14:28:19.0808 1828 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/21 14:28:19.0859 1828 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/21 14:28:19.0915 1828 LgBttPort (4dd47b5af0b24871ebb9efc012a7474e) C:\Windows\system32\DRIVERS\lgbtport.sys
2011/05/21 14:28:19.0932 1828 lgbusenum (1d038ca6c529203087a990e5e97887b4) C:\Windows\system32\DRIVERS\lgbtbus.sys
2011/05/21 14:28:19.0974 1828 lgmdbus (54fec13b60914784aa06685f352aed70) C:\Windows\system32\DRIVERS\lgmdbus.sys
2011/05/21 14:28:20.0006 1828 lgmdmdfl (97b52613f0b621fc9eae007668da7b01) C:\Windows\system32\DRIVERS\lgmdmdfl.sys
2011/05/21 14:28:20.0028 1828 lgmdmdm (b9cc203836509083d8be07b6a5b40862) C:\Windows\system32\DRIVERS\lgmdmdm.sys
2011/05/21 14:28:20.0074 1828 lgmdmgmt (b5e3263ca8173f9619075898df5d4718) C:\Windows\system32\DRIVERS\lgmdmgmt.sys
2011/05/21 14:28:20.0132 1828 lgmdobex (a218c22fd0c4b8ac3ce38e08d1ac9e88) C:\Windows\system32\DRIVERS\lgmdobex.sys
2011/05/21 14:28:20.0173 1828 LGVMODEM (26f1976a330195d62a6224c76968cf0d) C:\Windows\system32\DRIVERS\lgvmodem.sys
2011/05/21 14:28:20.0204 1828 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/21 14:28:20.0276 1828 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/21 14:28:20.0327 1828 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/21 14:28:20.0348 1828 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/21 14:28:20.0385 1828 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/21 14:28:20.0409 1828 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/21 14:28:20.0449 1828 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/21 14:28:20.0500 1828 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/21 14:28:20.0537 1828 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/21 14:28:20.0610 1828 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/21 14:28:20.0645 1828 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/21 14:28:20.0664 1828 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/21 14:28:20.0685 1828 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/21 14:28:20.0706 1828 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/21 14:28:20.0755 1828 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/21 14:28:20.0808 1828 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/21 14:28:20.0830 1828 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/21 14:28:20.0857 1828 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/21 14:28:20.0880 1828 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/21 14:28:20.0920 1828 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/21 14:28:20.0947 1828 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/21 14:28:20.0986 1828 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/21 14:28:21.0010 1828 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/21 14:28:21.0045 1828 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/21 14:28:21.0069 1828 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/21 14:28:21.0092 1828 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/21 14:28:21.0124 1828 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/21 14:28:21.0148 1828 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/21 14:28:21.0173 1828 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/21 14:28:21.0206 1828 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/21 14:28:21.0255 1828 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/21 14:28:21.0295 1828 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/21 14:28:21.0339 1828 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/21 14:28:21.0366 1828 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/21 14:28:21.0400 1828 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/21 14:28:21.0424 1828 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/21 14:28:21.0460 1828 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/21 14:28:21.0495 1828 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/21 14:28:21.0547 1828 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/21 14:28:21.0598 1828 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/21 14:28:21.0625 1828 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/21 14:28:21.0678 1828 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/21 14:28:21.0712 1828 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/21 14:28:21.0740 1828 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/21 14:28:21.0879 1828 nvlddmkm (ca76b9adb89f60c512f8ee1ea3c85668) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/21 14:28:22.0049 1828 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/21 14:28:22.0076 1828 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/05/21 14:28:22.0102 1828 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/21 14:28:22.0142 1828 nvstor32 (d05f6e26ac960474494356fe703d61be) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/05/21 14:28:22.0175 1828 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/21 14:28:22.0248 1828 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/21 14:28:22.0300 1828 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/21 14:28:22.0333 1828 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/21 14:28:22.0364 1828 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/21 14:28:22.0404 1828 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/21 14:28:22.0426 1828 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/05/21 14:28:22.0468 1828 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/21 14:28:22.0529 1828 PCTCore (2d5c059c1a12babf336f319f45c161d3) C:\Windows\system32\drivers\PCTCore.sys
2011/05/21 14:28:22.0557 1828 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
2011/05/21 14:28:22.0594 1828 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
2011/05/21 14:28:22.0643 1828 PCTSD (83ddd552f7f1043f764e8cc88ff41232) C:\Windows\system32\Drivers\PCTSD.sys
2011/05/21 14:28:22.0688 1828 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/21 14:28:22.0778 1828 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/21 14:28:22.0821 1828 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/21 14:28:22.0882 1828 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/21 14:28:22.0918 1828 PSINAflt (a282f4150ab719dc3b88f1083cebdeec) C:\Windows\system32\DRIVERS\PSINAflt.sys
2011/05/21 14:28:22.0946 1828 PSINFile (1d81f2d1ccf0b8e079615ab99ec1c150) C:\Windows\system32\DRIVERS\PSINFile.sys
2011/05/21 14:28:22.0980 1828 PSINKNC (a7d7566d9a4af4372d10769da1035fb8) C:\Windows\system32\DRIVERS\psinknc.sys
2011/05/21 14:28:23.0007 1828 PSINProc (9871222e40a3bc5a5af81ba931422af4) C:\Windows\system32\DRIVERS\PSINProc.sys
2011/05/21 14:28:23.0033 1828 PSINProt (a92f30f5af037831982be26f979edddc) C:\Windows\system32\DRIVERS\PSINProt.sys
2011/05/21 14:28:23.0067 1828 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/21 14:28:23.0107 1828 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/21 14:28:23.0225 1828 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/21 14:28:23.0271 1828 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/21 14:28:23.0295 1828 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/21 14:28:23.0333 1828 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/21 14:28:23.0370 1828 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/21 14:28:23.0405 1828 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/21 14:28:23.0445 1828 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/21 14:28:23.0483 1828 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/21 14:28:23.0515 1828 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/21 14:28:23.0533 1828 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/21 14:28:23.0583 1828 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/21 14:28:23.0640 1828 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/21 14:28:23.0684 1828 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/21 14:28:23.0720 1828 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/05/21 14:28:23.0765 1828 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/21 14:28:23.0833 1828 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/21 14:28:23.0869 1828 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/21 14:28:23.0894 1828 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/21 14:28:23.0920 1828 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/21 14:28:23.0969 1828 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/21 14:28:24.0008 1828 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/21 14:28:24.0026 1828 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/21 14:28:24.0054 1828 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/21 14:28:24.0109 1828 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/21 14:28:24.0160 1828 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/21 14:28:24.0191 1828 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/21 14:28:24.0255 1828 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/21 14:28:24.0295 1828 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/21 14:28:24.0348 1828 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/05/21 14:28:24.0385 1828 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/21 14:28:24.0425 1828 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/21 14:28:24.0476 1828 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/21 14:28:24.0524 1828 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/21 14:28:24.0563 1828 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/21 14:28:24.0600 1828 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/21 14:28:24.0680 1828 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/21 14:28:24.0727 1828 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/21 14:28:24.0760 1828 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/21 14:28:24.0807 1828 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/21 14:28:24.0833 1828 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/21 14:28:24.0868 1828 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/21 14:28:24.0907 1828 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/21 14:28:24.0946 1828 TfFsMon (a56ec942ecabfb7849bfa76060f929fb) C:\Windows\system32\drivers\TfFsMon.sys
2011/05/21 14:28:24.0966 1828 TfNetMon (917ef522563f6047685486efa486fb3c) C:\Windows\system32\drivers\TfNetMon.sys
2011/05/21 14:28:24.0986 1828 TfSysMon (57edbb5fe7ff09bb21121d13bb950ba5) C:\Windows\system32\drivers\TfSysMon.sys
2011/05/21 14:28:25.0056 1828 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/21 14:28:25.0082 1828 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/21 14:28:25.0113 1828 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/21 14:28:25.0139 1828 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/21 14:28:25.0187 1828 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/21 14:28:25.0230 1828 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/21 14:28:25.0265 1828 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/21 14:28:25.0300 1828 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/21 14:28:25.0339 1828 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/21 14:28:25.0383 1828 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/21 14:28:25.0414 1828 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/21 14:28:25.0449 1828 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/21 14:28:25.0490 1828 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/21 14:28:25.0530 1828 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/21 14:28:25.0562 1828 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/21 14:28:25.0589 1828 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/05/21 14:28:25.0614 1828 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/21 14:28:25.0634 1828 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/21 14:28:25.0663 1828 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/21 14:28:25.0688 1828 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/21 14:28:25.0728 1828 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/21 14:28:25.0760 1828 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/21 14:28:25.0799 1828 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/21 14:28:25.0819 1828 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/21 14:28:25.0853 1828 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/21 14:28:25.0885 1828 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/21 14:28:25.0917 1828 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/21 14:28:25.0958 1828 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/21 14:28:25.0982 1828 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/21 14:28:25.0995 1828 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/21 14:28:26.0046 1828 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/21 14:28:26.0086 1828 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/21 14:28:26.0201 1828 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/21 14:28:26.0261 1828 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/21 14:28:26.0291 1828 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/21 14:28:26.0334 1828 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/21 14:28:26.0404 1828 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (5867ce254625645345c833510d24f124) C:\Program Files\CyberLink\PlayMovie\000.fcl
2011/05/21 14:28:26.0442 1828 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/21 14:28:26.0447 1828 ================================================================================
2011/05/21 14:28:26.0447 1828 Scan finished
2011/05/21 14:28:26.0447 1828 ================================================================================
2011/05/21 14:28:26.0462 2448 Detected object count: 1
2011/05/21 14:28:35.0511 2448 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/21 14:28:35.0511 2448 \HardDisk0 - ok
2011/05/21 14:28:35.0512 2448 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/21 14:28:38.0135 5544 Deinitialize success
:bigthumb:
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Quindorian
2011-05-21, 16:53
no infections found, here follows the report: (language is dutch, srr if thats a problem, I can translate if needed.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Databaseversie: 6634
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8080.16413
21/05/2011 16:50:34
mbam-log-2011-05-21 (16-50-34).txt
Scantype: Snelle scan
Objecten gescand: 183802
Verstreken tijd: 9 minuut/minuten, 29 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Lets make sure we got it all
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Quindorian
2011-05-21, 18:22
It deleted a openoffice file or register, but not much more. Though you'll prob 'll make more of this report
ComboFix 11-05-19.02 - Ole 21/05/2011 17:48:40.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.32.1043.18.3326.1700 [GMT 2:00]
Gestart vanuit: c:\users\Ole\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
AV: PC Tools AntiVirus Free *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: PC Tools AntiVirus Free *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3 .lnk
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-04-21 to 2011-05-21 ))))))))))))))))))))))))))))))
.
.
2011-05-21 16:06 . 2011-05-21 16:08 -------- d-----w- c:\users\Ole\AppData\Local\temp
2011-05-21 16:06 . 2011-05-21 16:06 -------- d-----w- c:\users\Gast\AppData\Local\temp
2011-05-21 16:06 . 2011-05-21 16:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-19 17:30 . 2011-05-19 17:30 -------- d-----w- c:\program files\ERUNT
2011-05-12 06:59 . 2011-04-14 16:57 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-10 06:52 . 2011-04-27 13:36 767952 ----a-w- c:\windows\BDTSupport.dll
2011-05-06 22:16 . 2011-04-14 16:57 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-06 22:16 . 2011-04-14 16:57 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-06 22:16 . 2011-04-14 16:57 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-06 22:16 . 2011-04-14 16:57 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-06 22:16 . 2011-04-14 16:57 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-06 22:16 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-06 22:16 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-02 14:40 . 2011-05-02 14:40 -------- d-----w- c:\program files\ParetoLogic
2011-05-02 14:40 . 2011-05-02 14:40 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-05-02 13:33 . 2011-02-22 11:57 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2011-05-02 13:33 . 2011-02-22 11:57 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2011-05-02 13:33 . 2011-02-22 11:57 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2011-05-02 13:33 . 2011-05-10 06:50 -------- d-----w- c:\programdata\PC Tools
2011-05-02 13:33 . 2011-05-02 13:33 -------- d-----w- c:\program files\ThreatFire
2011-05-02 08:51 . 2011-05-02 08:51 -------- d-----w- c:\users\Ole\AppData\Roaming\Panda Security
2011-05-02 08:35 . 2011-05-02 08:35 -------- d-----w- c:\users\Ole\AppData\Roaming\SurfSecret Privacy Suite
2011-05-02 08:34 . 2011-05-02 08:34 -------- d-----w- c:\users\Ole\AppData\Local\panda2_0dn
2011-05-02 08:34 . 2011-05-21 12:31 -------- d-----w- c:\programdata\Panda Security URL Filtering
2011-05-02 08:33 . 2011-05-02 08:35 -------- d-----w- c:\program files\Panda Security
2011-05-02 08:33 . 2011-05-02 08:33 -------- d-----w- c:\programdata\Panda Security
2011-05-02 08:32 . 2010-10-07 06:50 428352 ----a-w- c:\windows\system32\StubInstaller.exe
2011-04-27 17:58 . 2011-04-27 17:58 -------- d-----w- c:\users\Ole\AppData\Roaming\Unity
2011-04-22 17:12 . 2011-04-22 17:12 -------- d-----w- c:\users\Ole\AppData\Local\PackageAware
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:10 . 2010-07-13 06:08 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2009-05-20 21:09 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-03-15 17:06 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2009-05-20 21:09 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2009-05-20 21:09 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2009-05-20 21:09 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2009-05-20 21:09 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2009-05-20 21:09 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-13 14:50 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-13 10:25 . 2011-03-13 10:25 161280 ----a-w- c:\windows\system32\msls31.dll
2011-03-13 10:25 . 2011-03-13 10:25 1125376 ----a-w- c:\windows\system32\wininet.dll
2011-03-13 10:25 . 2011-03-13 10:25 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-13 10:25 . 2011-03-13 10:25 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-03-13 10:25 . 2011-03-13 10:25 1426432 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-13 10:25 . 2011-03-13 10:25 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-13 10:25 . 2011-03-13 10:25 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-13 10:25 . 2011-03-13 10:25 2382336 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-13 10:25 . 2011-03-13 10:25 152064 ----a-w- c:\windows\system32\wextract.exe
2011-03-13 10:25 . 2011-03-13 10:25 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-03-13 10:25 . 2011-03-13 10:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-13 10:25 . 2011-03-13 10:25 11776 ----a-w- c:\windows\system32\mshta.exe
2011-03-13 10:25 . 2011-03-13 10:25 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-03-13 10:25 . 2011-03-13 10:25 1791488 ----a-w- c:\windows\system32\jscript9.dll
2011-03-13 10:25 . 2011-03-13 10:25 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-13 10:25 . 2011-03-13 10:25 101888 ----a-w- c:\windows\system32\admparse.dll
2011-03-13 10:25 . 2011-03-13 10:25 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-13 10:25 . 2011-03-13 10:25 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-13 10:25 . 2011-03-13 10:25 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-03-13 10:25 . 2011-03-13 10:25 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-13 10:25 . 2011-03-13 10:25 367104 ----a-w- c:\windows\system32\html.iec
2011-03-12 15:31 . 2011-03-12 15:31 17408 ----a-w- c:\windows\START32.EXE
2011-03-12 15:31 . 2011-03-12 15:31 9728 ----a-w- c:\windows\system32\rnaph.dll
2011-04-14 16:57 . 2011-05-12 06:59 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-12-19 14:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-12-19 86696]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-12-16 16:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-12-16 16:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FujiKeyboard"="c:\acer\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe" [2008-09-18 79416]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"EaseUs Watch"="c:\program files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe" [2011-01-22 69000]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2010-12-19 223400]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2011-02-22 378128]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-04-27 247760]
.
c:\users\Ole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 13:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe"
"PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe"
"RtHDVCpl"=RtHDVCpl.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"B2C_AGENT"=c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
"CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe"
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
.
R0 PsBoot;Panda boot driver;c:\windows\system32\Drivers\PsBoot.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 EASEUS Agent;EASEUS Agent;c:\program files\EASEUS\Todo Backup 2.0\bin\Agent.exe [2011-01-22 55688]
R2 srv4B8;srv4B8;c:\windows\system32\svchost.exe [2008-01-21 21504]
R3 lgmdbus;LG Mobile driver (WDM);c:\windows\system32\DRIVERS\lgmdbus.sys [2008-07-08 89600]
R3 lgmdmdfl;LG Mobile USB WMC Modem Filter;c:\windows\system32\DRIVERS\lgmdmdfl.sys [2008-07-08 14976]
R3 lgmdmdm;LG Mobile USB WMC Modem Driver;c:\windows\system32\DRIVERS\lgmdmdm.sys [2008-07-08 121344]
R3 lgmdmgmt;LG Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\lgmdmgmt.sys [2008-07-08 114944]
R3 lgmdobex;LG Mobile USB WMC OBEX Interface;c:\windows\system32\DRIVERS\lgmdobex.sys [2008-07-08 111232]
R3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [2009-05-20 110576]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-01-22 31112]
S0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2011-01-22 21896]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-03-10 263888]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-02-22 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-02-22 69392]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-01-22 15240]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [2011-03-10 233976]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-12-16 126536]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\CyberLink\PlayMovie\000.fcl [2008-03-31 41456]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [2011-04-27 337872]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-12-16 140608]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-12-16 141384]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-12-16 99400]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-12-16 111176]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-12-16 113736]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\DRIVERS\EuDisk.sys [2011-01-22 188296]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-02-22 33552]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
srv4B8
ezSharedSvc
.
Inhoud van de 'Gedeelde Taken' map
.
2011-05-21 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\WindowsMaintenance\Glary Utilities\initialize.exe [2009-11-10 16:24]
.
2011-05-21 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-03-29 23:17]
.
2011-05-02 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:17]
.
2011-05-02 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
2011-05-02 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
2011-04-17 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-01-19 17:08]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.telenet.be
mStart Page = hxxp://www.telenet.be
mWindow Title = Telenet Internet
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\Ole\AppData\Roaming\Mozilla\Firefox\Profiles\0rgkufor.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&PC=VIATDF&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.standaard.be/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1143&p=
FF - prefs.js: network.proxy.type - 0
.
.
------- Bestandsassociaties -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-21 18:07
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv4B8]
"servicedll"="\\?\globalroot\Device\HarddiskVolume2\Users\Ole\AppData\Local\Temp\srv4B8.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1100745386-3923300980-3176444086-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:21,91,34,eb,2f,15,42,83,06,49,14,b9,c5,70,88,33,85,5e,26,cd,0d,0b,a7,
8b,9f,d9,c5,c7,20,0d,c0,05,95,af,12,cc,25,f7,af,b8,b8,ca,a7,58,ea,49,8d,62,\
"??"=hex:42,e1,6f,b6,7b,13,85,b2,11,f1,48,93,2f,8c,d2,19
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(876)
c:\program files\ThreatFire\TFWAH.dll
.
Voltooingstijd: 2011-05-21 18:16:23
ComboFix-quarantined-files.txt 2011-05-21 16:16
.
Pre-Run: 133.797.531.648 bytes beschikbaar
Post-Run: 133.888.950.272 bytes beschikbaar
.
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - FE9AE8BC500BE2C940189D532DB91815
Hi,
avast
Panda Cloud Antivirus
PC Tools AntiVirus Free
You have 3 antivirus programs running and that counter productive and a bit of overkill, they will suck up system resources and cause all sorts of problems, its recommended that you just have one, keep it updated and run regular scans. Your call but you need to go to Programs and Features in the Control panel and uninstall two of them.
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Registry::
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv4B8]
File::
globalroot\Device\HarddiskVolume2\Users\Ole\AppData\Local\Temp\srv4B8.tmp
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Hi,
If you have not run Combofix yet please do not run the fix or combofix at all please.
What I need you to do is drag Combofix to the trash and download a new copy and just run the program, not the fix
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Quindorian
2011-05-22, 13:40
I usually run only avast and spybot, I installed the other systems in an attempt to clean my system. That didnt help, but you sure are. Here are the reports:
Combofix wanted to update, I said NO, report:
ComboFix 11-05-19.02 - Ole 22/05/2011 12:25:43.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.32.1043.18.3326.1934 [GMT 2:00]
Gestart vanuit: c:\users\Ole\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Ole\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
AV: PC Tools AntiVirus Free *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: PC Tools AntiVirus Free *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
J:\Autorun.inf
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-04-22 to 2011-05-22 ))))))))))))))))))))))))))))))
.
.
2011-05-22 10:46 . 2011-05-22 10:47 -------- d-----w- c:\users\Ole\AppData\Local\temp
2011-05-22 10:46 . 2011-05-22 10:46 -------- d-----w- c:\users\Gast\AppData\Local\temp
2011-05-22 10:46 . 2011-05-22 10:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-22 03:26 . 2011-05-22 03:26 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-05-22 03:22 . 2011-05-18 10:37 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E28523AC-D2CD-43CF-8531-1314813C8E4A}\mpengine.dll
2011-05-19 17:30 . 2011-05-19 17:30 -------- d-----w- c:\program files\ERUNT
2011-05-12 06:59 . 2011-04-14 16:57 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-10 06:52 . 2011-04-27 13:36 767952 ----a-w- c:\windows\BDTSupport.dll
2011-05-06 22:16 . 2011-04-14 16:57 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-06 22:16 . 2011-04-14 16:57 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-06 22:16 . 2011-04-14 16:57 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-06 22:16 . 2011-04-14 16:57 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-06 22:16 . 2011-04-14 16:57 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-06 22:16 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-06 22:16 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-02 14:40 . 2011-05-02 14:40 -------- d-----w- c:\program files\ParetoLogic
2011-05-02 14:40 . 2011-05-02 14:40 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-05-02 13:33 . 2011-02-22 11:57 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2011-05-02 13:33 . 2011-02-22 11:57 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2011-05-02 13:33 . 2011-02-22 11:57 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2011-05-02 13:33 . 2011-05-10 06:50 -------- d-----w- c:\programdata\PC Tools
2011-05-02 13:33 . 2011-05-02 13:33 -------- d-----w- c:\program files\ThreatFire
2011-05-02 08:51 . 2011-05-02 08:51 -------- d-----w- c:\users\Ole\AppData\Roaming\Panda Security
2011-05-02 08:35 . 2011-05-02 08:35 -------- d-----w- c:\users\Ole\AppData\Roaming\SurfSecret Privacy Suite
2011-05-02 08:34 . 2011-05-02 08:34 -------- d-----w- c:\users\Ole\AppData\Local\panda2_0dn
2011-05-02 08:34 . 2011-05-22 10:05 -------- d-----w- c:\programdata\Panda Security URL Filtering
2011-05-02 08:33 . 2011-05-02 08:35 -------- d-----w- c:\program files\Panda Security
2011-05-02 08:33 . 2011-05-02 08:33 -------- d-----w- c:\programdata\Panda Security
2011-05-02 08:32 . 2010-10-07 06:50 428352 ----a-w- c:\windows\system32\StubInstaller.exe
2011-04-27 17:58 . 2011-04-27 17:58 -------- d-----w- c:\users\Ole\AppData\Roaming\Unity
2011-04-22 17:12 . 2011-04-22 17:12 -------- d-----w- c:\users\Ole\AppData\Local\PackageAware
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:10 . 2010-07-13 06:08 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2009-05-20 21:09 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-03-15 17:06 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2009-05-20 21:09 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2009-05-20 21:09 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2009-05-20 21:09 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2009-05-20 21:09 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2009-05-20 21:09 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-13 14:50 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-13 10:25 . 2011-03-13 10:25 161280 ----a-w- c:\windows\system32\msls31.dll
2011-03-13 10:25 . 2011-03-13 10:25 1125376 ----a-w- c:\windows\system32\wininet.dll
2011-03-13 10:25 . 2011-03-13 10:25 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-13 10:25 . 2011-03-13 10:25 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-03-13 10:25 . 2011-03-13 10:25 1426432 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-13 10:25 . 2011-03-13 10:25 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-13 10:25 . 2011-03-13 10:25 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-13 10:25 . 2011-03-13 10:25 2382336 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-13 10:25 . 2011-03-13 10:25 152064 ----a-w- c:\windows\system32\wextract.exe
2011-03-13 10:25 . 2011-03-13 10:25 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-03-13 10:25 . 2011-03-13 10:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-13 10:25 . 2011-03-13 10:25 11776 ----a-w- c:\windows\system32\mshta.exe
2011-03-13 10:25 . 2011-03-13 10:25 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-03-13 10:25 . 2011-03-13 10:25 1791488 ----a-w- c:\windows\system32\jscript9.dll
2011-03-13 10:25 . 2011-03-13 10:25 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-13 10:25 . 2011-03-13 10:25 101888 ----a-w- c:\windows\system32\admparse.dll
2011-03-13 10:25 . 2011-03-13 10:25 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-13 10:25 . 2011-03-13 10:25 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-13 10:25 . 2011-03-13 10:25 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-03-13 10:25 . 2011-03-13 10:25 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-13 10:25 . 2011-03-13 10:25 367104 ----a-w- c:\windows\system32\html.iec
2011-03-12 15:31 . 2011-03-12 15:31 17408 ----a-w- c:\windows\START32.EXE
2011-03-12 15:31 . 2011-03-12 15:31 9728 ----a-w- c:\windows\system32\rnaph.dll
2011-04-14 16:57 . 2011-05-12 06:59 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-12-19 14:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-12-19 86696]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-12-16 16:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-12-16 16:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FujiKeyboard"="c:\acer\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe" [2008-09-18 79416]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"EaseUs Watch"="c:\program files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe" [2011-01-22 69000]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2010-12-19 223400]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2011-02-22 378128]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-04-27 247760]
.
c:\users\Ole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 13:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe"
"PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe"
"RtHDVCpl"=RtHDVCpl.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"B2C_AGENT"=c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
"CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe"
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
.
R0 PsBoot;Panda boot driver;c:\windows\system32\Drivers\PsBoot.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 EASEUS Agent;EASEUS Agent;c:\program files\EASEUS\Todo Backup 2.0\bin\Agent.exe [2011-01-22 55688]
R3 lgmdbus;LG Mobile driver (WDM);c:\windows\system32\DRIVERS\lgmdbus.sys [2008-07-08 89600]
R3 lgmdmdfl;LG Mobile USB WMC Modem Filter;c:\windows\system32\DRIVERS\lgmdmdfl.sys [2008-07-08 14976]
R3 lgmdmdm;LG Mobile USB WMC Modem Driver;c:\windows\system32\DRIVERS\lgmdmdm.sys [2008-07-08 121344]
R3 lgmdmgmt;LG Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\lgmdmgmt.sys [2008-07-08 114944]
R3 lgmdobex;LG Mobile USB WMC OBEX Interface;c:\windows\system32\DRIVERS\lgmdobex.sys [2008-07-08 111232]
R3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [2009-05-20 110576]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-01-22 31112]
S0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2011-01-22 21896]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-03-10 263888]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-01-22 15240]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [2011-03-10 233976]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-12-16 126536]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [2011-04-27 337872]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-12-16 140608]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-12-16 141384]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-12-16 99400]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-12-16 111176]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-12-16 113736]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\DRIVERS\EuDisk.sys [2011-01-22 188296]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
srv4B8
ezSharedSvc
.
Inhoud van de 'Gedeelde Taken' map
.
2011-05-22 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\WindowsMaintenance\Glary Utilities\initialize.exe [2009-11-10 16:24]
.
2011-05-21 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-03-29 23:17]
.
2011-05-02 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:17]
.
2011-05-02 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
2011-05-02 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.telenet.be
mStart Page = hxxp://www.telenet.be
mWindow Title = Telenet Internet
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\Ole\AppData\Roaming\Mozilla\Firefox\Profiles\0rgkufor.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&PC=VIATDF&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.standaard.be/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1143&p=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-22 12:47
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1100745386-3923300980-3176444086-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:21,91,34,eb,2f,15,42,83,06,49,14,b9,c5,70,88,33,85,5e,26,cd,0d,0b,a7,
8b,9f,d9,c5,c7,20,0d,c0,05,95,af,12,cc,25,f7,af,b8,b8,ca,a7,58,ea,49,8d,62,\
"??"=hex:42,e1,6f,b6,7b,13,85,b2,11,f1,48,93,2f,8c,d2,19
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(884)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(924)
c:\program files\ThreatFire\TFWAH.dll
.
Voltooingstijd: 2011-05-22 12:55:14
ComboFix-quarantined-files.txt 2011-05-22 10:55
ComboFix2.txt 2011-05-21 16:16
.
Pre-Run: 133.484.859.392 bytes beschikbaar
Post-Run: 133.564.506.112 bytes beschikbaar
.
Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,10,11
- - End Of File - - 8B66B4F8A4BA95A65716FFE9FB22B815
Quindorian
2011-05-22, 13:43
otl:
OTL logfile created on: 22/05/2011 13:17:07 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Ole\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 48,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,09 Gb Total Space | 124,48 Gb Free Space | 43,66% Space Free | Partition Type: NTFS
Drive J: | 931,28 Gb Total Space | 657,12 Gb Free Space | 70,56% Space Free | Partition Type: FAT32
Computer Name: PC_OLE | User Name: Ole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Ole\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
PRC - C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
PRC - C:\Program Files\ThreatFire\TFService.exe (PC Tools)
PRC - C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\AOSD.exe (Packard Bell BV)
PRC - C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe (Packard Bell BV)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
========== Modules (SafeList) ==========
MOD - C:\Users\Ole\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\Program Files\ThreatFire\TFWAH.dll (PC Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (srv4B8) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (ThreatFire) -- C:\Program Files\ThreatFire\TFService.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (EASEUS Agent) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (NanoServiceMain) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Partner Service) -- C:\ProgramData\Partner\partner.exe (Google Inc.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
========== Driver Services (SafeList) ==========
DRV - (catchme) -- File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (PCTSD) -- C:\Windows\System32\drivers\PCTSD.sys (PC Tools)
DRV - (TfSysMon) -- C:\Windows\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\Windows\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (EUFS) -- C:\Windows\system32\drivers\eufs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUDSKACS) -- C:\Windows\System32\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUBAKUP) -- C:\Windows\system32\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EuDisk) -- C:\Windows\System32\drivers\EuDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (PSINProt) -- C:\Windows\System32\drivers\PSINProt.sys (Panda Security, S.L.)
DRV - (PSINProc) -- C:\Windows\System32\drivers\PSINProc.sys (Panda Security, S.L.)
DRV - (PSINKNC) -- C:\Windows\System32\drivers\PSINKNC.sys (Panda Security, S.L.)
DRV - (PSINFile) -- C:\Windows\System32\drivers\PSINFile.sys (Panda Security, S.L.)
DRV - (PSINAflt) -- C:\Windows\System32\drivers\PSINAflt.sys (Panda Security, S.L.)
DRV - (pctEFA) -- C:\Windows\system32\drivers\pctEFA.sys (PC Tools)
DRV - (pctDS) -- C:\Windows\system32\drivers\pctDS.sys (PC Tools)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (LgBttPort) -- C:\Windows\System32\drivers\lgbtport.sys (LG Electronics Inc.)
DRV - (LGVMODEM) -- C:\Windows\System32\drivers\lgvmodem.sys (LG Electronics Inc.)
DRV - (lgbusenum) -- C:\Windows\System32\drivers\lgbtbus.sys (LG Electronics Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (lgmdmdm) -- C:\Windows\System32\drivers\lgmdmdm.sys (MCCI Corporation)
DRV - (lgmdmgmt) LG Mobile USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\lgmdmgmt.sys (MCCI Corporation)
DRV - (lgmdobex) -- C:\Windows\System32\drivers\lgmdobex.sys (MCCI Corporation)
DRV - (lgmdbus) LG Mobile driver (WDM) -- C:\Windows\System32\drivers\lgmdbus.sys (MCCI Corporation)
DRV - (lgmdmdfl) -- C:\Windows\System32\drivers\lgmdmdfl.sys (MCCI Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\CyberLink\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be
IE - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&PC=VIATDF&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.standaard.be/"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: nl-NL@dictionaries.addons.mozilla.org:3.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {2bfc8624-5b8a-4060-b86a-e78ccbc38509}:2.4
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:2.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=panda&type=PCAFSI1143&p="
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/05/11 20:50:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2011/05/10 08:52:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/12 08:59:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 00:16:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/06 10:38:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2009/12/12 11:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ole\AppData\Roaming\mozilla\Extensions
[2009/12/12 11:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ole\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/05/20 17:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ole\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2009/06/16 11:20:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ole\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2011/05/06 22:14:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ole\AppData\Roaming\mozilla\Firefox\Profiles\0rgkufor.default\extensions
[2010/04/27 10:59:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ole\AppData\Roaming\mozilla\Firefox\Profiles\0rgkufor.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/28 11:12:06 | 000,000,000 | ---D | M] ("BetterSearch") -- C:\Users\Ole\AppData\Roaming\mozilla\Firefox\Profiles\0rgkufor.default\extensions\{2bfc8624-5b8a-4060-b86a-e78ccbc38509}
[2011/05/02 10:34:35 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Ole\AppData\Roaming\mozilla\Firefox\Profiles\0rgkufor.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2010/12/13 18:14:09 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Ole\AppData\Roaming\mozilla\Firefox\Profiles\0rgkufor.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/11/27 08:25:29 | 000,000,000 | ---D | M] (Woordenboek Nederlands) -- C:\Users\Ole\AppData\Roaming\mozilla\Firefox\Profiles\0rgkufor.default\extensions\nl-NL@dictionaries.addons.mozilla.org
[2011/03/14 17:17:43 | 000,002,397 | ---- | M] () -- C:\Users\Ole\AppData\Roaming\Mozilla\Firefox\Profiles\0rgkufor.default\searchplugins\askcom.xml
[2010/01/17 10:53:12 | 000,002,185 | ---- | M] () -- C:\Users\Ole\AppData\Roaming\Mozilla\Firefox\Profiles\0rgkufor.default\searchplugins\bing.xml
[2011/05/12 08:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/14 10:59:40 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
[2011/05/11 20:50:06 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2011/05/10 08:52:36 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX
[2011/04/14 18:57:43 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010/01/01 10:00:00 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010/01/01 10:00:00 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010/01/01 10:00:00 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
O1 HOSTS File: ([2011/05/22 12:46:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [FujiKeyboard] c:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe (Packard Bell BV)
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - Startup: C:\Users\Ole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-1100745386-3923300980-3176444086-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.131.5 195.130.130.133
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ole\Pictures\Windows_by_serpim [DesktopNexus.com].jpg
O24 - Desktop BackupWallPaper: C:\Users\Ole\Pictures\Windows_by_serpim [DesktopNexus.com].jpg
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/26 19:51:21 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/22 12:55:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/22 12:55:25 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\temp
[2011/05/22 12:18:46 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/05/22 12:15:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/22 12:15:33 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/05/22 12:10:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Ole\Desktop\OTL.exe
[2011/05/22 05:31:53 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/05/22 05:26:37 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/05/21 18:16:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/21 17:44:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/21 17:44:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/21 17:44:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/21 17:41:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/21 14:26:33 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ole\Desktop\TDSSKiller.exe
[2011/05/21 07:55:27 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Ole\Desktop\aswMBR.exe
[2011/05/19 19:31:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/19 19:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/05/19 19:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/10 08:52:34 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2011/05/10 08:52:33 | 002,074,576 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2011/05/10 08:52:33 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2011/05/10 08:50:17 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2011/05/10 08:50:17 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2011/05/10 08:50:15 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011/05/10 08:50:15 | 000,105,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011/05/10 08:50:07 | 000,263,888 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/05/10 08:50:07 | 000,160,576 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2011/05/10 08:50:02 | 000,233,976 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2011/05/10 08:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/05/10 08:49:57 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/05/10 08:49:45 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/05/10 08:49:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/05/02 16:40:59 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2011/05/02 16:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2011/05/02 16:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2011/05/02 15:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThreatFire
[2011/05/02 15:33:45 | 000,069,392 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2011/05/02 15:33:45 | 000,051,984 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2011/05/02 15:33:45 | 000,033,552 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2011/05/02 15:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2011/05/02 15:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/05/02 10:51:06 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Roaming\Panda Security
[2011/05/02 10:35:09 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Roaming\SurfSecret Privacy Suite
[2011/05/02 10:34:52 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\panda2_0dn
[2011/05/02 10:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security URL Filtering
[2011/05/02 10:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
[2011/05/02 10:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/05/02 10:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/05/02 10:32:48 | 000,428,352 | ---- | C] (Panda Security) -- C:\Windows\System32\StubInstaller.exe
[2011/04/27 19:58:21 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Roaming\Unity
[2011/04/22 19:12:10 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\PackageAware
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/05/22 12:46:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/22 12:11:16 | 000,689,956 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2011/05/22 12:11:16 | 000,607,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/22 12:11:16 | 000,135,744 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2011/05/22 12:11:16 | 000,108,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/22 12:11:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ole\Desktop\OTL.exe
[2011/05/22 12:05:17 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/05/22 12:05:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/22 12:05:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/22 12:04:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/22 05:43:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/05/22 05:29:26 | 002,172,450 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/05/21 18:00:01 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/05/21 17:37:25 | 004,352,567 | R--- | M] () -- C:\Users\Ole\Desktop\ComboFix.exe
[2011/05/21 16:39:35 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/21 13:18:21 | 000,000,512 | ---- | M] () -- C:\Users\Ole\Desktop\MBR.dat
[2011/05/21 07:55:28 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Ole\Desktop\aswMBR.exe
[2011/05/21 07:53:58 | 000,000,133 | ---- | M] () -- C:\Users\Ole\Desktop\regfix.reg
[2011/05/20 19:56:13 | 369,589,978 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/19 19:30:30 | 000,000,915 | ---- | M] () -- C:\Users\Ole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/19 19:30:14 | 000,000,735 | ---- | M] () -- C:\Users\Ole\Desktop\NTREGOPT.lnk
[2011/05/19 19:30:14 | 000,000,716 | ---- | M] () -- C:\Users\Ole\Desktop\ERUNT.lnk
[2011/05/13 13:21:28 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ole\Desktop\TDSSKiller.exe
[2011/05/12 08:59:20 | 000,000,872 | ---- | M] () -- C:\Users\Ole\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/12 08:59:20 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/11 20:50:10 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/11 02:45:48 | 000,110,592 | ---- | M] (LG Electronics) -- C:\Users\Ole\Documents\LGMobileDL.dll
[2011/05/10 18:48:38 | 000,433,997 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110512-123349.backup
[2011/05/10 14:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/10 14:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/05/10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/10 13:59:44 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/05/10 08:50:03 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools AntiVirus Free.lnk
[2011/05/10 08:47:39 | 000,513,008 | ---- | M] () -- C:\Users\Ole\Desktop\avinstall.exe
[2011/05/06 09:10:47 | 000,028,259 | ---- | M] () -- C:\Users\Ole\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/05/06 09:10:19 | 000,012,939 | ---- | M] () -- C:\Users\Ole\AppData\Roaming\Comma Separated Values (Windows).CAL
[2011/05/05 19:57:34 | 000,000,032 | ---- | M] () -- C:\Windows\System32\EUOD.DAT
[2011/05/02 16:58:01 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/05/02 16:58:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2011/05/02 16:58:01 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
[2011/05/02 16:40:59 | 000,000,904 | ---- | M] () -- C:\Users\Ole\Desktop\ParetoLogic PC Health Advisor.lnk
[2011/05/02 15:33:47 | 000,000,769 | ---- | M] () -- C:\Users\Ole\Application Data\Microsoft\Internet Explorer\Quick Launch\ThreatFire.lnk
[2011/05/02 15:33:46 | 000,000,745 | ---- | M] () -- C:\Users\Public\Desktop\ThreatFire.lnk
[2011/05/02 14:53:17 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/05/02 10:34:09 | 000,000,264 | ---- | M] () -- C:\Windows\System32\PSUNCpl.dat
[2011/05/01 19:34:35 | 000,043,520 | ---- | M] () -- C:\Users\Ole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/01 15:12:43 | 000,433,297 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110510-184838.backup
[2011/04/27 15:37:12 | 000,149,456 | ---- | M] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2011/04/27 15:37:06 | 002,074,576 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2011/04/27 15:37:06 | 001,533,904 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2011/04/27 15:36:58 | 000,767,952 | ---- | M] () -- C:\Windows\BDTSupport.dll
[2011/04/25 07:47:05 | 000,000,680 | ---- | M] () -- C:\Users\Ole\AppData\Local\d3d9caps.dat
[2011/04/22 19:28:57 | 000,002,590 | ---- | M] () -- C:\Users\Ole\Documents\cc_20110422_192853.reg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/05/21 17:44:10 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/21 17:44:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/21 17:44:10 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/21 17:44:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/21 17:44:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/21 17:37:10 | 004,352,567 | R--- | C] () -- C:\Users\Ole\Desktop\ComboFix.exe
[2011/05/21 07:56:27 | 000,000,512 | ---- | C] () -- C:\Users\Ole\Desktop\MBR.dat
[2011/05/21 07:53:58 | 000,000,133 | ---- | C] () -- C:\Users\Ole\Desktop\regfix.reg
[2011/05/19 19:30:30 | 000,000,915 | ---- | C] () -- C:\Users\Ole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/19 19:30:14 | 000,000,735 | ---- | C] () -- C:\Users\Ole\Desktop\NTREGOPT.lnk
[2011/05/19 19:30:14 | 000,000,716 | ---- | C] () -- C:\Users\Ole\Desktop\ERUNT.lnk
[2011/05/12 08:59:20 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/12 07:50:43 | 369,589,978 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/10 08:52:35 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011/05/10 08:52:34 | 000,002,125 | ---- | C] () -- C:\Windows\UDB.zip
[2011/05/10 08:52:34 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2011/05/10 08:52:34 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2011/05/10 08:52:34 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2011/05/10 08:50:22 | 002,172,450 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/05/10 08:50:03 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools AntiVirus Free.lnk
[2011/05/10 08:47:57 | 000,513,008 | ---- | C] () -- C:\Users\Ole\Desktop\avinstall.exe
[2011/05/06 09:10:19 | 000,012,939 | ---- | C] () -- C:\Users\Ole\AppData\Roaming\Comma Separated Values (Windows).CAL
[2011/05/06 09:05:44 | 008,326,420 | ---- | C] () -- C:\Users\Ole\Documents\GUG_Packard Bell_1.0_NL_DT.pdf
[2011/05/02 16:41:21 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/05/02 16:40:59 | 000,000,904 | ---- | C] () -- C:\Users\Ole\Desktop\ParetoLogic PC Health Advisor.lnk
[2011/05/02 16:40:59 | 000,000,414 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/05/02 16:40:59 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2011/05/02 16:40:58 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor.job
[2011/05/02 15:33:47 | 000,000,769 | ---- | C] () -- C:\Users\Ole\Application Data\Microsoft\Internet Explorer\Quick Launch\ThreatFire.lnk
[2011/05/02 15:33:46 | 000,000,745 | ---- | C] () -- C:\Users\Public\Desktop\ThreatFire.lnk
[2011/05/02 10:34:09 | 000,000,264 | ---- | C] () -- C:\Windows\System32\PSUNCpl.dat
[2011/04/22 19:28:55 | 000,002,590 | ---- | C] () -- C:\Users\Ole\Documents\cc_20110422_192853.reg
[2011/04/10 15:43:27 | 000,000,032 | ---- | C] () -- C:\Windows\System32\EUOD.DAT
[2011/03/12 17:31:57 | 000,017,408 | ---- | C] () -- C:\Windows\START32.EXE
[2011/03/12 17:31:56 | 000,000,335 | ---- | C] () -- C:\Windows\mozregistry.dat
[2011/03/12 15:29:05 | 000,028,259 | ---- | C] () -- C:\Users\Ole\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/01/04 12:14:37 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2011/01/04 12:14:37 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011/01/03 18:38:15 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010/12/25 12:02:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010/12/25 11:21:47 | 000,887,296 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/12/25 11:21:47 | 000,198,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/11/10 19:28:18 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/11/10 19:25:29 | 000,291,328 | ---- | C] () -- C:\Windows\System32\binkw32.dll
[2010/05/30 16:50:51 | 000,000,195 | ---- | C] () -- C:\Users\Ole\AppData\Roaming\default.rss
[2009/12/10 18:38:40 | 000,000,680 | ---- | C] () -- C:\Users\Ole\AppData\Local\d3d9caps.dat
[2009/12/03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/08 00:51:58 | 000,057,344 | ---- | C] () -- C:\Windows\rzrunins.exe
[2009/10/31 23:35:48 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009/10/19 22:28:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/19 22:28:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/26 20:29:29 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2009/07/26 20:23:42 | 000,000,032 | ---- | C] () -- C:\Windows\start.INI
[2009/05/21 20:22:50 | 000,001,821 | ---- | C] () -- C:\Windows\CDPlayer.ini
[2009/05/21 15:24:28 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/05/21 15:24:27 | 000,043,520 | ---- | C] () -- C:\Users\Ole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/21 08:45:43 | 000,000,000 | ---- | C] () -- C:\Users\Ole\AppData\Roaming\wklnhst.dat
[2009/05/20 22:45:55 | 000,079,360 | ---- | C] () -- C:\Windows\System32\acdbres.dll
[2009/05/20 17:26:37 | 000,000,608 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/05/20 11:36:09 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/05/20 11:36:02 | 000,008,164 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2008/09/28 06:46:56 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/09/28 06:19:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/01/21 07:45:56 | 000,689,956 | ---- | C] () -- C:\Windows\System32\perfh013.dat
[2008/01/21 07:45:56 | 000,336,440 | ---- | C] () -- C:\Windows\System32\perfi013.dat
[2008/01/21 07:45:56 | 000,135,744 | ---- | C] () -- C:\Windows\System32\perfc013.dat
[2008/01/21 07:45:56 | 000,041,976 | ---- | C] () -- C:\Windows\System32\perfd013.dat
[2006/11/02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:44:53 | 000,480,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:33:01 | 000,607,470 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,108,742 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:25:25 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscld.dll
[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002/03/13 16:46:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\ZLib.dll
[2001/04/23 01:07:28 | 000,045,056 | ---- | C] () -- C:\Windows\System32\mtstack.exe
========== LOP Check ==========
[2010/12/25 01:04:57 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Azureus
[2011/03/14 12:27:46 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Aid4Mail2
[2010/12/29 11:57:23 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Autodesk
[2011/05/21 19:47:14 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Azureus
[2010/11/11 20:57:29 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Chessmaster Challenge
[2010/11/10 19:32:55 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\DriverCure
[2009/08/02 20:17:13 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\GARMIN
[2010/05/31 13:05:05 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\GlarySoft
[2009/11/10 12:25:18 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\IObit
[2010/05/27 18:56:07 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\iWin
[2011/02/02 12:24:20 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\LG Electronics
[2010/11/11 20:57:30 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\LimeWire
[2010/11/11 20:51:29 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\My Games
[2009/05/24 06:42:10 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\OpenOffice.org
[2009/05/20 22:30:45 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Packard Bell
[2011/05/02 10:51:06 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Panda Security
[2009/12/12 18:48:43 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\PandoraRecovery
[2010/11/10 19:32:54 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\ParetoLogic
[2010/05/31 16:43:50 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\RegistryTool
[2009/06/16 11:20:39 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Songbird2
[2011/01/25 17:57:25 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\SpeedSim
[2010/05/27 18:54:50 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\SpinTop
[2011/05/02 10:35:09 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\SurfSecret Privacy Suite
[2011/01/20 14:50:20 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Template
[2009/12/12 11:38:56 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Thunderbird
[2010/11/27 21:08:27 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Tibia
[2011/01/20 16:51:22 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\TuneUpMedia
[2011/04/27 19:58:21 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Unity
[2010/11/11 20:57:29 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\uTorrent
[2011/01/06 15:19:58 | 000,000,000 | -H-D | M] -- C:\Users\Ole\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
[2011/05/22 12:05:17 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011/05/21 18:00:01 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2011/05/02 16:58:01 | 000,000,414 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2011/05/02 16:58:01 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
[2011/05/02 16:58:01 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor.job
[2011/05/22 05:43:41 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:C947F6D9
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D158BAF9
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:93E9C78D
< End of report >
Quindorian
2011-05-22, 13:43
and extras
OTL Extras logfile created on: 22/05/2011 13:17:07 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Ole\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 48,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,09 Gb Total Space | 124,48 Gb Free Space | 43,66% Space Free | Partition Type: NTFS
Drive J: | 931,28 Gb Total Space | 657,12 Gb Free Space | 70,56% Space Free | Partition Type: FAT32
Computer Name: PC_OLE | User Name: Ole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1100745386-3923300980-3176444086-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C246BF7-95DB-44CB-873C-4EF1DBA5FF47}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1394F062-D7B5-4796-AE6A-C88E0A6C7CBC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{15D263D1-1132-4AF0-8F93-D3E9A760AEFB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{286BE7BF-05F8-4136-B831-D86CEBFF46CA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3AE671F9-943D-4C2F-99D6-E31A663BF20C}" = lport=139 | protocol=6 | dir=in | app=system |
"{43BE1A85-04D6-4F1B-81D3-CCD68DCBF3DF}" = lport=445 | protocol=6 | dir=in | app=system |
"{5283A80B-F3A4-4DC2-B718-B7F8F014CBD5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5B02420C-5DCF-4F46-9F02-CBFD2ED122A8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6373A076-D19F-417B-85FC-656B753B239E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{72CEF336-32FD-4E4C-8835-57E2E8606BE4}" = rport=139 | protocol=6 | dir=out | app=system |
"{73D87C1E-13E3-405E-8D6B-94AE161D7849}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99F89AED-8DB9-4048-8C21-52A5619F18D4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A0006EF2-F265-49D8-A68F-3266B67B3808}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A25D6F7B-4206-4A29-AE6B-CBC8D1367CC8}" = rport=137 | protocol=17 | dir=out | app=system |
"{A60C724E-8BCF-428E-99E7-E041BFF20158}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B9DAFC81-9DAB-4711-96C7-363E94F7E10A}" = lport=137 | protocol=17 | dir=in | app=system |
"{C1811E21-959A-4547-AE11-3D18D5309279}" = lport=138 | protocol=17 | dir=in | app=system |
"{C280417A-D31B-456F-880A-631CF5111814}" = rport=138 | protocol=17 | dir=out | app=system |
"{D07C1AC9-68B8-4EFE-B756-052DC3AE893A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2D266C3-8A51-4671-A9F6-9B6093AF24F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DB383A13-40DC-47DA-8C1E-D3AD63E616F8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E1734D65-B610-49C9-973A-3F6F82690491}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F610A382-3928-4433-A9C1-C1F31B4032A1}" = rport=445 | protocol=6 | dir=out | app=system |
"{FDE77E36-B8B4-4169-B588-EF7257386D56}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C868E8-C7AF-40D3-8266-7535FE591AED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0D00F60F-D05A-4411-B036-A14EEF9518E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0F131D0C-0E70-4741-8BA8-5B9CCFFA4D3B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{0FB102A3-AA83-472B-80FE-241AEE9A1018}" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"{10AE7E74-8921-4286-B54B-7F074B4D396A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1864CB26-77D4-4F9D-8B11-E270D5054D45}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dms\clmsservice.exe |
"{23790076-AC7F-49BD-9EE5-76C7F50E680F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2EAC0C32-2631-4824-8A68-012B737DFB1F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{390943A3-4B9A-4713-9E47-0D6FA71BEA2F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3A72AC33-1011-4499-B7AD-EA78B648A5BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3C1A14E4-7A98-4F02-8CD3-197D3CF369AC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{44FCA262-8837-4369-9FB5-1F47F505C142}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4854CAAC-FFB4-4512-BFD2-FC5F36751C55}" = protocol=6 | dir=in | app=c:\program files\alwil software\avast5\avastui.exe |
"{501944CA-1947-4DC8-ABA5-9B19F621FCB4}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{62BE9993-A38B-4432-B27B-F488F84BF2E7}" = protocol=17 | dir=in | app=c:\program files\alwil software\avast5\avastui.exe |
"{640240E2-84E5-48D7-95B3-B825C481664F}" = dir=in | app=c:\program files\cyberlink\powercinema\powercinema.exe |
"{64874A23-1484-4058-86F9-2C4824DCD1CB}" = protocol=6 | dir=out | app=system |
"{6861D8F6-0699-4EEC-BAE5-3F8406E05FD0}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dmp\clbrowserengine.exe |
"{6A126AEB-529B-4452-B7A5-3998DBE0C1A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{75BCD450-228C-4B1A-861D-4A50EA9DD4C4}" = dir=in | app=c:\program files\cyberlink\powercinema\pcmservice.exe |
"{7629F64C-AF19-4288-B6A9-584CA4C195ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{76CE1AE0-C48E-4BFE-AD0F-8662F0B98574}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{88BDCB52-ECEC-443B-8A8B-D6E94334B6A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8FCA368C-3279-4927-B5D3-61ECDD209554}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{95F3D5BA-B72F-4C48-92E2-088493A3A756}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{99F31ADC-20FC-42E2-BF51-F8687AA5FBF5}" = dir=in | app=c:\program files\cyberlink\playmovie\pmvservice.exe |
"{AD52A467-428A-4848-A098-33498A71878B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF25F85E-CAAA-498B-80A1-87F31EAC0F95}" = dir=in | app=c:\program files\cyberlink\playmovie\playmovie.exe |
"{B7E25367-8E41-4B6C-B6D6-1DD6676117FF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BC9C8E79-3519-4414-8449-036EB7B8A01C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BF88595E-40A0-4F76-87B2-93308E761697}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{C2E08CAC-1AAF-4C79-B381-F87D90F15351}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C6D5E019-C928-4775-B9B1-FAD3ED6BBF26}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CB07866D-0349-47F9-9797-DF4EC69A74F3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CE4B8425-67B3-48DF-A6D2-62D451C8089C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D635691F-7A2E-4F37-A1AF-653032060FB6}" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"{DE1F91FB-BD99-4019-944F-06F03B4AD84F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{EDBBDED4-FE20-42F9-8FEF-A191EF16DF14}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F126673C-AB8A-472A-A590-106B9F0F018C}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{F21A0B4D-8BE7-4BD2-B111-76722130EAA9}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F5E6DC3B-1B76-4E24-9A0C-5651A13AC447}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{FCEA7489-9F2F-4D14-8AD0-2EEA4E9D53B9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FF3C0E11-3AC1-4F3C-B493-32B33488F2E1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{765066B5-0486-47C1-84AF-66D00F4647A7}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{9CE9C2A5-7B82-4FC6-ABA6-636FF7474F77}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{88DDFA7D-099B-4B6E-9E19-2CBDC94EE609}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{A99D952A-F2CA-4249-8332-A08CB318BFC4}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3559CDE0-11FC-4D7B-A65C-D646035B1043}" = Nero 8 Essentials
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{461B11E8-BF34-4ACB-962A-1CBE905BD9EB}" = LG United Mobile Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C2BF3B9-7E8A-49DE-B662-3656FE60BB01}" = Civ3 Conquests v1.22 Full
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{5158F1F5-FA1B-4D49-B546-55A5004B89BD}" = Microsoft Works
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-0101-0409-0000-0060B0CE6BBA}" = AutoCAD 2002
"{5783F2D7-8001-0409-0002-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0413-0000-0000000FF1CE}" = Compatibiliteitspakket voor het 2007 Microsoft Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_HOMESTUDENTR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91EBCCB9-A539-4306-AC5A-F372E0D6092B}" = OpenOffice.org 3.3
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{95120000-00AF-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Dutch)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver
"{AC76BA86-7AD7-1043-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Nederlands
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CD19EDD9-1632-4002-9212-7478E4BA0423}" = Windows Live Sync
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{d50f1a09-5349-4f96-a93e-d7524549896c}" = Nero 9
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = Installatie van LG PC Suite III ongedaan maken
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC}" = Panda Cloud Antivirus
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"8461-7759-5462-8226" = Vuze
"Activision_CivCTPUninstallKey" = Civilization: Call To Power
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"AnswerWorks" = AnswerWorks Runtime
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"avast" = avast! Free Antivirus
"Browser Defender_is1" = Browser Defender 3.0
"CCleaner" = CCleaner
"Codec_is1" = Codec 8.3p
"EASEUS Todo Backup Home 2.0_is1" = EASEUS Todo Backup Home 2.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Glary Utilities_is1" = Glary Utilities 2.33.0.1158
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
"Mozilla Firefox 4.0.1 (x86 nl)" = Mozilla Firefox 4.0.1 (x86 nl)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"NVIDIA Drivers" = NVIDIA Drivers
"Office2007" = Microsoft Office Home and Student
"Panda Cloud Antivirus" = Panda Cloud Antivirus
"Panda Security URL Filtering" = Panda Security URL Filtering
"pandasecuritytb" = Panda Security Toolbar
"PandoraRecovery" = PandoraRecovery (Remove Only)
"Pixie_is1" = Pixie 1.7.6
"Smart Defrag_is1" = Smart Defrag
"SpeedSim" = SpeedSim
"Spyware Doctor" = PC Tools AntiVirus Free 8.0
"Starcraft Brood War (RAZOR 1911)" = Starcraft Brood War (RAZOR 1911)
"Tibia_is1" = Tibia
"TuneUpMedia" = TuneUp Companion 1.9.0
"VLC media player" = VLC media player 1.0.1
"Volo View Express" = Volo View Express
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Works9" = Microsoft Works 9.0
"Xvid_is1" = Xvid 1.2.1 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1100745386-3923300980-3176444086-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 3/06/2009 7:02:31 | Computer Name = PC_Ole | Source = avast! | ID = 33554522
Description =
Error - 23/07/2009 9:19:09 | Computer Name = PC_Ole | Source = avast! | ID = 33554522
Description =
Error - 9/08/2009 16:14:42 | Computer Name = PC_Ole | Source = avast! | ID = 33554522
Description =
Error - 9/08/2009 16:14:42 | Computer Name = PC_Ole | Source = avast! | ID = 33554522
Description =
Error - 1/11/2009 5:13:28 | Computer Name = PC_Ole | Source = avast! | ID = 33554522
Description =
Error - 12/01/2010 21:04:40 | Computer Name = PC_Ole | Source = avast! | ID = 33554522
Description =
Error - 4/02/2010 3:16:04 | Computer Name = PC_Ole | Source = avast! | ID = 33554522
Description =
Error - 16/02/2010 3:07:02 | Computer Name = PC_Ole | Source = avast! | ID = 33554522
Description =
Error - 16/02/2010 3:20:55 | Computer Name = PC_Ole | Source = avast! | ID = 33554522
Description =
Error - 27/04/2010 7:30:48 | Computer Name = PC_Ole | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 24/11/2010 15:42:56 | Computer Name = PC_Ole | Source = WinMgmt | ID = 10
Description =
Error - 25/11/2010 11:19:58 | Computer Name = PC_Ole | Source = WinMgmt | ID = 10
Description =
Error - 26/11/2010 2:43:33 | Computer Name = PC_Ole | Source = WinMgmt | ID = 10
Description =
Error - 26/11/2010 15:02:51 | Computer Name = PC_Ole | Source = WinMgmt | ID = 10
Description =
Error - 27/11/2010 2:17:27 | Computer Name = PC_Ole | Source = WinMgmt | ID = 10
Description =
Error - 27/11/2010 7:58:49 | Computer Name = PC_Ole | Source = WinMgmt | ID = 10
Description =
Error - 27/11/2010 8:00:39 | Computer Name = PC_Ole | Source = WinMgmt | ID = 10
Description =
Error - 27/11/2010 10:22:26 | Computer Name = PC_Ole | Source = Application Hang | ID = 1002
Description = Programma ShowTime.exe, versie 5.0.13.100 reageert niet meer op Windows
en is afgesloten. Als u wilt zien of meer informatie over het probleem beschikbaar
is, kunt u de probleemgeschiedenis in onderdeel Probleemrapporten en -oplossingen
in het Configuratiescherm controleren. Proces-id: 117c Starttijd: 01cb8e3e69c8a326
Eindtijd:
73
Error - 27/11/2010 10:23:12 | Computer Name = PC_Ole | Source = Application Error | ID = 1000
Description = Toepassing met fout Civilization3.exe, versie 0.0.0.0, tijdstempel
0x504d6947, module met fout unknown, versie 0.0.0.0, tijdstempel 0x00000000, uitzonderingscode
0xc0000005, foutmarge 0x00000384, proces-id 0x131c, starttijd van toepassing 0x01cb8e3e9eeee646.
Error - 27/11/2010 10:23:33 | Computer Name = PC_Ole | Source = Application Error | ID = 1000
Description = Toepassing met fout Civilization3.exe, versie 0.0.0.0, tijdstempel
0x504d6947, module met fout unknown, versie 0.0.0.0, tijdstempel 0x00000000, uitzonderingscode
0xc0000005, foutmarge 0x00000384, proces-id 0x1490, starttijd van toepassing 0x01cb8e3eab9e1f56.
[ OSession Events ]
Error - 6/11/2010 9:40:58 | Computer Name = PC_Ole | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21/04/2011 1:20:33 | Computer Name = PC_Ole | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 63
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 21/05/2011 23:40:27 | Computer Name = PC_Ole | Source = Service Control Manager | ID = 7000
Description =
Error - 21/05/2011 23:40:53 | Computer Name = PC_Ole | Source = Service Control Manager | ID = 7009
Description =
Error - 21/05/2011 23:40:53 | Computer Name = PC_Ole | Source = Service Control Manager | ID = 7000
Description =
Error - 21/05/2011 23:41:22 | Computer Name = PC_Ole | Source = DCOM | ID = 10010
Description =
Error - 22/05/2011 6:05:38 | Computer Name = PC_Ole | Source = Service Control Manager | ID = 7023
Description =
Error - 22/05/2011 6:05:58 | Computer Name = PC_Ole | Source = Service Control Manager | ID = 7026
Description =
Error - 22/05/2011 6:15:53 | Computer Name = PC_Ole | Source = Service Control Manager | ID = 7034
Description =
Error - 22/05/2011 6:24:26 | Computer Name = PC_Ole | Source = Service Control Manager | ID = 7030
Description =
Error - 22/05/2011 6:35:43 | Computer Name = PC_Ole | Source = Service Control Manager | ID = 7030
Description =
Error - 22/05/2011 6:46:52 | Computer Name = PC_Ole | Source = Service Control Manager | ID = 7030
Description =
< End of report >
Just a few things need to be removed, one of them is Ask Toolbar, but this is your call, read this and let me know
* It promotes its toolbars on sites targeted at kids.
* It promotes its toolbars through ads that appear to be part of other companies' sites.
* It promotes its toolbars through other companies' spyware.
* It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
* It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
* It makes confusing changes to user's browsers - increasing Ask's revenues while taking users to pages they didn't intend to visit.
Quindorian
2011-05-22, 19:42
I removed Panda and Threatfire, but I can't find how to remove 'ask jeeves'.
And I still got some strange things here: In the program removal menu of windows I only get shown blank fields, no txt inside, and I can't seem to remove any programs there. I 'm using Glary Utilities for that now.
Next to that, whenever I close my Firefox it gives me a malfunction notice and it want's to search for an sollution for the problem. This could well be a glitch in Firefox, since it 's the brand new 4.0.1 version. I tried a quick reinstall, but it didn't help.
Next to that, I believe I'm in the clear, right? I'm really grateful and you 'll notice soon. http://forums.spybot.info/images/smilies/MrGreen.gif
Looks like your Hostsfile is infected, this will fix it, make sure if your hooked up to a router that its all enabled. After the fix let me know if your still having issues with Firefox
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
SRV - (srv4B8) -- File not found
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
[2011/03/14 17:17:43 | 000,002,397 | ---- | M] () -- C:\Users\Ole\AppData\Roaming\Mozilla\Firefox\Profiles\0rgkufor.default\searchplugins\askcom.xml
[2011/05/10 18:48:38 | 000,433,997 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110512-123349.backup
:Services
:Reg
:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
Quindorian
2011-05-22, 20:35
ask bar is gone, Firefox closes normally.
In my remove programs list, i still see a empty drop down and side menu.
Here is the report after the fix, scanning after this post.
All processes killed
========== PROCESSES ==========
========== OTL ==========
Error: No service named srv4B8 was found to stop!
Service\Driver key srv4B8 not found.
File File not found not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
C:\Users\Ole\AppData\Roaming\Mozilla\Firefox\Profiles\0rgkufor.default\searchplugins\askcom.xml moved successfully.
C:\Windows\System32\drivers\etc\hosts.20110512-123349.backup moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Windows IP-configuratie
Ethernet-adapter LAN-verbinding:
Verbindingsspec. DNS-achtervoegsel:
Link-local IPv6-adres . . . . . . : fe80::2101:9a6e:7e99:764b%10
Standaardgateway. . . . . . . . . :
Tunnel-adapter LAN-verbinding*:
Mediumstatus. . . . . . . . . . . : medium ontkoppeld
Verbindingsspec. DNS-achtervoegsel:
Tunnel-adapter LAN-verbinding* 2:
Mediumstatus. . . . . . . . . . . : medium ontkoppeld
Verbindingsspec. DNS-achtervoegsel:
Tunnel-adapter LAN-verbinding* 6:
Verbindingsspec. DNS-achtervoegsel:
IPv6-adres. . . . . . . . . . . . : 2001:0:5ef5:79fd:2c46:3dfe:4d8a:3526
Link-local IPv6-adres . . . . . . : fe80::2c46:3dfe:4d8a:3526%11
Standaardgateway. . . . . . . . . :
Tunnel-adapter LAN-verbinding* 11:
Mediumstatus. . . . . . . . . . . : medium ontkoppeld
Verbindingsspec. DNS-achtervoegsel:
Tunnel-adapter LAN-verbinding* 12:
Mediumstatus. . . . . . . . . . . : medium ontkoppeld
Verbindingsspec. DNS-achtervoegsel:
Tunnel-adapter LAN-verbinding* 13:
Mediumstatus. . . . . . . . . . . : medium ontkoppeld
Verbindingsspec. DNS-achtervoegsel:
Tunnel-adapter LAN-verbinding* 15:
Mediumstatus. . . . . . . . . . . : medium ontkoppeld
Verbindingsspec. DNS-achtervoegsel:
Tunnel-adapter LAN-verbinding* 16:
Mediumstatus. . . . . . . . . . . : medium ontkoppeld
Verbindingsspec. DNS-achtervoegsel:
C:\Users\Ole\Desktop\cmd.bat deleted successfully.
C:\Users\Ole\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP-configuratie
Ethernet-adapter LAN-verbinding:
Verbindingsspec. DNS-achtervoegsel: telenet.be
Link-local IPv6-adres . . . . . . : fe80::2101:9a6e:7e99:764b%10
IPv4-adres. . . . . . . . . . . . : 178.117.202.217
Subnetmasker. . . . . . . . . . . : 255.255.240.0
Standaardgateway. . . . . . . . . : 178.117.192.1
Tunnel-adapter LAN-verbinding*:
Mediumstatus. . . . . . . . . . . : medium ontkoppeld
Verbindingsspec. DNS-achtervoegsel: telenet.be
Tunnel-adapter LAN-verbinding* 2:
Verbindingsspec. DNS-achtervoegsel: telenet.be
IPv6-adres. . . . . . . . . . . . : 2002:b275:cad9::b275:cad9
Standaardgateway. . . . . . . . . : 2002:c058:6301::c058:6301
Tunnel-adapter LAN-verbinding* 6:
Verbindingsspec. DNS-achtervoegsel:
IPv6-adres. . . . . . . . . . . . : 2001:0:5ef5:79fd:2c46:3dfe:4d8a:3526
Link-local IPv6-adres . . . . . . : fe80::2c46:3dfe:4d8a:3526%11
Standaardgateway. . . . . . . . . :
Tunnel-adapter LAN-verbinding* 11:
Mediumstatus. . . . . . . . . . . : medium ontkoppeld
Verbindingsspec. DNS-achtervoegsel:
Tunnel-adapter LAN-verbinding* 12:
Mediumstatus. . . . . . . . . . . : medium ontkoppeld
Verbindingsspec. DNS-achtervoegsel:
Tunnel-adapter LAN-verbinding* 13:
Mediumstatus. . . . . . . . . . . : medium ontkoppeld
Verbindingsspec. DNS-achtervoegsel:
Tunnel-adapter LAN-verbinding* 15:
Mediumstatus. . . . . . . . . . . : medium ontkoppeld
Verbindingsspec. DNS-achtervoegsel:
Tunnel-adapter LAN-verbinding* 16:
Mediumstatus. . . . . . . . . . . : medium ontkoppeld
Verbindingsspec. DNS-achtervoegsel:
C:\Users\Ole\Desktop\cmd.bat deleted successfully.
C:\Users\Ole\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP-configuratie
De DNS-omzettingscache is leeggemaakt.
C:\Users\Ole\Desktop\cmd.bat deleted successfully.
C:\Users\Ole\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 373470 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 85199598 bytes
->Flash cache emptied: 562 bytes
User: Ole
->Temp folder emptied: 6682235 bytes
->Temporary Internet Files folder emptied: 2191053 bytes
->Java cache emptied: 65937201 bytes
->FireFox cache emptied: 50763247 bytes
->Flash cache emptied: 9592 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 201,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 05222011_202237
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Quindorian
2011-05-22, 21:05
scan report
OTL logfile created on: 22/05/2011 20:36:28 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Ole\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,09 Gb Total Space | 124,77 Gb Free Space | 43,77% Space Free | Partition Type: NTFS
Drive J: | 931,28 Gb Total Space | 657,12 Gb Free Space | 70,56% Space Free | Partition Type: FAT32
Computer Name: PC_OLE | User Name: Ole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Ole\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\AOSD.exe (Packard Bell BV)
PRC - C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe (Packard Bell BV)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
========== Modules (SafeList) ==========
MOD - C:\Users\Ole\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
In my remove programs list, i still see a empty drop down and side menu.
Not sure if I am understanding what your posting, do you mean when you go to Programs and Features in the Control Panel that nothing loads ??
You did not post an entire OTL log, please run it again (not the fix ) just the scan and post a new log please
Quindorian
2011-05-23, 19:54
I've captured an image of what I get to see when i'm in programs and features, when trying to uninstall in windows directly. Also when I right click on something, it gives a dropdown menu but with nothing inside. (see attachment)
Im rerunning the scan and will repost the report soon.
Quindorian
2011-05-23, 20:01
OTL logfile created on: 23/05/2011 19:54:57 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Ole\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,09 Gb Total Space | 124,32 Gb Free Space | 43,61% Space Free | Partition Type: NTFS
Drive J: | 931,28 Gb Total Space | 657,12 Gb Free Space | 70,56% Space Free | Partition Type: FAT32
Computer Name: PC_OLE | User Name: Ole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Ole\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\PicPick\picpick.exe ()
PRC - C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\AOSD.exe (Packard Bell BV)
PRC - C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe (Packard Bell BV)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
========== Modules (SafeList) ==========
MOD - C:\Users\Ole\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\AVAST Software\Avast\snxhk.dll (AVAST Software)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (EASEUS Agent) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Partner Service) -- C:\ProgramData\Partner\partner.exe (Google Inc.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
========== Driver Services (SafeList) ==========
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (EUFS) -- C:\Windows\system32\drivers\eufs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUDSKACS) -- C:\Windows\System32\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUBAKUP) -- C:\Windows\system32\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EuDisk) -- C:\Windows\System32\drivers\EuDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (LgBttPort) -- C:\Windows\System32\drivers\lgbtport.sys (LG Electronics Inc.)
DRV - (LGVMODEM) -- C:\Windows\System32\drivers\lgvmodem.sys (LG Electronics Inc.)
DRV - (lgbusenum) -- C:\Windows\System32\drivers\lgbtbus.sys (LG Electronics Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (lgmdmdm) -- C:\Windows\System32\drivers\lgmdmdm.sys (MCCI Corporation)
DRV - (lgmdmgmt) LG Mobile USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\lgmdmgmt.sys (MCCI Corporation)
DRV - (lgmdobex) -- C:\Windows\System32\drivers\lgmdobex.sys (MCCI Corporation)
DRV - (lgmdbus) LG Mobile driver (WDM) -- C:\Windows\System32\drivers\lgmdbus.sys (MCCI Corporation)
DRV - (lgmdmdfl) -- C:\Windows\System32\drivers\lgmdmdfl.sys (MCCI Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\CyberLink\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&PC=VIATDF&q="
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.standaard.be/"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: nl-NL@dictionaries.addons.mozilla.org:3.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {2bfc8624-5b8a-4060-b86a-e78ccbc38509}:2.4
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:2.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=panda&type=PCAFSI1143&p="
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/22 20:15:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/22 19:33:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 00:16:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/06 10:38:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2009/12/12 11:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ole\AppData\Roaming\mozilla\Extensions
[2009/12/12 11:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ole\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/05/20 17:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ole\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2009/06/16 11:20:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ole\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2011/05/22 19:26:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ole\AppData\Roaming\mozilla\Firefox\Profiles\0rgkufor.default\extensions
[2010/04/27 10:59:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ole\AppData\Roaming\mozilla\Firefox\Profiles\0rgkufor.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/28 11:12:06 | 000,000,000 | ---D | M] ("BetterSearch") -- C:\Users\Ole\AppData\Roaming\mozilla\Firefox\Profiles\0rgkufor.default\extensions\{2bfc8624-5b8a-4060-b86a-e78ccbc38509}
[2010/12/13 18:14:09 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Ole\AppData\Roaming\mozilla\Firefox\Profiles\0rgkufor.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/11/27 08:25:29 | 000,000,000 | ---D | M] (Woordenboek Nederlands) -- C:\Users\Ole\AppData\Roaming\mozilla\Firefox\Profiles\0rgkufor.default\extensions\nl-NL@dictionaries.addons.mozilla.org
[2010/01/17 10:53:12 | 000,002,185 | ---- | M] () -- C:\Users\Ole\AppData\Roaming\Mozilla\Firefox\Profiles\0rgkufor.default\searchplugins\bing.xml
[2011/05/22 19:33:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/14 10:59:40 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
[2011/05/22 20:15:39 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/04/14 18:57:43 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010/01/01 10:00:00 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010/01/01 10:00:00 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010/01/01 10:00:00 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
O1 HOSTS File: ([2011/05/22 20:22:43 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - File not found
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [FujiKeyboard] c:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe (Packard Bell BV)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [PicPick Start] C:\Program Files\PicPick\picpick.exe ()
O4 - Startup: C:\Users\Ole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.131.5 195.130.130.133
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ole\Pictures\Windows_by_serpim [DesktopNexus.com].jpg
O24 - Desktop BackupWallPaper: C:\Users\Ole\Pictures\Windows_by_serpim [DesktopNexus.com].jpg
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/26 19:51:21 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/23 19:47:39 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Roaming\picpick
[2011/05/23 19:47:24 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PicPick
[2011/05/23 19:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\PicPick
[2011/05/22 20:22:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/22 20:20:59 | 000,000,000 | ---D | C] -- C:\Users\Ole\Desktop\Erunt
[2011/05/22 20:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/05/22 20:16:17 | 000,307,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/22 20:16:17 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/05/22 20:16:16 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/22 20:16:16 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/22 20:16:15 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/22 20:16:15 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/22 20:15:35 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/22 20:15:34 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/05/22 20:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/05/22 20:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/22 12:55:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/22 12:55:25 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\temp
[2011/05/22 12:18:46 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/05/22 12:15:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/22 12:10:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Ole\Desktop\OTL.exe
[2011/05/22 05:27:53 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/05/22 05:27:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/05/22 05:27:41 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/05/22 05:27:40 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/05/22 05:27:36 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/05/22 05:27:13 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/05/22 05:26:58 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/05/22 05:26:57 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/05/22 05:26:41 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/05/22 05:26:40 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/05/22 05:26:37 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/05/22 05:26:37 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/05/21 18:16:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/21 17:44:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/21 17:44:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/21 17:44:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/21 17:41:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/21 14:26:33 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ole\Desktop\TDSSKiller.exe
[2011/05/21 07:55:27 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Ole\Desktop\aswMBR.exe
[2011/05/19 19:31:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/19 19:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/05/19 19:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/10 08:49:45 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/05/02 16:40:59 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2011/05/02 16:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2011/05/02 16:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2011/05/02 15:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/05/02 10:51:06 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Roaming\Panda Security
[2011/05/02 10:35:09 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Roaming\SurfSecret Privacy Suite
[2011/05/02 10:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/05/02 10:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/05/02 10:32:48 | 000,428,352 | ---- | C] (Panda Security) -- C:\Windows\System32\StubInstaller.exe
[2011/04/27 19:58:21 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Roaming\Unity
========== Files - Modified Within 30 Days ==========
[2011/05/23 19:50:23 | 000,124,396 | ---- | M] () -- C:\Users\Ole\Documents\Image 000.png
[2011/05/23 19:22:00 | 000,689,956 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2011/05/23 19:22:00 | 000,607,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/23 19:22:00 | 000,135,744 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2011/05/23 19:22:00 | 000,108,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/23 19:15:42 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/05/23 19:15:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/23 19:15:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/23 19:15:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/23 07:57:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/05/22 20:22:43 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/22 20:16:18 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/22 20:16:15 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/22 19:51:55 | 000,480,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/22 19:45:35 | 002,174,580 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/05/22 19:33:40 | 000,000,872 | ---- | M] () -- C:\Users\Ole\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/22 19:33:40 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/22 12:11:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ole\Desktop\OTL.exe
[2011/05/21 18:00:01 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/05/21 17:37:25 | 004,352,567 | R--- | M] () -- C:\Users\Ole\Desktop\ComboFix.exe
[2011/05/21 16:39:35 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/21 13:18:21 | 000,000,512 | ---- | M] () -- C:\Users\Ole\Desktop\MBR.dat
[2011/05/21 07:55:28 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Ole\Desktop\aswMBR.exe
[2011/05/21 07:53:58 | 000,000,133 | ---- | M] () -- C:\Users\Ole\Desktop\regfix.reg
[2011/05/20 19:56:13 | 369,589,978 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/19 19:30:30 | 000,000,915 | ---- | M] () -- C:\Users\Ole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/19 19:30:14 | 000,000,735 | ---- | M] () -- C:\Users\Ole\Desktop\NTREGOPT.lnk
[2011/05/19 19:30:14 | 000,000,716 | ---- | M] () -- C:\Users\Ole\Desktop\ERUNT.lnk
[2011/05/13 13:21:28 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ole\Desktop\TDSSKiller.exe
[2011/05/11 02:45:48 | 000,110,592 | ---- | M] (LG Electronics) -- C:\Users\Ole\Documents\LGMobileDL.dll
[2011/05/10 14:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/10 14:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/05/10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/10 13:59:44 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/05/10 08:47:39 | 000,513,008 | ---- | M] () -- C:\Users\Ole\Desktop\avinstall.exe
[2011/05/06 09:10:47 | 000,028,259 | ---- | M] () -- C:\Users\Ole\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/05/06 09:10:19 | 000,012,939 | ---- | M] () -- C:\Users\Ole\AppData\Roaming\Comma Separated Values (Windows).CAL
[2011/05/05 19:57:34 | 000,000,032 | ---- | M] () -- C:\Windows\System32\EUOD.DAT
[2011/05/02 16:58:01 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/05/02 16:58:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2011/05/02 16:58:01 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
[2011/05/02 16:40:59 | 000,000,904 | ---- | M] () -- C:\Users\Ole\Desktop\ParetoLogic PC Health Advisor.lnk
[2011/05/02 14:53:17 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/05/01 19:34:35 | 000,043,520 | ---- | M] () -- C:\Users\Ole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/01 15:12:43 | 000,433,297 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110510-184838.backup
[2011/04/25 07:47:05 | 000,000,680 | ---- | M] () -- C:\Users\Ole\AppData\Local\d3d9caps.dat
========== Files Created - No Company Name ==========
[2011/05/23 19:50:23 | 000,124,396 | ---- | C] () -- C:\Users\Ole\Documents\Image 000.png
[2011/05/22 20:16:18 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/21 17:44:10 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/21 17:44:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/21 17:44:10 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/21 17:44:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/21 17:44:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/21 17:37:10 | 004,352,567 | R--- | C] () -- C:\Users\Ole\Desktop\ComboFix.exe
[2011/05/21 07:56:27 | 000,000,512 | ---- | C] () -- C:\Users\Ole\Desktop\MBR.dat
[2011/05/21 07:53:58 | 000,000,133 | ---- | C] () -- C:\Users\Ole\Desktop\regfix.reg
[2011/05/19 19:30:30 | 000,000,915 | ---- | C] () -- C:\Users\Ole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/19 19:30:14 | 000,000,735 | ---- | C] () -- C:\Users\Ole\Desktop\NTREGOPT.lnk
[2011/05/19 19:30:14 | 000,000,716 | ---- | C] () -- C:\Users\Ole\Desktop\ERUNT.lnk
[2011/05/12 08:59:20 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/12 07:50:43 | 369,589,978 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/10 08:50:22 | 002,174,580 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/05/10 08:47:57 | 000,513,008 | ---- | C] () -- C:\Users\Ole\Desktop\avinstall.exe
[2011/05/06 09:10:19 | 000,012,939 | ---- | C] () -- C:\Users\Ole\AppData\Roaming\Comma Separated Values (Windows).CAL
[2011/05/06 09:05:44 | 008,326,420 | ---- | C] () -- C:\Users\Ole\Documents\GUG_Packard Bell_1.0_NL_DT.pdf
[2011/05/02 16:41:21 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/05/02 16:40:59 | 000,000,904 | ---- | C] () -- C:\Users\Ole\Desktop\ParetoLogic PC Health Advisor.lnk
[2011/05/02 16:40:59 | 000,000,414 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/05/02 16:40:59 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2011/05/02 16:40:58 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor.job
[2011/04/10 15:43:27 | 000,000,032 | ---- | C] () -- C:\Windows\System32\EUOD.DAT
[2011/03/12 17:31:57 | 000,017,408 | ---- | C] () -- C:\Windows\START32.EXE
[2011/03/12 17:31:56 | 000,000,335 | ---- | C] () -- C:\Windows\mozregistry.dat
[2011/03/12 15:29:05 | 000,028,259 | ---- | C] () -- C:\Users\Ole\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/01/04 12:14:37 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2011/01/04 12:14:37 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011/01/03 18:38:15 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010/12/25 12:02:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010/12/25 11:21:47 | 000,887,296 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/12/25 11:21:47 | 000,198,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/11/10 19:28:18 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/11/10 19:25:29 | 000,291,328 | ---- | C] () -- C:\Windows\System32\binkw32.dll
[2010/05/30 16:50:51 | 000,000,195 | ---- | C] () -- C:\Users\Ole\AppData\Roaming\default.rss
[2009/12/10 18:38:40 | 000,000,680 | ---- | C] () -- C:\Users\Ole\AppData\Local\d3d9caps.dat
[2009/12/03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/08 00:51:58 | 000,057,344 | ---- | C] () -- C:\Windows\rzrunins.exe
[2009/10/31 23:35:48 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009/10/19 22:28:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/19 22:28:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/26 20:29:29 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2009/07/26 20:23:42 | 000,000,032 | ---- | C] () -- C:\Windows\start.INI
[2009/05/21 20:22:50 | 000,001,821 | ---- | C] () -- C:\Windows\CDPlayer.ini
[2009/05/21 15:24:28 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/05/21 15:24:27 | 000,043,520 | ---- | C] () -- C:\Users\Ole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/21 08:45:43 | 000,000,000 | ---- | C] () -- C:\Users\Ole\AppData\Roaming\wklnhst.dat
[2009/05/20 22:45:55 | 000,079,360 | ---- | C] () -- C:\Windows\System32\acdbres.dll
[2009/05/20 17:26:37 | 000,000,608 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/05/20 11:36:09 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/05/20 11:36:02 | 000,008,164 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2008/09/28 06:46:56 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/09/28 06:19:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/01/21 07:45:56 | 000,689,956 | ---- | C] () -- C:\Windows\System32\perfh013.dat
[2008/01/21 07:45:56 | 000,336,440 | ---- | C] () -- C:\Windows\System32\perfi013.dat
[2008/01/21 07:45:56 | 000,135,744 | ---- | C] () -- C:\Windows\System32\perfc013.dat
[2008/01/21 07:45:56 | 000,041,976 | ---- | C] () -- C:\Windows\System32\perfd013.dat
[2006/11/02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:44:53 | 000,480,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:33:01 | 000,607,470 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,108,742 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:25:25 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscld.dll
[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002/03/13 16:46:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\ZLib.dll
[2001/04/23 01:07:28 | 000,045,056 | ---- | C] () -- C:\Windows\System32\mtstack.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:C947F6D9
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D158BAF9
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:93E9C78D
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
I am looking at your screenshot , let me ask you, when you highlight one of those entries and select Uninstall, do you not have that option ???
Quindorian
2011-05-23, 23:35
it's weird. When I right click on one highlighted item (right click that is) there comes a drop down menu with one,two or three empty options. If I click on one of them, there comes an empty dialog box with a warning, giving me the choice "yes or no" but with no title or txt inside.
I took another screencap with the dialogbox. It seems I cant take a screenshot with my mouse menu down. It's been like this for some time now, but I've worked around it with other tools.
Quindorian
2011-05-23, 23:36
here's the pic
Not sure what thats all about, it may be just a windows issue, all us forums work together , post here , I will keep this thread open for you, post back and let me know what they said
http://forums.whatthetech.com/index.php?showforum=119
Quindorian
2011-05-24, 01:18
I'll do that tomorrow, just a last question, Erunt gave me a warning. I suppose I can shut it down from startup and it's nothing bad. Pic included
Looks like it just would not run, not sure but will check on it an get back to you when you post back
Quindorian
2011-05-24, 19:59
As for the answer from the wtt forums: They knew about the problem, I didn't try it yet, It'll be my project for another day.
Hi, and welcome to the WTT forums
welcome.gif
We come across the problem you describe from time to time....
Take a look here:
http://www.mydigitallife.info/vista-uninst...nd-not-showing/
I hope that this will help you.
Note: If you should find it necessary to edit the Registry to reset the "views" then before following the directions here:
http://www.mydigitallife.info/delete-and-r...lt-clean-state/
be sure that you back up your Registry before you start. Erunt is good for this, and available from here:
http://www.larshederer.homepage.t-online.de/erunt/
Regards
paws
This post has been edited by paws: Today, 11:50 AM
Ok, thanks for letting me know, your in good hands with PAWS, I will keep this thread open for you for a few days, post back and let me know if its been resolved
Quindorian
2011-05-30, 15:34
I'll leave it be for now, it's a minor bug in windows and doesn't do any harm. And it look like a lot of work putting it all back in order again.
So this mail is to let you ppl know that this thread can be closed as far as I am concerned.
Thanks for the great help I got, and I will donate for the further advance of Spybot Team.
Q
:bigthumb:
Thanks for getting back to me.
Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups
Malwarebytes is the free version and yours to keep and will not be removed
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken