Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

internet explorer redirecting again [Closed]

Started by green boy , Jan 07 2012 12:20 PM

  • This topic is locked This topic is locked

#1
green boy
Posted 07 January 2012 - 12:20 PM

green boy

    New Member

  • Member
  • Pip
  • 1 posts
hallo,

When I start Internet Explorer, I am redirected to a website. I have already done some malware removal with Malware bytes.

When I select Programs, nothing appears. I have to enter a letter to see some programs in my list. I have no idea if this is caused by malware, or if there is another problem with my computer.

Also,I am not able to find my e-mails.

Any help would be greatly appreciated.

Attached Files

  • Attached File  OTL.Txt   114.63KB   72 downloads

  • 0

Advertisements

#2
CompCav
Posted 10 January 2012 - 09:30 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Hi, green boy! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.


I am currently reviewing your file and will prepare a response for you soon.

I am also going to post your log so that it will be easier for me to read. In the future please post all logsand only attach if instructed to do so.

Thanks,

CompCav


OTL logfile created on: 7/01/2012 19:03:36 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\lucas\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

894,70 Mb Total Physical Memory | 188,34 Mb Available Physical Memory | 21,05% Memory free
2,19 Gb Paging File | 0,41 Gb Available in Paging File | 18,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 305,44 Gb Total Space | 199,27 Gb Free Space | 65,24% Space Free | Partition Type: NTFS
Drive D: | 29,89 Gb Total Space | 23,17 Gb Free Space | 77,49% Space Free | Partition Type: FAT32

Computer Name: PCTHUIS | User Name: lucas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/07 19:02:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\lucas\Downloads\OTL.exe
PRC - [2011/11/14 20:42:58 | 000,307,376 | -H-- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/04/14 15:07:56 | 000,156,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\TPSrv.exe
PRC - [2011/04/13 16:06:56 | 001,000,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\ApVxdWin.exe
PRC - [2010/10/20 14:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\PavFnSvr.exe
PRC - [2010/08/16 13:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\psksvc.exe
PRC - [2010/06/04 09:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\pavsrvx86.exe
PRC - [2010/05/28 12:42:32 | 000,225,600 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\AVENGINE.EXE
PRC - [2010/04/22 17:29:12 | 000,107,776 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\WebProxy.exe
PRC - [2010/02/23 11:09:34 | 000,111,872 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\PavBckPT.exe
PRC - [2009/11/26 16:03:56 | 000,226,560 | ---- | M] (Panda Security International) -- c:\Program Files\Panda Security\Panda Internet Security 2012\FIREWALL\PSHost.exe
PRC - [2009/08/10 13:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\PsCtrlS.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | -H-- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/06/27 12:23:00 | 000,091,392 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\SrvLoad.exe
PRC - [2008/06/19 11:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\PsImSvc.exe
PRC - [2008/02/04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe
PRC - [2008/01/19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/07/06 10:06:52 | 004,669,440 | -H-- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/12 10:22:00 | 000,517,768 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2006/10/11 11:45:12 | 000,075,304 | -H-- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2001/11/12 12:31:48 | 000,020,480 | -H-- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/15 19:50:07 | 000,998,400 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011/10/15 19:47:50 | 000,771,584 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/15 19:47:47 | 011,804,672 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/10/15 19:47:05 | 000,971,264 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/15 17:58:12 | 005,450,752 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/15 17:50:45 | 012,430,848 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/15 17:50:22 | 001,587,200 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/15 17:48:48 | 007,950,848 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/15 17:48:40 | 011,490,816 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/10/09 12:14:22 | 000,034,816 | -H-- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/03/31 19:04:19 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_nl_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009/03/31 19:04:19 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_nl_b77a5c561934e089\System.resources.dll
MOD - [2009/03/31 19:04:19 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_nl_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009/03/31 19:04:18 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007/08/15 15:30:38 | 000,233,472 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2736.38325__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2007/08/15 15:30:36 | 000,073,728 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2736.38339__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2007/08/15 15:30:35 | 000,438,272 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2736.38346__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2007/08/15 15:30:35 | 000,208,896 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2736.38389__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2007/08/15 15:30:34 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2700.34701__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2007/08/15 15:30:34 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2700.34689__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2007/08/15 15:30:34 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2700.34706__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2007/08/15 15:30:34 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2700.34739__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,065,536 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2700.34728__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,053,248 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2700.34714__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,053,248 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2700.34722__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,049,152 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2700.34674__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,049,152 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2700.34697__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,049,152 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2700.34727__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,045,056 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2007/08/15 15:30:33 | 000,045,056 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2705.19134__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,040,960 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2700.34759__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,040,960 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2700.34721__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,040,960 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2700.34726__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,032,768 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2700.34671__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,028,672 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2700.34808__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2007/08/15 15:30:33 | 000,028,672 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2700.34716__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,028,672 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2700.34721__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2700.34680__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.2700.34739__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2700.34758__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Shared\2.0.2700.34723__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2700.34724__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2700.34672__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2700.34751__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2700.34705__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2700.34694__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2700.34686__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2700.34717__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Shared\2.0.2700.34753__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2700.34704__90ba9c70f846762e\APM.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2700.34703__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2700.34718__90ba9c70f846762e\DEM.OS.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2700.34754__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2700.34702__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2700.34729__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2700.34697__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2007/08/15 15:30:32 | 000,086,016 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2736.38600_nl_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2007/08/15 15:30:32 | 000,036,864 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2736.38653__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2007/08/15 15:30:32 | 000,006,656 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2736.38316__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2007/08/15 15:30:31 | 001,503,232 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2736.38333__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2007/08/15 15:30:31 | 000,471,040 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2736.38354__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2007/08/15 15:30:31 | 000,446,464 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2736.38600__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2007/08/15 15:30:31 | 000,102,400 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2736.38608__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2007/08/15 15:30:31 | 000,069,632 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2736.38317__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2007/08/15 15:30:31 | 000,061,440 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2736.38607__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2007/08/15 15:30:31 | 000,040,960 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2700.34690__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2007/08/15 15:30:31 | 000,040,960 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2700.34706__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2007/08/15 15:30:31 | 000,040,960 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2700.34698__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2007/08/15 15:30:31 | 000,032,768 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2700.34681__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2007/08/15 15:30:31 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2700.34752__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2007/08/15 15:30:31 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2700.34708__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2007/08/15 15:30:31 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2700.34711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2007/08/15 15:30:30 | 000,065,536 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2736.38318__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2007/08/15 15:30:30 | 000,045,056 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2736.38317__90ba9c70f846762e\APM.Server.dll
MOD - [2007/08/15 15:30:30 | 000,045,056 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2736.38316__90ba9c70f846762e\AEM.Server.dll
MOD - [2007/08/15 15:30:30 | 000,032,768 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2736.38608__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2007/08/15 15:30:30 | 000,032,768 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2007/06/27 02:51:00 | 000,159,744 | -H-- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007/02/14 12:55:12 | 000,165,424 | ---- | M] () -- C:\Program Files\Panda Security\Panda Internet Security 2012\MiniCrypto.dll
MOD - [2004/05/19 10:33:12 | 000,507,904 | ---- | M] () -- C:\Program Files\Panda Security\Panda Internet Security 2012\LIBXML2.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SymAppCore)
SRV - File not found [Auto | Stopped] -- -- (Planner voor Automatische LiveUpdate)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/14 15:07:56 | 000,156,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\TPSrv.exe -- (TPSrv)
SRV - [2010/10/20 14:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2010/08/16 13:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PskSvc.exe -- (PskSvcRetail)
SRV - [2010/06/04 09:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\pavsrvx86.exe -- (PAVSRV)
SRV - [2009/11/26 16:03:56 | 000,226,560 | ---- | M] (Panda Security International) [Auto | Running] -- c:\program files\panda security\panda internet security 2012\firewall\PSHOST.EXE -- (PSHost)
SRV - [2009/08/10 13:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PsCtrls.exe -- (Panda Software Controller)
SRV - [2009/01/26 14:31:10 | 001,153,368 | -H-- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/06/19 11:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PsImSvc.exe -- (PSIMSVC)
SRV - [2008/02/04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/12 10:22:00 | 000,517,768 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe -- (LiveUpdate Notice Service)
SRV - [2001/11/12 12:31:48 | 000,020,480 | -H-- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (PavTPK.sys)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/07 21:37:24 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\COMFiltr.sys -- (ComFiltr)
DRV - [2011/02/21 13:38:32 | 000,037,448 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ShlDrv51.sys -- (ShldDrv)
DRV - [2011/01/31 15:41:28 | 000,083,528 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\APPFLT.SYS -- (APPFLT)
DRV - [2010/09/09 15:23:00 | 000,193,864 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\idsflt.sys -- (IDSFLT)
DRV - [2010/09/01 10:09:14 | 000,201,032 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\neti1644.sys -- (NETIMFLT01060044)
DRV - [2010/06/22 17:13:00 | 000,026,696 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\pavboot.sys -- (pavboot)
DRV - [2010/05/21 12:50:40 | 000,054,344 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\amm8660.sys -- (AmFSM)
DRV - [2010/05/06 16:11:58 | 000,163,848 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PavProc.sys -- (PavProc)
DRV - [2009/09/25 13:54:08 | 000,046,856 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\wnmflt.sys -- (WNMFLT)
DRV - [2009/09/25 13:54:06 | 000,159,112 | ---- | M] (Panda Security, S.L.) [TDI Layer] [Kernel | System | Running] -- C:\Windows\System32\drivers\NETFLTDI.SYS -- (NETFLTDI)
DRV - [2009/09/25 13:54:04 | 000,022,024 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\fnetmon.sys -- (FNETMON)
DRV - [2009/09/25 13:54:02 | 000,053,256 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\dsaflt.sys -- (DSAFLT)
DRV - [2007/07/23 14:07:52 | 001,223,008 | -H-- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007/06/27 03:00:42 | 002,770,432 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/06/27 03:00:42 | 002,770,432 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/06/25 12:37:24 | 000,084,480 | -H-- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/05/14 09:10:02 | 000,135,400 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2006/11/17 09:31:04 | 000,013,976 | -H-- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006/10/30 16:23:12 | 000,007,680 | -H-- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2005/10/18 01:50:06 | 000,245,376 | -H-- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rt2500usb.sys -- (RT2500USB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nieuwsblad.be/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft..../?LinkId=69157"
FF - prefs.js..keyword.URL: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Users\florien\AppData\Roaming\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/26 18:29:51 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/26 18:29:51 | 000,000,000 | -H-D | M]

[2009/06/14 12:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lucas\AppData\Roaming\mozilla\Extensions
[2011/12/26 16:50:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\lucas\AppData\Roaming\mozilla\Firefox\Profiles\m1jku03x.default\extensions
[2012/01/07 00:17:28 | 000,000,000 | ---D | M] (Spam Free Search Bar) -- C:\Users\lucas\AppData\Roaming\mozilla\Firefox\Profiles\m1jku03x.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}
[2012/01/07 10:53:40 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\lucas\AppData\Roaming\mozilla\Firefox\Profiles\m1jku03x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/06 21:31:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lucas\AppData\Roaming\mozilla\Firefox\Profiles\m1jku03x.default\extensions\[email protected]
[2011/11/17 19:25:44 | 000,002,333 | ---- | M] () -- C:\Users\lucas\AppData\Roaming\Mozilla\Firefox\Profiles\m1jku03x.default\searchplugins\askcom.xml
[2009/11/14 13:49:54 | 000,002,163 | ---- | M] () -- C:\Users\lucas\AppData\Roaming\Mozilla\Firefox\Profiles\m1jku03x.default\searchplugins\bing.xml
[2011/12/17 17:07:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/17 17:07:22 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/11/10 05:54:13 | 000,476,904 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/03 19:38:20 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/12/16 22:14:50 | 000,002,067 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml
[2008/02/08 10:12:30 | 000,001,890 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2008/02/11 22:02:16 | 000,004,558 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2007/11/09 10:17:02 | 000,001,111 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\vandale-nl.xml
[2008/03/18 12:19:22 | 000,001,049 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml
[2007/11/09 10:17:02 | 000,000,802 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Internet Security 2012\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &Verzenden naar OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://focilux.photo...geUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.5 195.130.131.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CE621A6-AD07-46A5-9937-A50BAA9CCD32}: DhcpNameServer = 195.130.130.5 195.130.131.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4719DAC7-5553-4158-A4E8-49B357D04C07}: DhcpNameServer = 195.130.130.5 195.130.131.5
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avldr: DllName - (avldr.dll) - C:\Windows\System32\avldr.dll (On-Access Anti-Malware Scanner Sync)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/07 11:07:21 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{B61184D8-A594-4B26-858E-D45FF1195C0D}
[2012/01/07 11:02:35 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{26ACF9BC-EEA2-49C3-BA3D-B2DC31816637}
[2012/01/07 06:54:06 | 000,000,000 | ---D | C] -- C:\NBRT
[2012/01/07 00:17:37 | 000,000,000 | ---D | C] -- C:\Program Files\Anti-Hijacker
[2012/01/07 00:17:34 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\blekkotb
[2012/01/07 00:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\blekkotb
[2012/01/06 21:41:30 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\CrashDumps
[2012/01/06 19:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2012/01/06 19:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/01/06 19:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/01/06 19:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/01/06 18:56:25 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{CA5D2AE9-0AE7-471C-9924-1811B2AE103B}
[2012/01/06 18:56:21 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{75750C5B-17A3-4805-AB86-E48EB8270F0E}
[2012/01/04 19:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware(87)
[2012/01/04 19:12:55 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\AMD
[2012/01/04 12:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
[2012/01/04 12:04:36 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{76208897-001C-4D7C-920D-BD6636BE50D3}
[2012/01/04 12:04:21 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{C6D2A597-5D31-448A-8264-4DE002100C4B}
[2012/01/03 19:52:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012/01/03 19:37:02 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\Babylon
[2012/01/03 19:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/01/03 19:35:54 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Roaming\Babylon
[2012/01/03 16:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/01/03 16:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/01/03 16:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/01/03 16:16:21 | 000,000,000 | ---D | C] -- C:\ATI
[2012/01/03 16:05:51 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Roaming\UpdateStar Drivers
[2012/01/03 10:57:10 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{881E9B3A-284E-4595-A758-74E06C363FEA}
[2012/01/03 10:47:31 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{EFCDB3E5-383B-4D5A-8B8C-109D32787E38}
[2012/01/02 15:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/02 08:35:39 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{7F8AA3F9-569F-4E90-9AC3-A3C2681E2DE0}
[2012/01/02 08:35:32 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{417BFCC2-4016-4CFE-9C73-0B2102A78BBD}
[2012/01/01 12:29:48 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Roaming\Malwarebytes
[2012/01/01 12:28:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/01 12:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/01 12:28:35 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/01 12:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/01 12:24:03 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{0F0F0D63-AC5F-4C03-AF14-7E0FA4CD6741}
[2012/01/01 12:23:47 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{01B32FDB-4867-460A-BF6B-2A8808A68EEB}
[2011/12/29 14:22:37 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{F9D1B573-5EBC-41EC-9DC1-615EA22A6397}
[2011/12/29 14:22:32 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{8DE3C406-A7B8-4B5B-BC2F-F19BDA806290}
[2011/12/26 18:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/26 18:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/26 18:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/26 18:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/12/26 18:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/12/26 18:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/12/26 14:14:57 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{1AD215CA-E7DB-490F-9A0E-D604033C481A}
[2011/12/26 14:14:29 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{7E42C883-1AEE-47B9-AEEA-8E552548C417}
[2011/12/26 11:31:11 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{8E7676A0-188C-49D7-BF9A-29F70088F4B5}
[2011/12/26 11:28:24 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{746E5648-7DEF-454B-B63D-87C12A54624D}
[2011/12/23 14:19:58 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{AE50F54E-EA65-48BA-BFC9-0A3E285CD4D7}
[2011/12/23 14:19:39 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{7DD73C0F-A91B-4E1B-A3BB-C902525DAEBD}
[2011/12/21 20:47:49 | 000,000,000 | -H-D | C] -- C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
[2011/12/21 19:51:07 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{CDA79A3E-1ED0-43F9-89A6-E03230CB889A}
[2011/12/21 19:50:47 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{63F76908-BB09-4FCE-9115-B03E4FA1B1EF}
[2011/12/21 06:42:20 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{C5ED23B5-A5A4-4618-A5CD-8545FF772892}
[2011/12/21 06:42:03 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{43F83D1E-4F32-41AE-B7AD-8AC7F494FF14}
[2011/12/18 15:09:15 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{5631881B-CB3F-43EE-9B2C-9B1C99111FE7}
[2011/12/18 15:09:08 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{3138F31D-C47E-44E0-8D33-5D2FFAC37F5B}
[2011/12/17 17:11:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Sun
[2011/12/17 17:10:53 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Java
[2011/12/13 20:52:10 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{B8938420-0AFC-4957-8293-34FE26CAACDA}
[2011/12/13 20:51:50 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{AB1E645A-F06C-480F-AA4E-84FB41D5C059}
[2011/12/10 13:32:12 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{A169AB74-9A33-4223-AE39-F83C3D448901}
[2011/12/10 13:32:06 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{8D8BAD50-5F25-471C-999F-22274F3EA635}
[2011/12/10 12:50:39 | 000,000,000 | -H-D | C] -- C:\Windows\nl
[2011/12/10 11:53:46 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{518DA911-14BD-473A-A0DF-F3F69A78BD6E}
[2011/12/10 11:53:30 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{5329616F-1A4B-428F-91E3-8B0BB15A76B8}
[2011/12/09 20:47:23 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{75394A5A-A9BB-49DC-9FAC-CF5763C81599}
[2011/12/09 20:46:28 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{16FC7CEB-3362-4FBF-993B-C09511D47634}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/07 19:10:03 | 000,001,042 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/07 19:02:00 | 000,001,074 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2528648001-3019182305-1618475911-1003UA.job
[2012/01/07 18:58:21 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/07 18:58:21 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/07 18:32:39 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG.bck
[2012/01/07 18:32:39 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG
[2012/01/07 18:32:39 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg.bck
[2012/01/07 18:32:39 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg
[2012/01/07 18:32:39 | 000,000,104 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt.bck
[2012/01/07 18:32:39 | 000,000,104 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt
[2012/01/07 18:32:39 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg.bck
[2012/01/07 18:32:39 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg
[2012/01/07 18:32:39 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg.bck
[2012/01/07 18:32:39 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg
[2012/01/07 18:32:39 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg.bck
[2012/01/07 18:32:39 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg
[2012/01/07 18:32:37 | 000,303,044 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls.bck
[2012/01/07 18:32:37 | 000,303,044 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls
[2012/01/07 18:09:03 | 000,001,038 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/07 16:02:00 | 000,001,022 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2528648001-3019182305-1618475911-1003Core.job
[2012/01/07 11:58:21 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/07 11:17:50 | 000,300,072 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck
[2012/01/07 11:17:50 | 000,300,072 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT
[2012/01/07 11:17:33 | 000,000,940 | ---- | M] () -- C:\Users\lucas\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/01/07 11:05:35 | 000,000,152 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg.bck
[2012/01/07 11:05:35 | 000,000,152 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg
[2012/01/07 10:56:28 | 000,000,060 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt.bck
[2012/01/07 10:56:28 | 000,000,060 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt
[2012/01/07 10:55:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/07 10:55:34 | 938,926,080 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/07 00:18:20 | 000,001,356 | ---- | M] () -- C:\Users\lucas\AppData\Local\d3d9caps.dat
[2011/12/26 18:40:36 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/26 18:29:38 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/12/21 22:04:39 | 000,000,448 | -H-- | M] () -- C:\ProgramData\xyVnk1DM374bcg
[2011/12/21 22:03:27 | 000,008,627 | -H-- | M] () -- C:\Windows\System32\PAV_FOG.OPC
[2011/12/21 22:03:21 | 000,000,312 | -H-- | M] () -- C:\ProgramData\~xyVnk1DM374bcg
[2011/12/21 22:03:21 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~xyVnk1DM374bcgr
[2011/12/21 22:02:55 | 000,000,629 | -H-- | M] () -- C:\Users\lucas\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/21 21:58:52 | 000,438,144 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/21 20:51:43 | 000,000,440 | -H-- | M] () -- C:\ProgramData\XbjbnAJdxZhEWK
[2011/12/21 20:48:19 | 000,000,312 | -H-- | M] () -- C:\ProgramData\~XbjbnAJdxZhEWK
[2011/12/21 20:48:19 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~XbjbnAJdxZhEWKr
[2011/12/21 20:47:50 | 000,000,605 | -H-- | M] () -- C:\Users\lucas\Desktop\System Fix.lnk
[2011/12/18 17:49:25 | 000,679,906 | -H-- | M] () -- C:\Windows\System32\perfh013.dat
[2011/12/18 17:49:25 | 000,598,702 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/18 17:49:25 | 000,131,026 | -H-- | M] () -- C:\Windows\System32\perfc013.dat
[2011/12/18 17:49:25 | 000,104,716 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/07 11:17:33 | 000,000,940 | ---- | C] () -- C:\Users\lucas\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/01/07 10:55:34 | 938,926,080 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/03 10:58:57 | 000,001,356 | ---- | C] () -- C:\Users\lucas\AppData\Local\d3d9caps.dat
[2012/01/01 12:28:42 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/26 18:40:36 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/26 18:29:38 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/12/26 14:27:03 | 000,002,593 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/12/21 22:03:21 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~xyVnk1DM374bcg
[2011/12/21 22:03:21 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~xyVnk1DM374bcgr
[2011/12/21 22:02:55 | 000,000,629 | -H-- | C] () -- C:\Users\lucas\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/21 22:02:42 | 000,000,448 | -H-- | C] () -- C:\ProgramData\xyVnk1DM374bcg
[2011/12/21 20:48:18 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~XbjbnAJdxZhEWK
[2011/12/21 20:48:18 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~XbjbnAJdxZhEWKr
[2011/12/21 20:47:50 | 000,000,605 | -H-- | C] () -- C:\Users\lucas\Desktop\System Fix.lnk
[2011/12/21 20:47:43 | 000,000,440 | -H-- | C] () -- C:\ProgramData\XbjbnAJdxZhEWK
[2011/06/07 21:37:24 | 000,013,880 | ---- | C] () -- C:\Windows\System32\drivers\COMFiltr.sys
[2011/06/07 21:36:49 | 000,000,262 | -H-- | C] () -- C:\Windows\System32\PavCPL.dat
[2011/06/07 21:36:38 | 000,300,072 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck
[2011/06/07 21:36:38 | 000,300,072 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT
[2011/02/07 21:03:54 | 000,000,106 | ---- | C] () -- C:\Users\lucas\AppData\Roaming\wklnhst.dat
[2009/09/19 19:44:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/19 19:43:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | -H-- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | -H-- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/14 12:24:44 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2009/06/14 12:01:14 | 000,000,000 | -H-- | C] () -- C:\ProgramData\Sounds
[2009/06/13 16:18:07 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/06/13 16:18:07 | 000,000,000 | ---- | C] () -- C:\Users\lucas\AppData\Roaming\Standard
[2009/06/09 20:54:48 | 000,055,296 | -H-- | C] () -- C:\Users\lucas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/17 16:00:56 | 000,000,069 | -H-- | C] () -- C:\Windows\NeroDigital.ini
[2008/12/22 18:06:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/03/23 16:25:57 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLec.DAT
[2008/02/24 14:16:29 | 000,000,392 | -H-- | C] () -- C:\Windows\ODBC.INI
[2008/01/13 15:28:43 | 000,000,268 | RH-- | C] () -- C:\ProgramData\StartupItems
[2008/01/13 15:28:43 | 000,000,268 | R--- | C] () -- C:\Users\lucas\AppData\Roaming\Speech Enhancer
[2008/01/13 15:28:43 | 000,000,012 | RH-- | C] () -- C:\ProgramData\String Comparison
[2008/01/13 15:28:42 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLds.DAT
[2008/01/03 21:05:56 | 000,015,377 | -H-- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007/10/07 19:37:07 | 000,000,416 | -H-- | C] () -- C:\Windows\MAXLINK.INI
[2007/08/13 13:57:52 | 000,127,184 | -H-- | C] () -- C:\Windows\Unwise.exe
[2007/08/10 13:20:57 | 003,107,788 | -H-- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/08/10 13:20:57 | 000,159,744 | -H-- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/08/10 13:20:56 | 000,144,773 | -H-- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/08/10 12:11:57 | 000,009,824 | -H-- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2006/11/02 17:11:51 | 000,679,906 | -H-- | C] () -- C:\Windows\System32\perfh013.dat
[2006/11/02 17:11:51 | 000,336,440 | -H-- | C] () -- C:\Windows\System32\perfi013.dat
[2006/11/02 17:11:51 | 000,131,026 | -H-- | C] () -- C:\Windows\System32\perfc013.dat
[2006/11/02 17:11:51 | 000,041,976 | -H-- | C] () -- C:\Windows\System32\perfd013.dat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,438,144 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,598,702 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,104,716 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2012/01/03 19:35:54 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\Babylon
[2007/10/10 06:53:59 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\BullGuard
[2010/07/27 20:16:25 | 000,000,000 | -H-D | M] -- C:\Users\lucas\AppData\Roaming\Canon
[2011/12/21 20:47:13 | 000,000,000 | -H-D | M] -- C:\Users\lucas\AppData\Roaming\Dropbox
[2009/06/13 16:22:19 | 000,000,000 | -H-D | M] -- C:\Users\lucas\AppData\Roaming\Nikon
[2011/06/07 21:30:26 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\Panda Security
[2007/10/07 19:36:59 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\ScanSoft
[2011/02/07 21:04:01 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\Template
[2008/03/23 17:32:35 | 000,000,000 | -H-D | M] -- C:\Users\lucas\AppData\Roaming\Ulead Systems
[2012/01/03 20:30:10 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\UpdateStar Drivers
[2012/01/02 12:43:34 | 000,032,590 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

#3
CompCav
Posted 10 January 2012 - 02:04 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
TeaTimer can sometimes prevent OTL from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.


Step 1.

Download RogueKiller to your desktop.

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.


Step 2.

Rerun RogueKiller
  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.


Step 3.

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
[2012/01/07 00:17:28 | 000,000,000 | ---D | M] (Spam Free Search Bar) -- C:\Users\lucas\AppData\Roaming\mozilla\Firefox\Profiles\m1jku03x.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}
[2012/01/06 21:31:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lucas\AppData\Roaming\mozilla\Firefox\Profiles\m1jku03x.default\extensions\[email protected]
[2011/11/17 19:25:44 | 000,002,333 | ---- | M] () -- C:\Users\lucas\AppData\Roaming\Mozilla\Firefox\Profiles\m1jku03x.default\searchplugins\askcom.xml
[2011/12/17 17:07:22 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/11/10 05:54:13 | 000,476,904 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/03 19:38:20 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://focilux.photo...geUploader4.cab (Image Uploader Control)
[2012/01/03 19:37:02 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\Babylon
[2012/01/03 19:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/01/03 19:35:54 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Roaming\Babylon
[2011/12/21 20:47:49 | 000,000,000 | -H-D | C] -- C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
[2011/12/17 17:11:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Sun
[2011/12/17 17:10:53 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Java
[2011/12/21 22:04:39 | 000,000,448 | -H-- | M] () -- C:\ProgramData\xyVnk1DM374bcg
[2011/12/21 22:03:27 | 000,008,627 | -H-- | M] () -- C:\Windows\System32\PAV_FOG.OPC
[2011/12/21 22:03:21 | 000,000,312 | -H-- | M] () -- C:\ProgramData\~xyVnk1DM374bcg
[2011/12/21 22:03:21 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~xyVnk1DM374bcgr
[2011/12/21 22:02:55 | 000,000,629 | -H-- | M] () -- C:\Users\lucas\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/21 20:51:43 | 000,000,440 | -H-- | M] () -- C:\ProgramData\XbjbnAJdxZhEWK
[2011/12/21 20:48:19 | 000,000,312 | -H-- | M] () -- C:\ProgramData\~XbjbnAJdxZhEWK
[2011/12/21 20:48:19 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~XbjbnAJdxZhEWKr
[2011/12/21 20:47:50 | 000,000,605 | -H-- | M] () -- C:\Users\lucas\Desktop\System Fix.lnk
[2011/12/21 22:02:42 | 000,000,448 | -H-- | C] () -- C:\ProgramData\xyVnk1DM374bcg
[2011/12/21 20:47:43 | 000,000,440 | -H-- | C] () -- C:\ProgramData\XbjbnAJdxZhEWK
[2012/01/03 19:35:54 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\Babylon



:files
ipconfig /flushdns /c
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C


:Commands
[purity]
[resethosts]
[emptyflash]
[emptyjava]
[createrestorepoint]
[Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.



Step 4.

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


Step 5.

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 6.

Re-run OTL on your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 7.

Please Post:

both RkReport.txt files
OTL fix log
aswMBR log
TDSSKiller log
OTL.txt
Extras.txt


How is your computer doing?
  • 0

#4
Essexboy
Posted 14 January 2012 - 06:42 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP