[Streetwise]

Every time I run Super antispyware it detects "trojan agent/gen-alerterALG 2 items" (see below). Can you please tell me how I can get rid of this trojan once and for all?

[Advertisements]

Hi there and sorry for the delay I will need a fresh look at your system and what are your current symptoms

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop

• Close ALL OTHER PROGRAMS.
• Double-click on OTS.exe to start the program.
• Check the box that says Scan All Users
• Under Additional Scans check the following:
  • File - Lop Check
  • File - Purity Scan
  • Evnt - EvtViewer (last 10)
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

Download RootRepeal from one of the following locations and save it to your desktop:Link 1
Link 2
Link 3

• Double click to start the program
• Click on the Report tab at the bottom of the program window
• Click the button
• In the Select Scan dialog, check:
  • Drivers
  • Files
  • Processes
  • SSDT
  • Stealth Objects
  • Hidden Services
  • Shadow SSDT
• Click the OK button
• In the next dialog, select all drives showing
• Click OK to start the scan
  

  Note: The scan can take some time. DO NOT run any other programs while the scan is running

• When the scan is complete, click the button and save the report to your Desktop as RootRepeal.txt
• Go to File, then Exit to close the program

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

[chamber]

Hi there and sorry for the delay I will need a fresh look at your system and what are your current symptoms

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop

• Close ALL OTHER PROGRAMS.
• Double-click on OTS.exe to start the program.
• Check the box that says Scan All Users
• Under Additional Scans check the following:
  • File - Lop Check
  • File - Purity Scan
  • Evnt - EvtViewer (last 10)
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

Download RootRepeal from one of the following locations and save it to your desktop:Link 1
Link 2
Link 3

• Double click to start the program
• Click on the Report tab at the bottom of the program window
• Click the button
• In the Select Scan dialog, check:
  • Drivers
  • Files
  • Processes
  • SSDT
  • Stealth Objects
  • Hidden Services
  • Shadow SSDT
• Click the OK button
• In the next dialog, select all drives showing
• Click OK to start the scan
  

  Note: The scan can take some time. DO NOT run any other programs while the scan is running

• When the scan is complete, click the button and save the report to your Desktop as RootRepeal.txt
• Go to File, then Exit to close the program

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

[Streetwise]

Here is the OTS report. RootRepeal won't run on my computer. I've included the log for that too.

Attached Files

•  OTS.Txt   158.6KB   149 downloads
•  log.txt   312bytes   216 downloads

[chamber]

Ok,

Lets see what we can do then, we'll try a different rootkit scan to see if we can find anything.

1) OTS

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Value error. [AVG Safe Search]
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {c0d70ed8-d984-40c3-9666-8939ce76ea13} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{c0d70ed8-d984-40c3-9666-8939ce76ea13}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1968700595-2681841833-2379537406-1000\] > -> HKEY_USERS\S-1-5-21-1968700595-2681841833-2379537406-1000\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{C0D70ED8-D984-40C3-9666-8939CE76EA13}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Files/Folders - Modified Within 30 Days]
NY -> sqmdata17.sqm -> C:\sqmdata17.sqm
NY -> sqmnoopt17.sqm -> C:\sqmnoopt17.sqm
NY -> sqmdata16.sqm -> C:\sqmdata16.sqm
NY -> sqmnoopt16.sqm -> C:\sqmnoopt16.sqm
NY -> sqmdata15.sqm -> C:\sqmdata15.sqm
NY -> sqmnoopt15.sqm -> C:\sqmnoopt15.sqm
NY -> sqmdata14.sqm -> C:\sqmdata14.sqm
NY -> sqmnoopt14.sqm -> C:\sqmnoopt14.sqm
NY -> sqmdata13.sqm -> C:\sqmdata13.sqm
NY -> sqmnoopt13.sqm -> C:\sqmnoopt13.sqm
NY -> sqmdata12.sqm -> C:\sqmdata12.sqm
NY -> sqmnoopt12.sqm -> C:\sqmnoopt12.sqm
NY -> sqmdata11.sqm -> C:\sqmdata11.sqm
NY -> sqmnoopt11.sqm -> C:\sqmnoopt11.sqm
NY -> sqmdata10.sqm -> C:\sqmdata10.sqm
NY -> sqmnoopt10.sqm -> C:\sqmnoopt10.sqm
NY -> sqmdata09.sqm -> C:\sqmdata09.sqm
NY -> sqmnoopt09.sqm -> C:\sqmnoopt09.sqm
NY -> sqmdata08.sqm -> C:\sqmdata08.sqm
NY -> sqmnoopt08.sqm -> C:\sqmnoopt08.sqm
NY -> sqmdata07.sqm -> C:\sqmdata07.sqm
NY -> sqmnoopt07.sqm -> C:\sqmnoopt07.sqm
NY -> sqmdata06.sqm -> C:\sqmdata06.sqm
NY -> sqmnoopt06.sqm -> C:\sqmnoopt06.sqm
NY -> sqmdata05.sqm -> C:\sqmdata05.sqm
NY -> sqmnoopt05.sqm -> C:\sqmnoopt05.sqm
NY -> sqmdata04.sqm -> C:\sqmdata04.sqm
NY -> sqmnoopt04.sqm -> C:\sqmnoopt04.sqm
NY -> sqmdata03.sqm -> C:\sqmdata03.sqm
NY -> sqmnoopt03.sqm -> C:\sqmnoopt03.sqm
NY -> jerkoffpass.JPG -> C:\jerkoffpass.JPG
NY -> youngthroats -> C:\youngthroats
[Purity]
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

2) GMER

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

In your reply I would like to see copied and pasted,

1) OTS log
2) GMER log

[Streetwise]

Here is the OTS fix log:

All Processes Killed
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c0d70ed8-d984-40c3-9666-8939ce76ea13}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0d70ed8-d984-40c3-9666-8939ce76ea13}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{c0d70ed8-d984-40c3-9666-8939ce76ea13} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0d70ed8-d984-40c3-9666-8939ce76ea13}\ not found.
Registry value HKEY_USERS\S-1-5-21-1968700595-2681841833-2379537406-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C0D70ED8-D984-40C3-9666-8939CE76EA13} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C0D70ED8-D984-40C3-9666-8939CE76EA13}\ not found.
[Files/Folders - Modified Within 30 Days]
C:\sqmdata17.sqm moved successfully.
C:\sqmnoopt17.sqm moved successfully.
C:\sqmdata16.sqm moved successfully.
C:\sqmnoopt16.sqm moved successfully.
C:\sqmdata15.sqm moved successfully.
C:\sqmnoopt15.sqm moved successfully.
C:\sqmdata14.sqm moved successfully.
C:\sqmnoopt14.sqm moved successfully.
C:\sqmdata13.sqm moved successfully.
C:\sqmnoopt13.sqm moved successfully.
C:\sqmdata12.sqm moved successfully.
C:\sqmnoopt12.sqm moved successfully.
C:\sqmdata11.sqm moved successfully.
C:\sqmnoopt11.sqm moved successfully.
C:\sqmdata10.sqm moved successfully.
C:\sqmnoopt10.sqm moved successfully.
C:\sqmdata09.sqm moved successfully.
C:\sqmnoopt09.sqm moved successfully.
C:\sqmdata08.sqm moved successfully.
C:\sqmnoopt08.sqm moved successfully.
C:\sqmdata07.sqm moved successfully.
C:\sqmnoopt07.sqm moved successfully.
C:\sqmdata06.sqm moved successfully.
C:\sqmnoopt06.sqm moved successfully.
C:\sqmdata05.sqm moved successfully.
C:\sqmnoopt05.sqm moved successfully.
C:\sqmdata04.sqm moved successfully.
C:\sqmnoopt04.sqm moved successfully.
C:\sqmdata03.sqm moved successfully.
C:\sqmnoopt03.sqm moved successfully.
C:\jerkoffpass.JPG moved successfully.
C:\youngthroats moved successfully.
[Purity]
Purity scan complete.
[Empty Temp Folders]


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Khandwalla
->Temp folder emptied: 121895490 bytes
File delete failed. C:\Users\Khandwalla\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 27549324 bytes
->Java cache emptied: 145837 bytes
->FireFox cache emptied: 105375018 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 497924 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 243,63 mb

< End of fix log >
OTS by OldTimer - Version 3.0.17.0 fix logfile created on 10012009_174312

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[chamber]

Do you have the GMER log?

[Streetwise]

Here is the gmer log

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-10-01 20:15:41
Windows 6.0.6000
Running: gmer.exe; Driver: C:\Users\KHANDW~1\AppData\Local\Temp\agwdrkod.sys


---- System - GMER 1.0.15 ----

SSDT 8C236A94 ZwCreateThread
SSDT 8C236A80 ZwOpenProcess
SSDT 8C236A85 ZwOpenThread
SSDT 8C236A8F ZwTerminateProcess

INT 0x72 ? 84D5EBF8
INT 0x82 ? 84D5EBF8
INT 0x92 ? 84D5EBF8
INT 0x92 ? 84D5EBF8
INT 0x92 ? 850D5F00
INT 0x92 ? 850D5F00
INT 0x92 ? 84D5EBF8
INT 0x93 ? 850D5F00
INT 0xA3 ? 850D5F00
INT 0xB3 ? 850D5F00

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spzs.sys Het systeem kan het opgegeven pad niet vinden. !
.text USBPORT.SYS!DllUnload 8C471FEB 5 Bytes JMP 850D54E0

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [807026D2] \SystemRoot\System32\Drivers\spzs.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80702040] \SystemRoot\System32\Drivers\spzs.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [807027FC] \SystemRoot\System32\Drivers\spzs.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [807020BE] \SystemRoot\System32\Drivers\spzs.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8070213C] \SystemRoot\System32\Drivers\spzs.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74F3FD78] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74F0BBF1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74EFA31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74EFCBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74EF8AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74F0D168] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74EF7D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74EF7CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74EF6A54] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74F8C1BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74F180FE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74EF90CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74F0223C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74F02267] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74F0771C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74F0753E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74F38585] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\system32\SearchProtocolHost.exe[2192] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] [6FC3D6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\SearchProtocolHost.exe[2192] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [6FC3D6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\SearchProtocolHost.exe[2192] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [6FC3D6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\SearchProtocolHost.exe[2192] @ C:\Windows\system32\WININET.dll [USER32.dll!DialogBoxParamW] [6FC3D6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84D641F8
Device \Driver\volmgr \Device\VolMgrControl 84D601F8
Device \Driver\netbt \Device\NetBT_Tcpip_{AAB6A34A-F0E7-46CF-9E96-447ECA7B7D23} 85D57500
Device \Driver\usbuhci \Device\USBPDO-0 850E0500
Device \Driver\usbuhci \Device\USBPDO-1 850E0500
Device \Driver\usbuhci \Device\USBPDO-2 850E0500
Device \Driver\usbuhci \Device\USBPDO-3 850E0500
Device \Driver\usbehci \Device\USBPDO-4 850D71F8

AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\volmgr \Device\HarddiskVolume1 84D601F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

Device \Driver\volmgr \Device\HarddiskVolume2 84D601F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

Device \Driver\cdrom \Device\CdRom0 8504F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84D621F8
Device \Driver\atapi \Device\Ide\IdePort0 84D621F8
Device \Driver\atapi \Device\Ide\IdePort1 84D621F8
Device \Driver\atapi \Device\Ide\IdePort2 84D621F8
Device \Driver\atapi \Device\Ide\IdePort3 84D621F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-4 84D621F8
Device \Driver\netbt \Device\NetBT_Tcpip_{FC197BA7-1886-4606-9ADB-B878560D2241} 85D57500
Device \Driver\netbt \Device\NetBt_Wins_Export 85D57500
Device \Driver\Smb \Device\NetbiosSmb 85C16320
Device \Driver\iScsiPrt \Device\RaidPort0 850F0500
Device \Driver\usbuhci \Device\USBFDO-0 850E0500
Device \Driver\usbuhci \Device\USBFDO-1 850E0500
Device \Driver\usbuhci \Device\USBFDO-2 850E0500
Device \Driver\usbuhci \Device\USBFDO-3 850E0500
Device \Driver\usbehci \Device\USBFDO-4 850D71F8
Device \FileSystem\cdfs \Cdfs 85C0D500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x47 0xC1 0x3D 0xEE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x47 0xC1 0x3D 0xEE ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6A013403-9A3B-8C35-1630-90179915F72E}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6A013403-9A3B-8C35-1630-90179915F72E}@bblbcfpmokmngbinkpikeeffdiokhiidbknn 0x61 0x62 0x65 0x63 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6A013403-9A3B-8C35-1630-90179915F72E}@ablbcfpmokmngbinkpnklbdllelmgkanlm 0x65 0x62 0x6C 0x62 ...

---- EOF - GMER 1.0.15 ----

[chamber]

Ok,

Lets do a few more scans,

1) TFC

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

2) Malwarebytes

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

3) JavaRa

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

4) Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

• Once the update is complete, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, adware, dialers, and other riskware
  • Archives
  • E-mail databases
• Click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View report... at the bottom.
• Click the Save report... button.
  
  
  
  
• Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

In your reply I would like to see copied and pasted,

1) Malwarebytes log
2) Kaspersky log

[Streetwise]

Here is the Malwarebytes log

Malwarebytes' Anti-Malware 1.41
Database versie: 2900
Windows 6.0.6000

3-10-2009 22:23:06
mbam-log-2009-10-03 (22-23-06).txt

Scan type: Snelle Scan
Objecten gescand: 87185
Verstreken tijd: 6 minute(s), 22 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

It says it didn't find any infected items.

And the Kaspersky log

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, October 4, 2009
Operating system: Microsoft Windows Vista Home Basic Edition, 32-bit (build 6000)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, October 03, 2009 21:52:32
Records in database: 2903381
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 116018
Threats found: 7
Infected objects found: 11
Suspicious objects found: 0
Scan duration: 02:21:29


File name / Threat / Threats count
C:\Program Files\John32\run\john-k6.zip Infected: HackTool.Win32.John 1
C:\Program Files\John32\run\john-mmx.zip Infected: HackTool.Win32.John 1
C:\Program Files\John32\run\john.exe Infected: HackTool.Win32.John 1
C:\Program Files\pwpro2551_lion48\PasswordsPro.exe Infected: not-a-virus:PSWTool.Win32.PasswordsPro.eg 1
C:\Program Files\pwpro2551_lion48\PasswordsPro.exe.bak Infected: not-a-virus:PSWTool.Win32.PasswordsPro.ef 1
D:\Downloads\pwpro2551_lion48\PasswordsPro.exe Infected: not-a-virus:PSWTool.Win32.PasswordsPro.eg 1
D:\Downloads\pwpro2551_lion48\PasswordsPro.exe.bak Infected: not-a-virus:PSWTool.Win32.PasswordsPro.ef 1
D:\Downloads\PW_20Stealer_20Tutorial\PW Stealer Tutorial\Pw_Stealer_Builder.exe Infected: not-a-virus:PSWTool.Win32.Messen.106 1
D:\Downloads\random6\random6\john.exe Infected: not-a-virus:PSWTool.Win32.PasswordCracker.a 1
D:\Downloads\Security\ashampoo_winoptimizer_5.03__new_.zip Infected: not-a-virus:AdWare.Win32.Virtumonde.qpm 1
D:\Downloads\Sentry1.4.zip Infected: HackTool.Win32.BruteGen.d 1

Selected area has been scanned.

[Streetwise]

After this I ran Superantispuware. It's still giving me the message "trojan agent/gen-alerterALG 2 items".

[chamber]

Hi,

Sorry for the delay, I had no internet access at all over the weekend.

Can you include the log from SuperAntiSpyware if at all possible?

1) OTM

Please download OTM

• Save it to your desktop.
• Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Processes
  
  :Services
  
  :Reg
  
  :Files
  C:\Program Files\John32\run\john-k6.zip
  C:\Program Files\John32\run\john-mmx.zip
  C:\Program Files\John32\run\john.exe
  C:\Program Files\pwpro2551_lion48
  D:\Downloads\pwpro2551_lion48
  D:\Downloads\pwpro2551_lion48
  D:\Downloads\PW_20Stealer_20Tutorial
  D:\Downloads\random6\random6\john.exe
  D:\Downloads\Security\ashampoo_winoptimizer_5.03__new_.zip
  D:\Downloads\Sentry1.4.zip
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

2) OTL

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Make sure that the Extra Registry setting is set to Safelist
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

In your reply I would like to see copied and pasted,

1) OTM report
2) OTL.txt
3) Extras.txt

[Streetwise]

I started off by running Superantispyware. This is what it showed me:

http://img136.images.../1940/sasht.jpg

http://img237.images...7/8472/sas1.jpg

Here is the OTL report

OTL logfile created on: 5-10-2009 19:31:37 - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = D:\Downloads
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16890)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1,94 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 70,70% Memory free
4,00 Gb Paging File | 3,51 Gb Available in Paging File | 87,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104,66 Gb Total Space | 23,40 Gb Free Space | 22,35% Space Free | Partition Type: NTFS
Drive D: | 11,72 Gb Total Space | 8,32 Gb Free Space | 71,00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC_VAN_KHANDWAL
Current User Name: Khandwalla
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\HTTP Debugger Pro\mfnsvc.exe (MadeForNet.com)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe ()
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - D:\Downloads\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AeLookupSvcAeLookupSvcALG [Auto | Stopped]) -- File not found
SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CLTNetCnService [Auto | Stopped]) -- File not found
SRV - (EHttpSrv [On_Demand | Stopped]) -- File not found
SRV - (ekrn [Auto | Stopped]) -- File not found
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1c9d2e8acfc75e4 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (HTTPDebugger [Auto | Running]) -- C:\Program Files\HTTP Debugger Pro\mfnsvc.exe (MadeForNet.com)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Roxio UPnP Renderer 10 [On_Demand | Stopped]) -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 10 [Auto | Stopped]) -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (RoxLiveShare10 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxMediaDB10 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (RoxWatch10 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (ServiceLayer [On_Demand | Stopped]) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WinDefend [Disabled | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (AMON [Auto | Stopped]) -- C:\Windows\system32\drivers\amon.sys (Eset )
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (avgntflt [Auto | Running]) -- C:\Windows\System32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\Windows\System32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (Camdrv30 [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\camdrv30.sys (Microsoft Corporation)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (e.dentifier2 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\aabed2.sys (Todos Data System AB)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (hotcore3 [Boot | Running]) -- C:\Windows\system32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (iaStor [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (JGOGO [Boot | Stopped]) -- C:\Windows\system32\drivers\jgogo.sys (JMicron )
DRV - (JRAID [Disabled | Stopped]) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (Lbd [Boot | Running]) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (netr28 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\netr28.sys (Ralink Technology, Corp.)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (nmwcd [On_Demand | Stopped]) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdc [On_Demand | Stopped]) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (NPF [On_Demand | Stopped]) -- C:\Windows\System32\drivers\NPF.sys (CACE Technologies)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvatabus [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (pccsmcfd [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\pccsmcfd.sys (Nokia)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\EG1032xp.sys (Linksys, A Division of Cisco Systems, Inc )
DRV - (RxFilter [Disabled | Stopped]) -- C:\Windows\System32\DRIVERS\RxFilter.sys (Sonic Solutions)
DRV - (S3GIGP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\VTGKModeDX32.sys (S3 Graphics Co., Ltd.)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (sptd [Boot | Running]) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (ssmdrv [System | Running]) -- C:\Windows\System32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (ssm_bus [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ssm_bus.sys (MCCI)
DRV - (ssm_mdfl [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ssm_mdfl.sys (MCCI)
DRV - (ssm_mdm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ssm_mdm.sys (MCCI)
DRV - (StarPortLite [System | Running]) -- C:\Windows\System32\DRIVERS\StarPortLite.sys (Rocket Division Software)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (upperdev [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbser [On_Demand | Stopped]) -- C:\Windows\System32\drivers\usbser.sys (Microsoft Corporation)
DRV - (UsbserFilt [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (viamraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\viamraid.sys (VIA Technologies inc,.ltd)
DRV - (videX32 [Boot | Running]) -- C:\Windows\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Boot | Running]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (xfilt [Boot | Running]) -- C:\Windows\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
DRV - (ZSMC301b [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbVM31b.sys (VM)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\..\URLSearchHook: {7c4c4e99-de21-4303-9460-9d8d97296de1} - C:\Program Files\HD_Streaming_Plugin\tbHD_S.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c0d70ed8-d984-40c3-9666-8939ce76ea13} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {7c4c4e99-de21-4303-9460-9d8d97296de1} - C:\Program Files\HD_Streaming_Plugin\tbHD_S.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {c0d70ed8-d984-40c3-9666-8939ce76ea13} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 200.238.83.49:3128

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.15
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..network.proxy.backup.ftp: "124.30.128.130"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "124.30.128.130"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "124.30.128.130"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "124.30.128.130"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "66.119.43.34"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "66.119.43.34"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "66.119.43.34"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "66.119.43.34"
FF - prefs.js..network.proxy.ssl_port: 80

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-06-24 03:00:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-10-04 21:56:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-10-03 22:43:20 | 00,000,000 | ---D | M]

[2008-06-29 16:24:13 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\mozilla\Extensions
[2008-06-29 16:24:13 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-10-05 18:52:06 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\mozilla\Firefox\Profiles\aba4wou1.default\extensions
[2009-06-24 10:22:17 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\mozilla\Firefox\Profiles\aba4wou1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-08-07 23:11:47 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\mozilla\Firefox\Profiles\aba4wou1.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2009-09-17 18:32:15 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\mozilla\Firefox\Profiles\aba4wou1.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009-09-26 23:39:46 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\mozilla\Firefox\Profiles\aba4wou1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009-08-14 22:20:05 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\mozilla\Firefox\Profiles\aba4wou1.default\extensions\[email protected]
[2009-08-12 20:45:50 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\mozilla\Firefox\Profiles\aba4wou1.default\extensions\[email protected]
[2009-05-15 14:07:59 | 00,001,976 | ---- | M] () -- C:\Users\Khandwalla\AppData\Roaming\Mozilla\FireFox\Profiles\aba4wou1.default\searchplugins\rapidshare-google-arama.xml
[2009-10-05 18:52:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-09-10 22:20:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007-09-26 20:03:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007-10-18 14:54:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008-03-18 23:21:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009-10-03 22:43:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009-09-10 22:20:24 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-09-10 22:20:24 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009-02-24 21:34:32 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007-04-10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009-10-03 22:42:57 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009-02-24 21:34:14 | 01,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2007-09-06 01:03:36 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009-09-10 22:20:26 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007-03-22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009-08-03 15:07:42 | 00,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2008-10-14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008-09-10 21:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008-10-26 02:07:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008-10-26 02:07:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008-10-26 02:07:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008-10-26 02:07:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008-10-26 02:07:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008-10-26 02:07:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008-10-26 02:07:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008-09-10 21:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009-02-24 21:34:32 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009-07-15 20:10:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009-07-15 20:10:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009-07-15 20:10:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009-07-15 20:10:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009-07-15 20:10:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009-07-15 20:10:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009-07-15 20:10:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (802 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (HD Streaming Plugin Toolbar) - {7c4c4e99-de21-4303-9460-9d8d97296de1} - C:\Program Files\HD_Streaming_Plugin\tbHD_S.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Aanmelden - Help) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3 - HKLM\..\Toolbar: (HD Streaming Plugin Toolbar) - {7c4c4e99-de21-4303-9460-9d8d97296de1} - C:\Program Files\HD_Streaming_Plugin\tbHD_S.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (HD Streaming Plugin Toolbar) - {7C4C4E99-DE21-4303-9460-9D8D97296DE1} - C:\Program Files\HD_Streaming_Plugin\tbHD_S.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMFUprogramsList = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartmenuLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinters = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\HTTP Debugger Pro\mfnsp32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\HTTP Debugger Pro\mfnsp32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\HTTP Debugger Pro\mfnsp32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\HTTP Debugger Pro\mfnsp32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\HTTP Debugger Pro\mfnsp32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\HTTP Debugger Pro\mfnsp32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\HTTP Debugger Pro\mfnsp32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\HTTP Debugger Pro\mfnsp32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\HTTP Debugger Pro\mfnsp32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\HTTP Debugger Pro\mfnsp32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\HTTP Debugger Pro\mfnsp32.dll (MadeForNet.com)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: 39 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{24bbc057-72f2-11de-b04a-0040ca9da565}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009-09-10 20:56:15 | 00,000,000 | -H-D | C] -- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
[2009-09-10 20:55:45 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009-09-07 19:44:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2009-09-07 19:46:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2009-09-06 15:34:27 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009-09-10 20:55:45 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009-09-06 15:38:24 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009-09-24 21:19:00 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2009-09-07 19:43:05 | 00,000,000 | ---D | C] -- C:\Program Files\Roxio
[2009-09-19 21:24:10 | 00,000,000 | ---D | C] -- C:\Program Files\T@t00 v2.0 Ozze
[2009-10-03 22:43:19 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009-10-03 22:43:19 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009-10-03 22:43:19 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009-10-03 22:43:19 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009-10-03 22:33:13 | 00,000,000 | ---D | C] -- C:\Sun
[2009-09-10 20:57:38 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009-09-09 01:13:53 | 00,806,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009-09-09 01:13:52 | 00,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2009-09-09 01:13:52 | 00,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IKEEXT.DLL
[2009-09-09 01:13:52 | 00,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BFE.DLL
[2009-09-09 01:13:52 | 00,214,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009-09-09 01:13:52 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009-09-09 01:13:52 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009-09-09 01:13:52 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2009-09-09 01:13:52 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2009-09-09 01:13:52 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2009-09-09 01:13:51 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2009-09-09 01:13:51 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2009-09-09 01:13:51 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2009-09-09 01:13:51 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2009-09-09 01:13:51 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2009-09-09 01:13:51 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2009-09-09 01:13:50 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2009-09-09 01:13:08 | 00,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2009-09-09 01:13:08 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009-09-09 01:13:08 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2009-09-09 01:13:07 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009-09-09 01:13:07 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009-09-09 01:13:07 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2009-09-09 01:13:03 | 02,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009-09-09 01:13:02 | 02,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009-09-09 01:13:01 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009-09-09 01:13:01 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2009-09-09 01:13:01 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009-09-09 01:13:01 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009-09-09 01:12:54 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009-09-06 15:38:26 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009-09-06 15:38:24 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009-09-06 15:35:51 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT

========== Files - Modified Within 30 Days ==========

[2009-10-05 19:22:46 | 00,001,040 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009-10-05 19:22:43 | 00,000,448 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2009-10-05 19:22:16 | 00,003,072 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009-10-05 19:22:16 | 00,003,072 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009-10-05 19:22:11 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009-10-05 19:22:06 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009-10-05 19:10:00 | 00,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009-10-05 19:10:00 | 00,000,264 | ---- | M] () -- C:\Windows\tasks\Controleren op updates voor Windows Live Toolbar.job
[2009-10-05 19:03:01 | 03,722,937 | -H-- | M] () -- C:\Users\Khandwalla\AppData\Local\IconCache.db
[2009-10-04 18:39:07 | 00,000,538 | ---- | M] () -- C:\Users\Khandwalla\Documents\Mijn Gedeelde Mappen.lnk
[2009-10-03 22:42:56 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009-10-03 22:42:56 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009-10-03 22:42:55 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009-10-03 22:42:55 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009-10-01 16:59:10 | 00,046,592 | ---- | M] () -- C:\Users\Khandwalla\Documents\cv_tanveera_khandwalla.doc
[2009-09-29 17:17:10 | 00,036,864 | ---- | M] () -- C:\Users\Khandwalla\Documents\C.V. TANVEERA.doc
[2009-09-26 13:35:16 | 01,498,058 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009-09-26 13:35:16 | 00,677,666 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2009-09-26 13:35:16 | 00,598,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009-09-26 13:35:16 | 00,125,148 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2009-09-26 13:35:16 | 00,105,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009-09-25 19:47:51 | 00,067,584 | ---- | M] () -- C:\Users\Khandwalla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-09-24 07:30:37 | 00,000,382 | ---- | M] () -- C:\Windows\tasks\RegCure.job
[2009-09-21 20:57:48 | 00,015,688 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2009-09-18 14:10:45 | 00,024,064 | ---- | M] () -- C:\Users\Khandwalla\Documents\bb pin.doc
[2009-09-13 20:35:07 | 00,001,536 | ---- | M] () -- C:\Users\Khandwalla\AppData\Roaming\DMX.bmk
[2009-09-10 20:58:16 | 00,000,458 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009-09-10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009-09-10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009-09-08 22:43:09 | 00,022,016 | ---- | M] () -- C:\Users\Khandwalla\Documents\brownies.doc
[2009-09-08 18:23:06 | 00,071,216 | ---- | M] () -- C:\Users\Khandwalla\AppData\Local\GDIPFONTCACHEV1.DAT
[2009-09-07 20:08:07 | 00,301,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009-09-06 20:10:00 | 22,781,3065 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009-09-05 22:43:17 | 00,000,680 | ---- | M] () -- C:\Users\Khandwalla\AppData\Local\d3d9caps.dat

========== Files - No Company Name ==========
[2009-10-01 16:59:10 | 00,046,592 | ---- | C] () -- C:\Users\Khandwalla\Documents\cv_tanveera_khandwalla.doc
[2009-09-18 14:10:45 | 00,024,064 | ---- | C] () -- C:\Users\Khandwalla\Documents\bb pin.doc
[2009-09-16 20:45:59 | 00,050,696 | ---- | C] () -- C:\jerkoffpass.db
[2009-09-13 20:35:07 | 00,001,536 | ---- | C] () -- C:\Users\Khandwalla\AppData\Roaming\DMX.bmk
[2009-09-10 22:09:18 | 00,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009-09-10 20:58:16 | 00,000,458 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009-09-09 01:13:07 | 01,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009-09-08 22:43:09 | 00,022,016 | ---- | C] () -- C:\Users\Khandwalla\Documents\brownies.doc
[2009-09-06 20:09:00 | 22,781,3065 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009-09-06 16:15:21 | 03,722,937 | -H-- | C] () -- C:\Users\Khandwalla\AppData\Local\IconCache.db
[2009-08-03 15:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009-07-13 12:10:58 | 00,000,680 | ---- | C] () -- C:\Users\Khandwalla\AppData\Local\d3d9caps.dat
[2009-06-05 08:45:50 | 00,247,560 | ---- | C] () -- C:\Windows\System32\prgiso.dll
[2009-06-05 08:45:49 | 04,244,744 | ---- | C] () -- C:\Windows\System32\qtp-mt334.dll
[2009-06-05 08:45:49 | 00,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2009-05-21 16:24:12 | 00,000,028 | ---- | C] () -- C:\Windows\System32\autoclear5.dll
[2009-05-21 16:23:37 | 00,000,028 | ---- | C] () -- C:\Windows\System32\autoclear0.dll
[2009-05-21 16:20:53 | 00,000,028 | ---- | C] () -- C:\Windows\System32\autoscanx.dll
[2009-05-21 16:20:53 | 00,000,028 | ---- | C] () -- C:\Windows\System32\autoclear.dll
[2009-04-12 11:57:19 | 00,000,098 | ---- | C] () -- C:\Users\Khandwalla\AppData\Local\fusioncache.dat
[2009-03-04 00:34:36 | 00,005,002 | ---- | C] () -- C:\ProgramData\amjmwaey.gaf
[2009-03-04 00:34:02 | 00,000,036 | ---- | C] () -- C:\Windows\IniFile1.ini
[2009-01-31 19:07:33 | 00,000,000 | ---- | C] () -- C:\Users\Khandwalla\AppData\Local\rx_image32.Cache
[2009-01-19 20:01:59 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009-01-19 20:01:56 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009-01-19 20:01:54 | 00,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009-01-19 20:01:54 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008-10-30 18:47:43 | 00,000,140 | ---- | C] () -- C:\Windows\System32\09wutili.sys
[2008-08-15 15:08:06 | 00,004,987 | ---- | C] () -- C:\ProgramData\ywasvxup.hvs
[2008-08-15 14:24:53 | 00,000,117 | ---- | C] () -- C:\Users\Khandwalla\AppData\Roaming\burnaware.ini
[2008-08-07 20:57:13 | 00,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008-08-04 12:20:39 | 00,000,042 | ---- | C] () -- C:\Users\Khandwalla\AppData\Roaming\default.pls
[2008-06-16 13:47:46 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2008-05-07 18:32:56 | 00,067,584 | ---- | C] () -- C:\Users\Khandwalla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-05-06 21:36:30 | 00,071,216 | ---- | C] () -- C:\Users\Khandwalla\AppData\Local\GDIPFONTCACHEV1.DAT
[2008-05-03 04:29:44 | 00,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2008-05-02 12:04:13 | 00,000,512 | ---- | C] () -- C:\Users\Khandwalla\AppData\Roaming\proxyvampire.ini
[2008-04-26 00:27:29 | 00,000,026 | ---- | C] () -- C:\Windows\startUp manager.INI
[2008-03-29 23:00:08 | 00,111,176 | ---- | C] () -- C:\ProgramData\Svclog.log
[2008-03-28 20:00:38 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008-03-17 01:46:51 | 00,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008-03-17 01:28:17 | 02,729,472 | ---- | C] () -- C:\Windows\System32\fun_avcodec.dll
[2008-03-09 15:56:10 | 00,000,427 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2008-01-13 11:36:24 | 00,721,920 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2008-01-13 11:36:24 | 00,150,016 | ---- | C] () -- C:\Windows\System32\libxslt.dll
[2008-01-13 11:36:24 | 00,051,200 | ---- | C] () -- C:\Windows\System32\libexslt.dll
[2007-12-22 11:58:33 | 00,020,480 | ---- | C] () -- C:\Windows\System32\CPUINFO2.DLL
[2007-10-24 19:21:48 | 00,000,612 | ---- | C] () -- C:\Windows\Teletekst.ini
[2007-10-13 15:09:15 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007-10-08 20:44:06 | 00,000,339 | ---- | C] () -- C:\Windows\Proxyrama.INI
[2007-10-05 13:26:08 | 00,000,031 | ---- | C] () -- C:\Windows\IDC.INI
[2007-10-04 20:21:24 | 00,015,424 | ---- | C] () -- C:\Windows\System32\drivers\nod32drv.sys
[2007-10-01 21:03:51 | 00,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2007-09-26 12:03:47 | 00,000,262 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007-09-25 20:17:11 | 00,034,308 | ---- | C] () -- C:\Windows\System32\Chip.dll
[2007-09-24 19:31:05 | 00,000,392 | ---- | C] () -- C:\Windows\ODBC.INI
[2007-09-24 17:18:40 | 00,684,032 | ---- | C] () -- C:\Windows\libeay32.dll
[2007-09-24 17:18:40 | 00,155,648 | ---- | C] () -- C:\Windows\ssleay32.dll
[2007-07-25 15:24:30 | 01,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007-05-24 20:04:30 | 00,135,168 | ---- | C] () -- C:\Windows\System32\property.dll
[2007-03-30 00:00:40 | 00,203,264 | ---- | C] () -- C:\Windows\System32\CddbCdda.dll
[2006-11-02 14:48:00 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006-11-02 12:23:31 | 00,000,583 | ---- | C] () -- C:\Windows\win.ini
[2006-11-02 12:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006-11-02 09:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-08-11 09:52:02 | 00,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2006-02-26 16:08:28 | 00,585,728 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2003-04-07 13:10:22 | 00,005,443 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2009-09-23 22:06:37 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming
[2008-09-17 16:39:38 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\Acronis
[2008-06-23 18:14:20 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\Advanced Audio Recorder
[2007-09-25 17:43:20 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\Ahead
[2008-02-28 12:47:26 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\Arcsoft
[2009-02-09 20:51:26 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\Belastingdienst
[2009-06-28 10:08:58 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\Bluefive software
[2008-05-03 11:22:02 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\DeepBurner Pro
[2008-04-25 20:46:04 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\Download Manager
[2008-05-06 18:39:11 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\GlarySoft
[2009-05-21 16:24:23 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\Godlike
[2008-05-24 00:38:51 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\gtk-2.0
[2007-11-08 00:34:37 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\ImgBurn
[2009-09-26 13:27:19 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\LimeWire
[2008-11-08 21:42:22 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\Nokia
[2008-11-08 21:41:42 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\PC Suite
[2007-10-04 21:30:53 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\PCToolsFirewallPlus
[2009-01-11 22:36:14 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\Pegasys Inc
[2009-01-31 19:07:31 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\Roxio
[2008-03-17 01:47:07 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\Samsung
[2009-03-31 21:34:17 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\SuperEasy Software
[2007-09-26 17:10:19 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\SurfRight
[2008-01-13 11:39:45 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\SYSTRAN
[2008-04-25 23:49:21 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\Systweak
[2008-05-06 19:09:33 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\Uniblue
[2009-10-05 13:58:43 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\uTorrent
[2008-03-28 23:57:51 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\WNR
[2009-03-09 19:33:33 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\ZIP RAR ACE Password Recovery
[2009-09-10 20:58:16 | 00,000,458 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009-10-05 19:10:00 | 00,000,264 | ---- | M] () -- C:\Windows\Tasks\Controleren op updates voor Windows Live Toolbar.job
[2009-10-05 19:22:46 | 00,001,040 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009-10-05 19:10:00 | 00,001,044 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2009-10-05 19:22:43 | 00,000,448 | ---- | M] () -- C:\Windows\Tasks\RegCure Program Check.job
[2009-09-24 07:30:37 | 00,000,382 | ---- | M] () -- C:\Windows\Tasks\RegCure.job
[2009-10-05 19:22:11 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009-10-05 19:21:00 | 00,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 5069 bytes -> C:\Users\Khandwalla\Documents\Fantastic Picture of Water on Mars just released by NASA.eml:OECustomProperty
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:C265C458
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:556BBACC
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

Edited by chamber, 06 October 2009 - 12:49 AM.
removed quote tags

[Streetwise]

The extra report

OTL Extras logfile created on: 5-10-2009 19:31:37 - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = D:\Downloads
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16890)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1,94 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 70,70% Memory free
4,00 Gb Paging File | 3,51 Gb Available in Paging File | 87,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104,66 Gb Total Space | 23,40 Gb Free Space | 22,35% Space Free | Partition Type: NTFS
Drive D: | 11,72 Gb Total Space | 8,32 Gb Free Space | 71,00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC_VAN_KHANDWAL
Current User Name: Khandwalla
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- Reg Error: Key error.
scrfile [open] -- "%1" %* File not found
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1968700595-2681841833-2379537406-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0195A345-041D-44C3-9105-B16AB9DEEE97}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{044035A6-8FF0-4EC0-9152-7ABAD42F69C4}" = lport=22047 | protocol=6 | dir=in | name=limewire1 |
"{0FAA233A-10E9-486D-8990-0DF5F593CE79}" = lport=10243 | protocol=6 | dir=in | app=system |
"{191C6ED3-9D51-48B0-94E3-AE202850C919}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1A708F6B-B5CB-4B0B-9CBD-4862F7B769E3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1BBCDC85-8FE6-42A9-B169-063859156E6D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1CB3D541-CE9D-4DD3-B880-B6C0E4E64487}" = lport=139 | protocol=6 | dir=in | app=system |
"{1CB85FF6-DD7B-403A-81A3-04A076F170EF}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{1F169CAB-3F3F-429A-8364-647F56D3C199}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{284F6111-7FC3-46C6-BBDC-E3822C969661}" = lport=24250 | protocol=17 | dir=in | name=bitcomet 24250 udp |
"{2933FE3E-F402-4C8B-909C-2B1EDD8245EA}" = lport=445 | protocol=6 | dir=in | app=system |
"{36D9C4AC-161E-4151-92C2-A09BE9C43B4D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4F871D53-AC28-4EE3-B3C1-29EE5AE6B0D7}" = rport=139 | protocol=6 | dir=out | app=system |
"{50E88FDC-573E-4178-B759-2CAFDE4414B3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{538DE4C8-704A-4F20-9AA9-00ACCF4EE617}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{5E6E4977-BF4F-4FE1-8212-EBB4104FB1EF}" = rport=137 | protocol=17 | dir=out | app=system |
"{61B006A1-26C3-43B9-B569-5395BD16972E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68E4DF83-7942-465D-A0F3-B91FC6DE527C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{72C3D645-DA68-4446-A614-71C76F160398}" = rport=445 | protocol=6 | dir=out | app=system |
"{750C29ED-C9B0-4CCB-AFF0-6FCD835F29AB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A13571C-F42C-41A7-88E7-D468F8095502}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8682D347-C3E6-4F07-B6B1-5D88387A062E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{87D1FDCC-55E1-42E3-B434-085F6790A68E}" = lport=137 | protocol=17 | dir=in | app=system |
"{89DC0CFC-17D7-4A8B-A349-A1EF214CD978}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{95CFAB54-BD6B-4184-B942-DCD86788C6B8}" = lport=52949 | protocol=17 | dir=in | name=torrents2 |
"{9F33CD5A-22E1-4AF1-80EC-6D76C08AD4AD}" = lport=2178 | protocol=6 | dir=in | app=system |
"{A1DEDA7E-703A-4876-9B67-F73FEDFB23A7}" = rport=138 | protocol=17 | dir=out | app=system |
"{A8FFE990-B8D4-4277-9598-BFE64C9FC02D}" = lport=22047 | protocol=17 | dir=in | name=limewire2 |
"{B89FBF23-0EED-41FF-9AFC-F22C2D31FF1B}" = lport=138 | protocol=17 | dir=in | app=system |
"{B9B7ED91-E99C-4AC7-9AE6-63E3AACF8281}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C99AAFB5-2883-47CE-BCD6-868AC880839B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CDC0E115-85E1-44DF-A3A8-52D97BE409D0}" = lport=24250 | protocol=6 | dir=in | name=bitcomet 24250 tcp |
"{D07C618D-FD3C-4CC1-935A-CC22C9842E7F}" = rport=2178 | protocol=6 | dir=out | app=system |
"{D107AA62-057B-401C-835E-DAC7A2B71DDB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E93D660D-727A-4030-90DC-F17017A9C881}" = lport=52949 | protocol=6 | dir=in | name=torrents1 |
"{F6504BF2-0615-404D-9CCF-1FB07E711A28}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F88B699E-EA85-468D-859E-A5214E691AE3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08FE0313-4208-4151-A5C1-7F707A422C3C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0EC9BB33-0159-4BF9-8F7F-DE724BF4F304}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{13B3F732-8CBB-4F6D-A11D-327315D021CD}" = protocol=1 | dir=in | [email protected],-28543 |
"{261440F3-748D-43E5-8F0B-31FC79A9CE22}" = protocol=58 | dir=out | [email protected],-28546 |
"{29B138BE-9C42-4DE0-B7C5-EB354D9475C1}" = protocol=17 | dir=in | app=d:\downloads\utorrent(2).exe |
"{3F904506-7FBE-4A24-9E58-54D858F7C66D}" = protocol=6 | dir=in | app=d:\downloads\utorrent(2).exe |
"{4035B808-CB21-4BB8-96AF-6208281FCBCB}" = protocol=58 | dir=in | [email protected],-28545 |
"{41BB98D9-A0F6-43BA-85AC-2A433800DB9B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5B19E18F-E1DB-4BA9-B3B7-865A0CFE64FD}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5D36AB94-6AEF-4230-8B2A-4FE82A13F7A4}" = protocol=1 | dir=out | [email protected],-28544 |
"{7101AA80-1C37-47B7-89D4-252B62DF7119}" = protocol=58 | dir=out | [email protected],-28546 |
"{77A275AE-956C-4C0B-BBA5-429AD67FBB23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{783DB44F-554E-4AEB-AC1B-8181535151F5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7888181C-8708-4A4A-90B6-CACBCE48C6A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8DF5D357-767D-43E8-9448-EEF057759CBB}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{92025760-FEB5-44D8-BD34-D720275D93E9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{921C533E-55CE-4384-B8D5-D1441F1AECB0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98B9626A-A3FD-4E9E-AE2E-C7CAC86557E6}" = protocol=17 | dir=in | app=d:\downloads\utorrent.exe |
"{A1510B7B-CEA1-48DA-A55C-BDEA8AB544CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB3C4F09-5792-457D-ACB9-F77D02518007}" = protocol=6 | dir=in | app=d:\downloads\utorrent.exe |
"{AD51658C-BB21-47B6-AF6A-CC41AB97663E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B8112683-5AC6-4AE7-97F9-BA92BC75AE77}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D070D532-4C74-4A10-B59E-EA8A4EECD737}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D38B84D1-2CE1-4FE5-AA51-002F6B863B86}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E1E0FBBF-8480-4B82-982C-4B603EBAFBA5}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E6C01B4B-A480-44A7-9D81-DD527517D3CD}" = protocol=58 | dir=in | [email protected],-28545 |
"{EA98AE93-4590-4614-9C7E-CDBD6A58E934}" = protocol=6 | dir=out | app=system |
"{EE004D3F-7914-417A-B7E8-1C5D37893BC7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EEBDDBDE-B6E2-4CCF-B703-865216264AE7}" = protocol=1 | dir=in | [email protected],-28543 |
"{F2712B4F-B0CB-479A-87B6-AC17293CFD1E}" = protocol=1 | dir=out | [email protected],-28544 |
"{F937BB30-C34C-4FD4-94A4-D20DDC34BEDB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{297E5215-C403-49EB-ADE6-8AB33EF0207B}C:\program files\proxyrama\proxyrama.exe" = protocol=6 | dir=in | app=c:\program files\proxyrama\proxyrama.exe |
"TCP Query User{7726F4A4-EF17-4084-B2E3-EDD5677F8934}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{ACAE7B5D-98D1-454E-8D7B-3756B6F545EE}D:\downloads\proxyrama\proxyrama.exe" = protocol=6 | dir=in | app=d:\downloads\proxyrama\proxyrama.exe |
"TCP Query User{B10F4493-68C6-4AE5-A9B1-3CC48EFC48A3}C:\users\khandwalla\appdata\local\temp\rar$ex00.867\proxyrama.exe" = protocol=6 | dir=in | app=c:\users\khandwalla\appdata\local\temp\rar$ex00.867\proxyrama.exe |
"TCP Query User{CEA13B05-9D81-40A6-83DA-2154C746B6C6}C:\program files\charon\charon.exe" = protocol=6 | dir=in | app=c:\program files\charon\charon.exe |
"TCP Query User{E41BCFA7-8456-447D-AE08-3176E4A0A786}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"TCP Query User{F5164C15-55A1-46B9-9C3D-19C2916EBA31}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{2DBF7D78-D15C-4088-8F9D-4424D745166A}C:\program files\charon\charon.exe" = protocol=17 | dir=in | app=c:\program files\charon\charon.exe |
"UDP Query User{4B49BD17-BA50-4045-9A8C-78D7C6E3ECB6}D:\downloads\proxyrama\proxyrama.exe" = protocol=17 | dir=in | app=d:\downloads\proxyrama\proxyrama.exe |
"UDP Query User{7F2FFC33-8FAB-4CE9-8DE0-EF79A2AC6666}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"UDP Query User{80C6606E-B9BD-4EFD-99F9-67972C62F741}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{A7858882-116C-431F-A80F-5782685E36B7}C:\program files\proxyrama\proxyrama.exe" = protocol=17 | dir=in | app=c:\program files\proxyrama\proxyrama.exe |
"UDP Query User{CE159122-0FEA-4C4C-9DB3-B6187D4BFC73}C:\users\khandwalla\appdata\local\temp\rar$ex00.867\proxyrama.exe" = protocol=17 | dir=in | app=c:\users\khandwalla\appdata\local\temp\rar$ex00.867\proxyrama.exe |
"UDP Query User{E2B4F4EE-1C73-4D20-8C41-913DB7601F46}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio
"{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution
"{1B683082-8791-4D00-8ADE-6C8986FCCC68}" = Roxio CinePlayer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31624D5D-1FEA-4FDB-A2EF-AAFA99F5211D}" = Windows Live Toolbar Feedzoeker (Windows Live Toolbar)
"{32BC2460-6246-11D3-88BC-0000B43BC585}" =
"{334B6B44-2C7F-4AC0-A215-E780541CE033}" = Paragon Drive Copy 9.0 Personal Special Edition
"{3E67A8DA-FE7B-4160-8465-F5571EA18753}" = Roxio Disc Gallery
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7959046C-E768-4EC8-9B7E-6734C1AFD83A}" = Pegasus Imaging SmartScan Xpress ICR/OCR/OMR 4.0
"{7E1FBCB0-500C-4A0D-AC9C-B1B76E75666B}" = Windows Live aanmeldhulp
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C52A46C-7961-4A81-AB4B-92CF65CB4772}_is1" = Sothink Web Video Downloader
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{8D6BCA55-8E9C-416E-823C-05E8123C3162}" = Movavi Flash Converter
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Editie 2003
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9A1828-31D1-4590-A99F-022B7237AFAE}" = Roxio MediaShare
"{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}" = Windows Live Messenger
"{A258173E-F308-475A-951B-F1BF76A4451B}" = Windows Live installer
"{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}" = Nokia PC Suite
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1043-7B44-A81300000003}" = Adobe Reader 8.1.4 - Nederlands
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}" = Roxio Easy Media Creator 10 Suite
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1" = Sothink FLV Player
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE0E8D6F-1F0A-433A-98E1-2096568E968F}" = Windows Live Toolbar
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D820BECD-97D3-4942-B6CF-1B670CA7690C}" = ABN AMRO e.dentifier2 software
"{DC54F2F8-C26F-4D22-B92D-7075BC626106}" = Smart Menu's (Windows Live Toolbar)
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-stuurprogrammapakket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows-stuurprogrammapakket - Nokia Modem (05/22/2008 7.00.0.1)
"Aangifte inkomstenbelasting 2008" = Aangifte inkomstenbelasting 2008
"AccessDiver v4.210_is1" = AccessDiver v4.210
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Athan" = Athan Basic 3.5
"AVI MPEG ASF WMV Splitter_is1" = AVI/MPEG/ASF/WMV Splitter 3.25
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows-stuurprogrammapakket - Nokia Modem (05/22/2008 3.8)
"Chicken Prox_is1" = Chicken Prox v3
"ERUNT_is1" = ERUNT 1.1j
"Forum Proxy Leecher_is1" = Forum Proxy Leecher 1.10
"Google Chrome" = Google Chrome
"HD_Streaming_Plugin Toolbar" = HD_Streaming_Plugin Toolbar
"HTTP Debugger Pro" = HTTP Debugger Pro 3.3
"HTTP-Bugger v 2.2" = HTTP-Bugger v 2.2
"ImgBurn" = ImgBurn (Remove Only)
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{7959046C-E768-4EC8-9B7E-6734C1AFD83A}" = Pegasus Imaging SmartScan Xpress ICR/OCR/OMR 4.0
"John32" = John32
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.4.5
"LimeWire" = LimeWire PRO 4.16.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Nokia PC Suite" = Nokia PC Suite
"Nuria_is1" = Nuria 3.5
"OpenSSL Light (32-bit)_is1" = OpenSSL 0.9.8k Light (32-bit)
"Peer2Peer-NE Toolbar" = Peer2Peer-NE Toolbar
"Proxy Checker_is1" = Proxy Checker 7.4 (build 18)
"Proxy Finder Enterprise Edition" = Proxy Finder Enterprise Edition
"RegCure" = RegCure 1.5.0.0
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"ST6UNST #2" = Multi_Https (C:\Program Files\Multi_Https\)
"StAPH_is1" = StAPH ver 1.25 - "Rise Of The Themes"
"SuperEasy SpeedUp" = SuperEasy SpeedUp
"THOMSON mp3PRO Audio Player" = THOMSON mp3PRO Audio Player
"TMPGEncPlus_is1" = TMPGEnc Plus 2.524.63.181
"TweakVI" = TweakVI
"TXTcollector_is1" = TXTcollector 2.0.1
"UltraISO_is1" = UltraISO Premium V9.32
"VIA Chrome9 HC IGP Windows Vista Display" = VIA Chrome9 HC IGP Windows Vista Display
"VideoGet" = Nuclear Coffee - VideoGet
"Vodafone WCDMA Composite Device Drive" = Vodafone WCDMA Composite Device Drive Software
"Windows Live Toolbar" = Windows Live Toolbar
"winpcap-nmap" = winpcap-nmap 4.02
"WinRAR archiver" = WinRAR archiver
"WinUtilities" = WinUtilities 6.2
"Wondershare Video Converter Platinum_is1" = Wondershare Video Converter Platinum(Build 4.2.0.56)
"XSite_is1" = XSite v1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1-10-2009 12:06:10 | Computer Name = PC_van_Khandwal | Source = Perflib | ID = 1010
Description =

Error - 1-10-2009 12:49:04 | Computer Name = PC_van_Khandwal | Source = WerSvc | ID = 5007
Description =

Error - 2-10-2009 12:28:55 | Computer Name = PC_van_Khandwal | Source = WerSvc | ID = 5007
Description =

Error - 3-10-2009 6:40:42 | Computer Name = PC_van_Khandwal | Source = WerSvc | ID = 5007
Description =

Error - 3-10-2009 14:20:18 | Computer Name = PC_van_Khandwal | Source = Application Error | ID = 1000
Description = Toepassing met fout Sentry.exe, versie 2.0.0.0, tijdstempel 0x2a425e19,
module met fout kernel32.dll, versie 6.0.6000.16820, tijdstempel 0x49952034, uitzonderingscode
0xc0000005, foutmarge 0x0004fcac, proces-id 0xe40, starttijd van toepassing 0x01ca4446cacf94dd.

Error - 3-10-2009 14:33:11 | Computer Name = PC_van_Khandwal | Source = Application Error | ID = 1000
Description = Toepassing met fout Sentry.exe, versie 2.0.0.0, tijdstempel 0x2a425e19,
module met fout kernel32.dll, versie 6.0.6000.16820, tijdstempel 0x49952034, uitzonderingscode
0xc0000005, foutmarge 0x0004fcac, proces-id 0xdac, starttijd van toepassing 0x01ca445689b56305.

Error - 3-10-2009 16:43:19 | Computer Name = PC_van_Khandwal | Source = WerSvc | ID = 5007
Description =

Error - 4-10-2009 8:16:10 | Computer Name = PC_van_Khandwal | Source = WerSvc | ID = 5007
Description =

Error - 5-10-2009 4:47:39 | Computer Name = PC_van_Khandwal | Source = WerSvc | ID = 5007
Description =

Error - 5-10-2009 9:16:08 | Computer Name = PC_van_Khandwal | Source = WerSvc | ID = 5007
Description =

[ System Events ]
Error - 5-10-2009 13:16:49 | Computer Name = PC_van_Khandwal | Source = Service Control Manager | ID = 7034
Description =

Error - 5-10-2009 13:16:49 | Computer Name = PC_van_Khandwal | Source = Service Control Manager | ID = 7034
Description =

Error - 5-10-2009 13:16:49 | Computer Name = PC_van_Khandwal | Source = Service Control Manager | ID = 7034
Description =

Error - 5-10-2009 13:16:50 | Computer Name = PC_van_Khandwal | Source = Service Control Manager | ID = 7031
Description =

Error - 5-10-2009 13:22:38 | Computer Name = PC_van_Khandwal | Source = Service Control Manager | ID = 7000
Description =

Error - 5-10-2009 13:22:38 | Computer Name = PC_van_Khandwal | Source = Service Control Manager | ID = 7000
Description =

Error - 5-10-2009 13:22:38 | Computer Name = PC_van_Khandwal | Source = Service Control Manager | ID = 7026
Description =

Error - 5-10-2009 13:27:45 | Computer Name = PC_van_Khandwal | Source = Service Control Manager | ID = 7001
Description =

Error - 5-10-2009 13:27:45 | Computer Name = PC_van_Khandwal | Source = Service Control Manager | ID = 7001
Description =

Error - 5-10-2009 13:27:46 | Computer Name = PC_van_Khandwal | Source = Service Control Manager | ID = 7001
Description =


< End of report >

And the OTM log

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\John32\run\john-k6.zip moved successfully.
C:\Program Files\John32\run\john-mmx.zip moved successfully.
C:\Program Files\John32\run\john.exe moved successfully.
C:\Program Files\pwpro2551_lion48\Plugins\Text Converter moved successfully.
C:\Program Files\pwpro2551_lion48\Plugins\System Information moved successfully.
C:\Program Files\pwpro2551_lion48\Plugins\Password Sender moved successfully.
C:\Program Files\pwpro2551_lion48\Plugins\Password Keeper moved successfully.
C:\Program Files\pwpro2551_lion48\Plugins\Password Generator moved successfully.
C:\Program Files\pwpro2551_lion48\Plugins\Hidden Password Recovery moved successfully.
C:\Program Files\pwpro2551_lion48\Plugins\Hash Queue moved successfully.
C:\Program Files\pwpro2551_lion48\Plugins\Hash Generator moved successfully.
C:\Program Files\pwpro2551_lion48\Plugins\Hash Bruteforcing History moved successfully.
C:\Program Files\pwpro2551_lion48\Plugins\Dictionary Generator moved successfully.
C:\Program Files\pwpro2551_lion48\Plugins\API moved successfully.
C:\Program Files\pwpro2551_lion48\Plugins moved successfully.
C:\Program Files\pwpro2551_lion48\Modules\Bonus\SHA-512 moved successfully.
C:\Program Files\pwpro2551_lion48\Modules\Bonus\RipeMD moved successfully.
C:\Program Files\pwpro2551_lion48\Modules\Bonus\Oracle moved successfully.
C:\Program Files\pwpro2551_lion48\Modules\Bonus\NTLMv1 moved successfully.
C:\Program Files\pwpro2551_lion48\Modules\Bonus\MSSQL moved successfully.
C:\Program Files\pwpro2551_lion48\Modules\Bonus\MSCHAPv1v2 moved successfully.
C:\Program Files\pwpro2551_lion48\Modules\Bonus\MD5_Cisco_PIX moved successfully.
C:\Program Files\pwpro2551_lion48\Modules\Bonus\MD2 moved successfully.
C:\Program Files\pwpro2551_lion48\Modules\Bonus\Kerberos moved successfully.
C:\Program Files\pwpro2551_lion48\Modules\Bonus\Eggdrop moved successfully.
C:\Program Files\pwpro2551_lion48\Modules\Bonus moved successfully.
C:\Program Files\pwpro2551_lion48\Modules\API moved successfully.
C:\Program Files\pwpro2551_lion48\Modules moved successfully.
C:\Program Files\pwpro2551_lion48\Dictionaries moved successfully.
C:\Program Files\pwpro2551_lion48 moved successfully.
D:\Downloads\pwpro2551_lion48\Plugins\Text Converter moved successfully.
D:\Downloads\pwpro2551_lion48\Plugins\System Information moved successfully.
D:\Downloads\pwpro2551_lion48\Plugins\Password Sender moved successfully.
D:\Downloads\pwpro2551_lion48\Plugins\Password Keeper moved successfully.
D:\Downloads\pwpro2551_lion48\Plugins\Password Generator moved successfully.
D:\Downloads\pwpro2551_lion48\Plugins\Hidden Password Recovery moved successfully.
D:\Downloads\pwpro2551_lion48\Plugins\Hash Queue moved successfully.
D:\Downloads\pwpro2551_lion48\Plugins\Hash Generator moved successfully.
D:\Downloads\pwpro2551_lion48\Plugins\Hash Bruteforcing History moved successfully.
D:\Downloads\pwpro2551_lion48\Plugins\Dictionary Generator moved successfully.
D:\Downloads\pwpro2551_lion48\Plugins\API moved successfully.
D:\Downloads\pwpro2551_lion48\Plugins moved successfully.
D:\Downloads\pwpro2551_lion48\Modules\Bonus\SHA-512 moved successfully.
D:\Downloads\pwpro2551_lion48\Modules\Bonus\RipeMD moved successfully.
D:\Downloads\pwpro2551_lion48\Modules\Bonus\Oracle moved successfully.
D:\Downloads\pwpro2551_lion48\Modules\Bonus\NTLMv1 moved successfully.
D:\Downloads\pwpro2551_lion48\Modules\Bonus\MSSQL moved successfully.
D:\Downloads\pwpro2551_lion48\Modules\Bonus\MSCHAPv1v2 moved successfully.
D:\Downloads\pwpro2551_lion48\Modules\Bonus\MD5_Cisco_PIX moved successfully.
D:\Downloads\pwpro2551_lion48\Modules\Bonus\MD2 moved successfully.
D:\Downloads\pwpro2551_lion48\Modules\Bonus\Kerberos moved successfully.
D:\Downloads\pwpro2551_lion48\Modules\Bonus\Eggdrop moved successfully.
D:\Downloads\pwpro2551_lion48\Modules\Bonus moved successfully.
D:\Downloads\pwpro2551_lion48\Modules\API moved successfully.
D:\Downloads\pwpro2551_lion48\Modules moved successfully.
D:\Downloads\pwpro2551_lion48\Dictionaries moved successfully.
D:\Downloads\pwpro2551_lion48 moved successfully.
File/Folder D:\Downloads\pwpro2551_lion48 not found.
D:\Downloads\PW_20Stealer_20Tutorial\PW Stealer Tutorial moved successfully.
D:\Downloads\PW_20Stealer_20Tutorial moved successfully.
D:\Downloads\random6\random6\john.exe moved successfully.
D:\Downloads\Security\ashampoo_winoptimizer_5.03__new_.zip moved successfully.
D:\Downloads\Sentry1.4.zip moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Khandwalla
->Temp folder emptied: 83766649 bytes
->Temporary Internet Files folder emptied: 9456203 bytes
->Java cache emptied: 25621446 bytes
->FireFox cache emptied: 88262814 bytes
->Google Chrome cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\lpksetup-20091005-191927-0.log scheduled to be deleted on reboot.
Windows Temp folder emptied: 117200 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 197,62 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10052009_191648

Files moved on Reboot...
C:\Windows\temp\lpksetup-20091005-191927-0.log moved successfully.

Registry entries deleted on Reboot...

Sorry for the wrong order.

Edited by chamber, 06 October 2009 - 01:00 AM.
removed quote tags

[Streetwise]

I tried to delete the S45 shown by SuperAS manually from the registry but couldn't. Even changed the rights and booted in safe mode but I couldn't delete them. I know I was being reckless and naive but I've got a bit sick of them

[chamber]

I tried to delete the S45 shown by SuperAS manually from the registry but couldn't. Even changed the rights and booted in safe mode but I couldn't delete them. I know I was being reckless and naive but I've got a bit sick of them

Not the best idea I've ever heard.

Is there an actual report that you can include from SuperAntiSpyware rather than just screen shots?

Go to Add or Remove Programs and uninstall µTorrent and Limwire Pro

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  SRV - (AeLookupSvcAeLookupSvcALG [Auto | Stopped]) -- File not found
  [2009-09-16 20:45:59 | 00,050,696 | ---- | C] () -- C:\jerkoffpass.db
  [2009-09-26 13:27:19 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\LimeWire
  [2009-10-05 13:58:43 | 00,000,000 | ---D | M] -- C:\Users\Khandwalla\AppData\Roaming\uTorrent
  
  :Services
  
  :Reg
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
  "{044035A6-8FF0-4EC0-9152-7ABAD42F69C4}" =-
  "{A8FFE990-B8D4-4277-9598-BFE64C9FC02D}" =-
  "{CDC0E115-85E1-44DF-A3A8-52D97BE409D0}" =-
  "{E93D660D-727A-4030-90DC-F17017A9C881}" =-
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
  "{29B138BE-9C42-4DE0-B7C5-EB354D9475C1}" =-
  "{3F904506-7FBE-4A24-9E58-54D858F7C66D}" =-
  "{5B19E18F-E1DB-4BA9-B3B7-865A0CFE64FD}" =-
  "{98B9626A-A3FD-4E9E-AE2E-C7CAC86557E6}" =-
  "{AB3C4F09-5792-457D-ACB9-F77D02518007}" =-
  "{E1E0FBBF-8480-4B82-982C-4B603EBAFBA5}" =-
  "TCP Query User{7726F4A4-EF17-4084-B2E3-EDD5677F8934}C:\program files\limewire\limewire.exe" =-
  "UDP Query User{E2B4F4EE-1C73-4D20-8C41-913DB7601F46}C:\program files\limewire\limewire.exe" =-
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.