Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

internet explorer redirecting again [Closed]


  • This topic is locked This topic is locked

#1
green and black

green and black

    New Member

  • Member
  • Pip
  • 6 posts
hi again,

I already signed in as green boy with a malware problem but my topic has been closed on the 14 the of january. I got an answer very quickly but as I am a new member and I'm not very strong with computers, I wasn't able to find your answer , with the result that I have been closed.
The first time my sister in law helped me in placing the attached file (you can find it under 'green boy' I forgot my password . Because I also have serious problems to find my e-mails, I cannot reask my password so I opened a new topic.
I appologize for this, please can you help me.
I suspect I have a serious problem (malware or worse) .
In my first account 'green boy' i was adviced to open spybot search & distroy, but since I have removed it, I am not able to do a new download.
So I am even not able to begin with the solution.
Is it really necessary to open spybot or can I skip this part ?

Thank you for all your help
  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
This is CompCav. Glad you came back. If you do not have SpyBot anymore then you do not need to disable it. Please follow these instructions.

Step 1.

Download RogueKiller to your desktop.

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.


Step 2.

Rerun RogueKiller
  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.


Step 3.

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    [2012/01/07 00:17:28 | 000,000,000 | ---D | M] (Spam Free Search Bar) -- C:\Users\lucas\AppData\Roaming\mozilla\Firefox\Profiles\m1jku03x.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}
    [2012/01/06 21:31:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lucas\AppData\Roaming\mozilla\Firefox\Profiles\m1jku03x.default\extensions\[email protected]
    [2011/11/17 19:25:44 | 000,002,333 | ---- | M] () -- C:\Users\lucas\AppData\Roaming\Mozilla\Firefox\Profiles\m1jku03x.default\searchplugins\askcom.xml
    [2011/12/17 17:07:22 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
    [2011/11/10 05:54:13 | 000,476,904 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/01/03 19:38:20 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O2 - BHO: (Javaô Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://focilux.photo...geUploader4.cab (Image Uploader Control)
    [2012/01/03 19:37:02 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\Babylon
    [2012/01/03 19:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2012/01/03 19:35:54 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Roaming\Babylon
    [2011/12/21 20:47:49 | 000,000,000 | -H-D | C] -- C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
    [2011/12/17 17:11:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Sun
    [2011/12/17 17:10:53 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Java
    [2011/12/21 22:04:39 | 000,000,448 | -H-- | M] () -- C:\ProgramData\xyVnk1DM374bcg
    [2011/12/21 22:03:27 | 000,008,627 | -H-- | M] () -- C:\Windows\System32\PAV_FOG.OPC
    [2011/12/21 22:03:21 | 000,000,312 | -H-- | M] () -- C:\ProgramData\~xyVnk1DM374bcg
    [2011/12/21 22:03:21 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~xyVnk1DM374bcgr
    [2011/12/21 22:02:55 | 000,000,629 | -H-- | M] () -- C:\Users\lucas\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
    [2011/12/21 20:51:43 | 000,000,440 | -H-- | M] () -- C:\ProgramData\XbjbnAJdxZhEWK
    [2011/12/21 20:48:19 | 000,000,312 | -H-- | M] () -- C:\ProgramData\~XbjbnAJdxZhEWK
    [2011/12/21 20:48:19 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~XbjbnAJdxZhEWKr
    [2011/12/21 20:47:50 | 000,000,605 | -H-- | M] () -- C:\Users\lucas\Desktop\System Fix.lnk
    [2011/12/21 22:02:42 | 000,000,448 | -H-- | C] () -- C:\ProgramData\xyVnk1DM374bcg
    [2011/12/21 20:47:43 | 000,000,440 | -H-- | C] () -- C:\ProgramData\XbjbnAJdxZhEWK
    [2012/01/03 19:35:54 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\Babylon
    
    
    
    :files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    
    
    :Commands
    [purity]
    [resethosts]
    [emptyflash]
    [emptyjava]
    [createrestorepoint]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.



Step 4.

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


Step 5.

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 6.

Re-run OTL on your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 7.

Please Post:

both RkReport.txt files
OTL fix log
aswMBR log
TDSSKiller log
OTL.txt
Extras.txt



How is your computer doing?
  • 0

#3
green and black

green and black

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hallo,

Many thanks for your help. While executing all the instructions you gave me I had 2 problems : rogue killer asked me in step 2 to introduce a
disk. I put a disk in, but he didn't recognize it. So i skipped this part.
second issue : tdss killer (step 5) : cure was not available, i skipped (i didn't use delete).

I hope my computer is save now. Can you please tell me if it is save to do homebanking again. With these problems I don't trust me computer completely.

While searching for the files to post I didn't find OTL.fix log and extras.txt. The rest is post now.

Kind regards and thanks for everything

Attached Files


  • 0

#4
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Please do not attach files. copy them and paste them into your posts.

I do need the RogueKiller with option 2 selected.

So go back to my instructions and delete your current copy of RogueKiller and then download it again and run it as in Step 1. above.

The Extras file is on your desktop as an icon that says Extras

Please post it.


So in your next post do not attach but please post your RogueKiller file from Step 1. and the Extras file.

Edited by CompCav, 19 January 2012 - 05:03 PM.

  • 0

#5
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Please also redo Step 3.

You did not do the fix and nothing is fixed on your computer except a few minor files.

Please read my instructions carefully and do Step 3.

If you do not understand how to do something please ask. I will be glad to assist you but you must ask if you do not understand.
  • 0

#6
green and black

green and black

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi,

Thanks for your quick answer.

I hope you have received now everything you hoped for. I hope I have done it right this time ( I presume I just go to the file and select the text in it and do a copy and paste. Please let me know if I haven't done it right, and inform me how I must do it in the correct way. Thanks for everything !!!!

Error: Unable to interpret <:OTLIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.localFF - prefs.js..network.proxy.no_proxies_on: "*.local"FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)[2012/01/07 00:17:28 | 000,000,000 | ---D | M] (Spam Free Search Bar) -- C:\Users\lucas\AppData\Roaming\mozilla\Firefox\Profiles\m1jku03x.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}[2012/01/06 21:31:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lucas\AppData\Roaming\mozilla\Firefox\Profiles\m1jku03x.default\extensions\[email protected][2011/11/17 19:25:44 | 000,002,333 | ---- | M] () -- C:\Users\lucas\AppData\Roaming\Mozilla\Firefox\Profiles\m1jku03x.default\searchplugins\askcom.xml[2011/12/17 > in the current context!
Error: Unable to interpret <17:07:22 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}[2011/11/10 05:54:13 | 000,476,904 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll[2012/01/03 19:38:20 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xmlO2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.O2 - BHO: (Javaô Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0> in the current context!
Error: Unable to interpret <_30)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://focilux.photo...geUploader4.cab (Image Uploader Control)[2012/01/03 19:37:02 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\Babylon[2012/01/03 19:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon[2012/01/03 19:35:54 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Roaming\Babylon[2011/12/21 20:47:49 | 000,000,000 | -H-D | C] -- C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix[2011/12/17 17:11:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Sun[2011/12/17 17:10:53 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Java[2011/12/21 22:04:39 | 000,000,448 | -H-- | > in the current context!
Error: Unable to interpret <M] () -- C:\ProgramData\xyVnk1DM374bcg[2011/12/21 22:03:27 | 000,008,627 | -H-- | M] () -- C:\Windows\System32\PAV_FOG.OPC[2011/12/21 22:03:21 | 000,000,312 | -H-- | M] () -- C:\ProgramData\~xyVnk1DM374bcg[2011/12/21 22:03:21 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~xyVnk1DM374bcgr[2011/12/21 22:02:55 | 000,000,629 | -H-- | M] () -- C:\Users\lucas\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk[2011/12/21 20:51:43 | 000,000,440 | -H-- | M] () -- C:\ProgramData\XbjbnAJdxZhEWK[2011/12/21 20:48:19 | 000,000,312 | -H-- | M] () -- C:\ProgramData\~XbjbnAJdxZhEWK[2011/12/21 20:48:19 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~XbjbnAJdxZhEWKr[2011/12/21 20:47:50 | 000,000,605 | -H-- | M] () -- C:\Users\lucas\Desktop\System Fix.lnk[2011/12/21 22:02:42 | 000,000,448 | -H-- | C] () -- C:\ProgramData\xyVnk1DM374bcg[2011/12/21 20:47:43 | 000,000,440 | -H-- | C] () -- C:\ProgramData\XbjbnAJdxZhEWK[2012/01/03 19:35:54 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\Babylon:fil> in the current context!
Error: Unable to interpret <esipconfig /flushdns /cxcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /Cxcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /Cxcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /Cxcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C:Commands[purity][resethosts][emptyflash][emptyjava][createrestorepoint][Reboot]> in the current context!
Error: Unable to interpret < > in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 01232012_200505


RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: lucas [Admin rights]
Mode: Remove -- Date : 01/23/2012 19:58:53

§§§ Bad processes: 0 §§§

§§§ Registry Entries: 0 §§§

§§§ Particular Files / Folders: §§§

§§§ Driver: [LOADED] §§§

§§§ Infection : §§§

§§§ HOSTS File: §§§
127.0.0.1 localhost


§§§ MBR Check: §§§

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 1cfbc8685a3a8756522651b42f2f3cbb
[BSP] 0d75c667ab351c3bfa9122b8080e72ed : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 327962 Mo
1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 640552960 | Size: 32114 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

OTL Extras logfile created on: 7/01/2012 19:03:36 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\lucas\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000813 | Country: BelgiŽ | Language: NLB | Date Format: d/MM/yyyy

894,70 Mb Total Physical Memory | 188,34 Mb Available Physical Memory | 21,05% Memory free
2,19 Gb Paging File | 0,41 Gb Available in Paging File | 18,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 305,44 Gb Total Space | 199,27 Gb Free Space | 65,24% Space Free | Partition Type: NTFS
Drive D: | 29,89 Gb Total Space | 23,17 Gb Free Space | 77,49% Space Free | Partition Type: FAT32

Computer Name: PCTHUIS | User Name: lucas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.jse [@ = JSEFile] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.vbe [@ = VBEFile] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.vbs [@ = VBSFile] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.wsf [@ = WSFFile] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.wsh [@ = WSHFile] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PAVSCRIP.EXE (Panda Security, S.L.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
jsefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
vbsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
wsffile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
wshfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DF53E65-E41B-49E4-B3E1-8E0B0057241A}" = lport=445 | protocol=6 | dir=in | app=system |
"{15613FA8-433F-4E76-B269-58A7CD996804}" = lport=138 | protocol=17 | dir=in | app=system |
"{1BA534B2-7D74-4746-89DC-16E8D019A524}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2399E440-34F4-4033-B5CC-6D986E97309D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{47EFC03C-4D53-4F3C-941A-FEB6750D00D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{635AE052-F7ED-4F4E-BFD0-FE26C88D9EB3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{70FF8A32-53EF-4421-B63D-6828E0EA50BE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{7A103DDF-9C87-4230-B181-599371F8A89D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{887BA4F7-3888-446B-9F3E-C56C86418D14}" = rport=445 | protocol=6 | dir=out | app=system |
"{8E071349-67BB-4F29-A86B-F1BE2F889C81}" = rport=137 | protocol=17 | dir=out | app=system |
"{96C1FCCB-42A2-44FD-AADB-E58FD4353A95}" = rport=139 | protocol=6 | dir=out | app=system |
"{9F4E5462-DBFD-4A97-8A6C-D8695A85BAC3}" = lport=139 | protocol=6 | dir=in | app=system |
"{AE1794E0-659C-4D87-ABE1-4800348B8F0B}" = lport=137 | protocol=17 | dir=in | app=system |
"{CA14F1A8-B7DA-4B7B-A034-3958C84AEC99}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{CDF07CAC-7E2D-463F-9C99-87E0084094EB}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{102B5448-A28B-4559-907F-41D8347F8A0D}" = protocol=58 | dir=in | [email protected],-28545 |
"{15FF1E9F-34EB-4808-A495-ED4802304380}" = dir=in | app=c:\program files\home cinema\powerdvd\powerdvd.exe |
"{34AA3724-185D-4BC9-AD19-64FA326B9F8A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3FE604F7-828E-4B30-9AFF-AC4CAC68E73C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5934114F-E7E9-4875-A92D-17A84061A165}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{628319D4-43E3-47F5-A2F6-73A8A1394741}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7747E334-6D34-4393-9866-5EF4B6F2520D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{7D1ACD64-ACDB-4A6A-A91B-4F0E3778DF17}" = protocol=1 | dir=out | [email protected],-28544 |
"{80B2C70C-F787-4B1B-B9C2-BCB6A0DFD4FC}" = protocol=58 | dir=out | [email protected],-28546 |
"{94E22273-815B-4D0E-AFBC-7F5B67C163BF}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{9A5B639D-2395-49CF-87C4-0FBDDA5637A0}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{A96E7778-837A-47B7-BC88-12EF72818344}" = protocol=1 | dir=in | [email protected],-28543 |
"{AB07D357-1FF3-4D5A-A886-93606FEAE01D}" = protocol=17 | dir=in | app=c:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe |
"{B20108DE-5976-4AF6-BBFD-FD0E52299B92}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B27C8944-7A63-45D9-8C44-9081B05605C9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B2953FCC-D3DA-44A9-B429-BAD60A2405E7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{C6C4888D-F17B-4B87-95BD-09112D8F5D4A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C8E07BB5-5382-4D38-9C8D-AA4039FC9E8D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{C965A791-B79F-40AE-AAA5-1465D50BC8EA}" = dir=in | app=c:\program files\home cinema\powerdirector\pdr.exe |
"{CC4BB603-55C2-4A6F-8D4D-80FD87303245}" = protocol=6 | dir=in | app=c:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe |
"{E35BD154-A14D-4F11-83F9-52ADD48D1C10}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{FF872B23-68C8-4BAB-A066-5D8E34A27A04}" = dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{768547B4-F24D-4D80-BD76-7A86DE77B891}C:\program files\panda security\panda internet security 2011\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files\panda security\panda internet security 2011\apvxdwin.exe |
"TCP Query User{DE756175-6B7D-4C05-9EF5-FA270D86776B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{6DFE6153-5B8E-45CD-9DEB-3A349B10B6E8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C4EC1F08-C8CA-4B55-93AF-03607E68E212}C:\program files\panda security\panda internet security 2011\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files\panda security\panda internet security 2011\apvxdwin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{072B53D7-DAAD-4562-8764-B528D0ADA7C4}" = Windows Live Family Safety
"{07683848-8EBE-4287-85D8-8EC76D88B906}" = Microsoft Maths 3.0
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D78B2E-7160-ABD1-0963-446FB828D1C3}" = Catalyst Control Center Graphics Previews Vista
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1F649FD8-7201-FD89-F792-1B7D0C36A57C}" = Catalyst Control Center Graphics Previews Common
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 30
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CAFEE26-C4AF-6349-6D99-8B5230F47F5E}" = Skins
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{3F750653-FC3C-45A0-5304-615D63C74D07}" = Catalyst Control Center Core Implementation
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{479DCD93-4372-B11C-B727-D1D9A7AE344F}" = ccc-utility
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5158F1F5-FA1B-4D49-B546-55A5004B89BD}" = Microsoft Works
"{55FC05BC-5022-F24B-6309-FD5A95208F94}" = Catalyst Control Center Graphics Full Existing
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E799CD8-CD78-460F-A987-E00928F5AE02}" = Panda Internet Security 2012
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72FEB3FE-0671-C4B2-5620-64E670493F6D}" = Catalyst Control Center Localization Dutch
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7926EFB6-7CB4-4A9D-AB01-095F67F9D519}" = Panda Internet Security 2012
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{81AB1374-098A-43CB-BE57-31CEB5EB1043}" = Nero 7 Essentials
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0413-0000-0000000FF1CE}" = Compatibiliteitspakket voor het 2007 Microsoft Office system
"{90140000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2010
"{90140000-0015-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2010
"{90140000-0016-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2010
"{90140000-0018-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2010
"{90140000-0019-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2010
"{90140000-001A-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2010
"{90140000-001B-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2010
"{90140000-002C-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{D3B92058-CF96-445F-A297-F7ED19C4E841}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2010
"{90140000-0044-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2010
"{90140000-006E-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{260407D0-98A1-4D9A-A956-3D1DEDDDF3B9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2010
"{90140000-00A1-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2010
"{90140000-00BA-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90300413-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Dutch)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9D426855-A419-932F-8F3A-3270C5E9B3FD}" = CCC Help Dutch
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7D9D2E0-8051-4FCD-DA16-5E44A5B89495}" = Catalyst Control Center Graphics Light
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1043-7B44-A81300000003}" = Adobe Reader 8.1.4 - Nederlands
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1D3568D-BC21-4C50-92A5-2396570DF1DE}_is1" = Panda Secure Vault 5
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEE7A421-E272-FCEA-381A-ED4AACCAA165}" = ccc-core-static
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAD6F509-5DCA-4886-8EA9-A4F6B157CBAC}" = Belgacom Web Install - Belgacom TV
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E34F703A-1C9D-4B1F-ABBE-D7E8800B860D}" = Windows Live Sync
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E75055E0-085C-BD62-CD52-2398F3E84A86}" = Catalyst Control Center Graphics Full New
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Gebruikersregistratie voor Canon MP160" = Gebruikersregistratie voor Canon MP160
"Google Desktop" = Google Desktop
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.60.0.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"Nikon FotoShare" = Nikon FotoShare
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Typ-Top 3.0_is1" = Typ-Top 3.0
"WinLiveSuite" = Windows Live Essentials
"X10Hardware" = X10 Hardware™

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/01/2012 16:41:01 | Computer Name = pcthuis | Source = EventSystem | ID = 4609
Description =

Error - 6/01/2012 16:41:20 | Computer Name = pcthuis | Source = Application Error | ID = 1000
Description = Toepassing met fout SpybotSD.exe, versie 1.6.2.46, tijdstempel 0x2a425e19,
module met fout SpybotSD.exe, versie 1.6.2.46, tijdstempel 0x2a425e19, uitzonderingscode
0xc0000005, foutmarge 0x00004d8a, proces-id 0x5b8, starttijd van toepassing 0x01ccccb38bd0e193.

Error - 6/01/2012 18:38:30 | Computer Name = pcthuis | Source = EventSystem | ID = 4609
Description =

Error - 6/01/2012 19:07:41 | Computer Name = pcthuis | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description =

Error - 6/01/2012 19:11:29 | Computer Name = pcthuis | Source = EventSystem | ID = 4609
Description =

Error - 7/01/2012 5:41:00 | Computer Name = pcthuis | Source = EventSystem | ID = 4609
Description =

Error - 7/01/2012 9:41:06 | Computer Name = pcthuis | Source = Windows Search Service | ID = 3024
Description =

Error - 7/01/2012 11:09:24 | Computer Name = pcthuis | Source = EventSystem | ID = 4609
Description =

Error - 7/01/2012 11:19:13 | Computer Name = pcthuis | Source = Windows Search Service | ID = 3013
Description =

Error - 7/01/2012 11:19:13 | Computer Name = pcthuis | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 30/08/2010 6:46:00 | Computer Name = pcthuis | Source = Media Center Guide | ID = 0
Description = Informatie over gebeurtenis: ERROR: SqmApiWrapper.WaitForUploadComplete
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
returned 10000109 Proces: DefaultDomain Objectnaam: Media Center Guide

Error - 21/12/2010 16:09:13 | Computer Name = pcthuis | Source = Media Center Guide | ID = 0
Description = Informatie over gebeurtenis: ERROR: SqmApiWrapper.WaitForUploadComplete
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
returned 10000109 Proces: DefaultDomain Objectnaam: Media Center Guide

Error - 13/09/2011 15:07:05 | Computer Name = pcthuis | Source = Media Center Guide | ID = 0
Description = Informatie over gebeurtenis: ERROR: SqmApiWrapper.WaitForUploadComplete
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
returned 10000109 Proces: DefaultDomain Objectnaam: Media Center Guide

Error - 13/09/2011 16:42:43 | Computer Name = pcthuis | Source = Media Center Guide | ID = 0
Description = Informatie over gebeurtenis: ERROR: SqmApiWrapper.WaitForUploadComplete
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
returned 10000109 Proces: DefaultDomain Objectnaam: Media Center Guide

[ System Events ]
Error - 7/01/2012 5:41:39 | Computer Name = pcthuis | Source = Service Control Manager | ID = 7001
Description =

Error - 7/01/2012 5:41:39 | Computer Name = pcthuis | Source = Service Control Manager | ID = 7001
Description =

Error - 7/01/2012 5:41:46 | Computer Name = pcthuis | Source = DCOM | ID = 10005
Description =

Error - 7/01/2012 5:41:49 | Computer Name = pcthuis | Source = Service Control Manager | ID = 7001
Description =

Error - 7/01/2012 5:43:08 | Computer Name = pcthuis | Source = DCOM | ID = 10005
Description =

Error - 7/01/2012 5:55:24 | Computer Name = pcthuis | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =

Error - 7/01/2012 5:55:42 | Computer Name = pcthuis | Source = Microsoft-Windows-Eventlog | ID = 22
Description =

Error - 7/01/2012 5:56:21 | Computer Name = pcthuis | Source = Service Control Manager | ID = 7000
Description =

Error - 7/01/2012 6:01:26 | Computer Name = pcthuis | Source = Service Control Manager | ID = 7022
Description =

Error - 7/01/2012 6:15:18 | Computer Name = pcthuis | Source = WinDefend | ID = 2004
Description = %%827 heeft een fout aangetroffen bij het laden van handtekeningen
en probeert terug te keren naar een juiste set handtekeningen. Geprobeerde handtekeningen:
%%824 Foutcode: 0x8050a001 Foutbeschrijving: Er kunnen geen definitiebestanden worden
gevonden die helpen bij het detecteren van ongewenste software. Controleer of er
updates voor de definitiebestanden zijn en probeer het opnieuw. Raadpleeg Help
en ondersteuning voor informatie over het installeren van updates. Laden van handtekeningen:
%%825 Laden van handtekeningversie: 1.117.1973.0 Laden van engineversie: 1.1.7903.0


< End of report >
  • 0

#7
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Thanks for the Extras file!!


Step 1.

Now the OTL fix is still not correct so let me have you try to run it this way:

We need to run an OTL Fix

Please download the attached file named fix.txt to your desktop (where you can see it on your computer screen)
Attached File  fix.txt   4.56KB   38 downloads


  • Please reopen Posted Image on your desktop.
  • Click on the Run Fix button just below the Run Scan button.

    A dialogue box will open
    Posted Image
    Click OK and this box will open. At the top please use the arrow to select the Desktop.
    Posted Image
    Then click Open

    The fix will now be in the Custom Scans/Fixes box so you can click Run Fix one more time. This should run it.

  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 2.

Re-run OTL on your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window. OTL.Txt


Step 3.

Please post:

OTL fix log
OTL.txt


What issues do you still have with your computer now?
  • 0

#8
green and black

green and black

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi ,

Thanks for your support.
For the moment my computer is very slow (the reason can be that I have only 1 GB, the computer is 5 years old I presume). I also don't know if I can trust my computer completely (can i do homebanking again, or do payments with visa .... ?).
I find it also very annoying that on the right sight of the screen, I receive information of google, and I get different photo's (wich change all the time, foto's i took myself, not photo's i haven't seen yet. Thanks for your reply and thanks for everything !

I succeeded in doing what you asked for so here are the reports .


========= OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll moved successfully.
Folder C:\Users\lucas\AppData\Roaming\mozilla\Firefox\Profiles\m1jku03x.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\ not found.
Folder C:\Users\lucas\AppData\Roaming\mozilla\Firefox\Profiles\m1jku03x.default\extensions\[email protected]\ not found.
File C:\Users\lucas\AppData\Roaming\Mozilla\Firefox\Profiles\m1jku03x.default\searchplugins\askcom.xml not found.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files\Java\jre6\bin\ssv.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {EDFCB7CB-942C-4822-AF14-F0B687409848}
C:\Windows\Downloaded Program Files\ImageUploader4.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EDFCB7CB-942C-4822-AF14-F0B687409848}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDFCB7CB-942C-4822-AF14-F0B687409848}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{EDFCB7CB-942C-4822-AF14-F0B687409848}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDFCB7CB-942C-4822-AF14-F0B687409848}\ not found.
C:\Users\lucas\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Users\lucas\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\lucas\AppData\Local\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
C:\Users\lucas\AppData\Roaming\Babylon folder moved successfully.
C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix folder moved successfully.
C:\ProgramData\Sun\Java\Java Update folder moved successfully.
C:\ProgramData\Sun\Java folder moved successfully.
C:\ProgramData\Sun folder moved successfully.
C:\Program Files\Common Files\Java\Java Update folder moved successfully.
C:\Program Files\Common Files\Java folder moved successfully.
C:\ProgramData\xyVnk1DM374bcg moved successfully.
C:\Windows\System32\PAV_FOG.OPC moved successfully.
C:\ProgramData\~xyVnk1DM374bcg moved successfully.
C:\ProgramData\~xyVnk1DM374bcgr moved successfully.
C:\Users\lucas\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk moved successfully.
C:\ProgramData\XbjbnAJdxZhEWK moved successfully.
C:\ProgramData\~XbjbnAJdxZhEWK moved successfully.
C:\ProgramData\~XbjbnAJdxZhEWKr moved successfully.
C:\Users\lucas\Desktop\System Fix.lnk moved successfully.
File C:\ProgramData\xyVnk1DM374bcg not found.
File C:\ProgramData\XbjbnAJdxZhEWK not found.
Folder C:\Users\lucas\AppData\Roaming\Babylon\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP-configuratie
De DNS-omzettingscache is leeggemaakt.
c:\Users\lucas\Downloads\cmd.bat deleted successfully.
c:\Users\lucas\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 bestand(en) gekopieerd
c:\Users\lucas\Downloads\cmd.bat deleted successfully.
c:\Users\lucas\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 bestand(en) gekopieerd
c:\Users\lucas\Downloads\cmd.bat deleted successfully.
c:\Users\lucas\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 bestand(en) gekopieerd
c:\Users\lucas\Downloads\cmd.bat deleted successfully.
c:\Users\lucas\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 bestand(en) gekopieerd
c:\Users\lucas\Downloads\cmd.bat deleted successfully.
c:\Users\lucas\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: esther
->Flash cache emptied: 28729 bytes

User: florien
->Flash cache emptied: 35730 bytes

User: lucas
->Flash cache emptied: 1012 bytes

User: Public

User: sabine
->Flash cache emptied: 4845 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: esther
->Java cache emptied: 55405232 bytes

User: florien
->Java cache emptied: 53692579 bytes

User: lucas
->Java cache emptied: 31999236 bytes

User: Public

User: sabine
->Java cache emptied: 10678091 bytes

Total Java Files Cleaned = 145,00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 01262012_202801



OTL logfile created on: 26/01/2012 20:50:21 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = c:\Users\lucas\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000813 | Country: BelgiŽ | Language: NLB | Date Format: d/MM/yyyy

894,70 Mb Total Physical Memory | 186,96 Mb Available Physical Memory | 20,90% Memory free
2,00 Gb Paging File | 0,61 Gb Available in Paging File | 30,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 305,44 Gb Total Space | 238,14 Gb Free Space | 77,97% Space Free | Partition Type: NTFS
Drive D: | 29,89 Gb Total Space | 23,17 Gb Free Space | 77,49% Space Free | Partition Type: FAT32

Computer Name: PCTHUIS | User Name: lucas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/07 19:02:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- c:\Users\lucas\Downloads\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/11/14 20:37:44 | 000,247,968 | -H-- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/09/02 01:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/09/02 01:15:40 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2011/04/14 15:07:56 | 000,156,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\TPSrv.exe
PRC - [2011/04/13 16:06:56 | 001,000,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\ApVxdWin.exe
PRC - [2010/10/20 14:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\PavFnSvr.exe
PRC - [2010/08/16 13:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\psksvc.exe
PRC - [2010/06/04 09:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\pavsrvx86.exe
PRC - [2010/05/28 12:42:32 | 000,225,600 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\AVENGINE.EXE
PRC - [2010/04/22 17:29:12 | 000,107,776 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\WebProxy.exe
PRC - [2010/02/23 11:09:34 | 000,111,872 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\PavBckPT.exe
PRC - [2009/11/26 16:03:56 | 000,226,560 | ---- | M] (Panda Security International) -- c:\Program Files\Panda Security\Panda Internet Security 2012\FIREWALL\PSHost.exe
PRC - [2009/08/10 13:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\PsCtrlS.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/06/27 12:23:00 | 000,091,392 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\SrvLoad.exe
PRC - [2008/06/19 11:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\PsImSvc.exe
PRC - [2008/02/04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe
PRC - [2008/01/19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/07/06 10:06:52 | 004,669,440 | -H-- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/12 10:22:00 | 000,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2006/10/11 11:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2001/11/12 12:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/15 19:50:07 | 000,998,400 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011/10/15 19:47:50 | 000,771,584 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/15 19:47:47 | 011,804,672 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/10/15 19:47:05 | 000,971,264 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/15 17:58:12 | 005,450,752 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/15 17:50:45 | 012,430,848 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/15 17:50:22 | 001,587,200 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/15 17:48:48 | 007,950,848 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/15 17:48:40 | 011,490,816 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/10/09 12:14:22 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/03/31 19:04:19 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_nl_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009/03/31 19:04:18 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007/08/15 15:30:38 | 000,233,472 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2736.38325__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2007/08/15 15:30:36 | 000,073,728 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2736.38339__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2007/08/15 15:30:35 | 000,438,272 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2736.38346__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2007/08/15 15:30:35 | 000,208,896 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2736.38389__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2007/08/15 15:30:34 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2700.34701__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2007/08/15 15:30:34 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2700.34689__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2007/08/15 15:30:34 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2700.34706__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2007/08/15 15:30:34 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2700.34739__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,065,536 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2700.34728__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,053,248 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2700.34714__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,053,248 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2700.34722__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,049,152 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2700.34674__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,049,152 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2700.34697__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,049,152 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2700.34727__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,045,056 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2007/08/15 15:30:33 | 000,045,056 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2705.19134__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,040,960 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2700.34759__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,040,960 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2700.34721__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,040,960 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2700.34726__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,032,768 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2700.34671__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,028,672 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2700.34808__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2007/08/15 15:30:33 | 000,028,672 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2700.34716__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,028,672 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2700.34721__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2700.34680__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.2700.34739__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2700.34758__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Shared\2.0.2700.34723__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2700.34724__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2700.34672__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2700.34751__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2700.34705__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2700.34694__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2700.34686__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2700.34717__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Shared\2.0.2700.34753__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2700.34704__90ba9c70f846762e\APM.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2700.34703__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2700.34718__90ba9c70f846762e\DEM.OS.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2700.34754__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2700.34702__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2700.34729__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2700.34697__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2007/08/15 15:30:32 | 000,086,016 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2736.38600_nl_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2007/08/15 15:30:32 | 000,036,864 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2736.38653__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2007/08/15 15:30:32 | 000,006,656 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2736.38316__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2007/08/15 15:30:31 | 001,503,232 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2736.38333__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2007/08/15 15:30:31 | 000,471,040 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2736.38354__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2007/08/15 15:30:31 | 000,446,464 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2736.38600__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2007/08/15 15:30:31 | 000,102,400 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2736.38608__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2007/08/15 15:30:31 | 000,069,632 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2736.38317__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2007/08/15 15:30:31 | 000,061,440 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2736.38607__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2007/08/15 15:30:31 | 000,040,960 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2700.34690__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2007/08/15 15:30:31 | 000,040,960 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2700.34706__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2007/08/15 15:30:31 | 000,040,960 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2700.34698__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2007/08/15 15:30:31 | 000,032,768 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2700.34681__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2007/08/15 15:30:31 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2700.34752__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2007/08/15 15:30:31 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2700.34708__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2007/08/15 15:30:31 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2700.34711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2007/08/15 15:30:30 | 000,065,536 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2736.38318__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2007/08/15 15:30:30 | 000,045,056 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2736.38317__90ba9c70f846762e\APM.Server.dll
MOD - [2007/08/15 15:30:30 | 000,045,056 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2736.38316__90ba9c70f846762e\AEM.Server.dll
MOD - [2007/08/15 15:30:30 | 000,032,768 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2736.38608__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2007/08/15 15:30:30 | 000,032,768 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2007/06/27 02:51:00 | 000,159,744 | -H-- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007/02/14 12:55:12 | 000,165,424 | ---- | M] () -- C:\Program Files\Panda Security\Panda Internet Security 2012\MiniCrypto.dll
MOD - [2004/05/19 10:33:12 | 000,507,904 | ---- | M] () -- C:\Program Files\Panda Security\Panda Internet Security 2012\LIBXML2.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SymAppCore)
SRV - File not found [Auto | Stopped] -- -- (Planner voor Automatische LiveUpdate)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/14 15:07:56 | 000,156,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\TPSrv.exe -- (TPSrv)
SRV - [2010/10/20 14:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2010/08/16 13:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PskSvc.exe -- (PskSvcRetail)
SRV - [2010/06/04 09:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\pavsrvx86.exe -- (PAVSRV)
SRV - [2009/11/26 16:03:56 | 000,226,560 | ---- | M] (Panda Security International) [Auto | Running] -- c:\program files\panda security\panda internet security 2012\firewall\PSHOST.EXE -- (PSHost)
SRV - [2009/08/24 12:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/08/10 13:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PsCtrls.exe -- (Panda Software Controller)
SRV - [2008/06/19 11:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PsImSvc.exe -- (PSIMSVC)
SRV - [2008/02/04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/12 10:22:00 | 000,517,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe -- (LiveUpdate Notice Service)
SRV - [2001/11/12 12:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (PavTPK.sys)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/07 21:37:24 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\COMFiltr.sys -- (ComFiltr)
DRV - [2011/02/21 13:38:32 | 000,037,448 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ShlDrv51.sys -- (ShldDrv)
DRV - [2011/01/31 15:41:28 | 000,083,528 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\APPFLT.SYS -- (APPFLT)
DRV - [2010/09/09 15:23:00 | 000,193,864 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\idsflt.sys -- (IDSFLT)
DRV - [2010/09/01 10:09:14 | 000,201,032 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\neti1644.sys -- (NETIMFLT01060044)
DRV - [2010/06/22 17:13:00 | 000,026,696 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\pavboot.sys -- (pavboot)
DRV - [2010/05/21 12:50:40 | 000,054,344 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\amm8660.sys -- (AmFSM)
DRV - [2010/05/06 16:11:58 | 000,163,848 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PavProc.sys -- (PavProc)
DRV - [2009/09/25 13:54:08 | 000,046,856 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\wnmflt.sys -- (WNMFLT)
DRV - [2009/09/25 13:54:06 | 000,159,112 | ---- | M] (Panda Security, S.L.) [TDI Layer] [Kernel | System | Running] -- C:\Windows\System32\drivers\NETFLTDI.SYS -- (NETFLTDI)
DRV - [2009/09/25 13:54:04 | 000,022,024 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\fnetmon.sys -- (FNETMON)
DRV - [2009/09/25 13:54:02 | 000,053,256 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\dsaflt.sys -- (DSAFLT)
DRV - [2007/07/23 14:07:52 | 001,223,008 | -H-- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007/06/27 03:00:42 | 002,770,432 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/06/27 03:00:42 | 002,770,432 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/06/25 12:37:24 | 000,084,480 | -H-- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/05/14 09:10:02 | 000,135,400 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2006/11/17 09:31:04 | 000,013,976 | -H-- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006/10/30 16:23:12 | 000,007,680 | -H-- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2005/10/18 01:50:06 | 000,245,376 | -H-- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rt2500usb.sys -- (RT2500USB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2528648001-3019182305-1618475911-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKU\S-1-5-21-2528648001-3019182305-1618475911-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nieuwsblad.be/
IE - HKU\S-1-5-21-2528648001-3019182305-1618475911-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Users\florien\AppData\Roaming\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)


[2012/01/26 20:28:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/16 22:14:50 | 000,002,067 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml

O1 HOSTS File: ([2012/01/26 20:29:20 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-2528648001-3019182305-1618475911-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Internet Security 2012\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" File not found
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk = File not found
O4 - Startup: C:\Users\florien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk = File not found
O4 - Startup: C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk = File not found
O8 - Extra context menu item: &Verzenden naar OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2528648001-3019182305-1618475911-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2528648001-3019182305-1618475911-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.131.5 195.130.130.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CE621A6-AD07-46A5-9937-A50BAA9CCD32}: DhcpNameServer = 195.130.131.5 195.130.130.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4719DAC7-5553-4158-A4E8-49B357D04C07}: DhcpNameServer = 195.130.130.5 195.130.131.5
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avldr: DllName - (avldr.dll) - avldr.dll (On-Access Anti-Malware Scanner Sync)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/26 18:33:18 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{4C816735-F175-4D3F-B641-D0B098C5810D}
[2012/01/26 18:32:42 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{87B82590-44D4-4C4E-B1F0-217B0F9564DE}
[2012/01/23 18:52:19 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{265CA8BE-EA8B-418A-923B-CCC9FA2F5AE8}
[2012/01/23 18:52:06 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{0563A40A-32D8-4FF7-9BD2-21AB1FA3C070}
[2012/01/19 20:34:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/19 20:04:11 | 000,000,000 | ---D | C] -- C:\Users\lucas\Desktop\RK_Quarantine
[2012/01/19 19:48:41 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{E175A91A-1914-47A3-BD4E-A826A6DC2465}
[2012/01/19 19:48:28 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{1386CF7D-AB4A-40EF-95E9-3EB7CAA0F499}
[2012/01/17 20:10:45 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{FE84CAC8-637C-4F77-BA37-6A01BA9B111B}
[2012/01/17 20:10:38 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{029936A4-39A1-4B83-9FAF-9CBA3F981190}
[2012/01/15 10:34:24 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{D7531E2B-F7BF-49B7-8CC8-84F8438ED35F}
[2012/01/15 10:34:04 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{8672F35C-2C4E-4B29-AA00-46E473546CD6}
[2012/01/14 18:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/01/14 15:25:47 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Roaming\Systweak
[2012/01/14 15:25:45 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2012/01/14 15:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
[2012/01/14 15:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\DealPly
[2012/01/14 15:23:26 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab PDF Creator
[2012/01/14 15:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\FoxTabPDFConverter
[2012/01/14 15:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/01/14 14:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/14 14:33:55 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/14 11:57:38 | 000,939,368 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\flash.ocx
[2012/01/14 11:57:09 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\PackageAware
[2012/01/14 10:22:12 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{D8AC7B71-1904-4244-A1F6-125EC26AE539}
[2012/01/14 10:21:49 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{7B80337A-06D8-44EA-874C-A267EC38235A}
[2012/01/09 21:29:50 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{99216981-3F49-4EA5-B8F2-6E572689B22A}
[2012/01/09 21:28:53 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{1772A14D-8070-457D-BE49-DC887B3006C8}
[2012/01/08 15:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/01/08 15:33:14 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Roaming\TestApp
[2012/01/08 15:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2012/01/08 15:16:26 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012/01/08 14:38:34 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{2E7D85CC-8E9B-424B-A067-921C920D0BCB}
[2012/01/08 14:38:02 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{AEE4F370-A519-4300-9D77-A3AB4416E226}
[2012/01/08 13:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2012/01/08 13:08:54 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{A01D0847-5B1D-4A97-809B-0B34F0E40F04}
[2012/01/07 11:07:21 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{B61184D8-A594-4B26-858E-D45FF1195C0D}
[2012/01/07 11:02:35 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{26ACF9BC-EEA2-49C3-BA3D-B2DC31816637}
[2012/01/07 06:54:06 | 000,000,000 | ---D | C] -- C:\NBRT
[2012/01/07 00:17:37 | 000,000,000 | ---D | C] -- C:\Program Files\Anti-Hijacker
[2012/01/07 00:17:34 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\blekkotb
[2012/01/07 00:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\blekkotb
[2012/01/06 21:41:30 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\CrashDumps
[2012/01/06 19:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2012/01/06 19:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/01/06 19:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/01/06 19:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/01/06 18:56:25 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{CA5D2AE9-0AE7-471C-9924-1811B2AE103B}
[2012/01/06 18:56:21 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{75750C5B-17A3-4805-AB86-E48EB8270F0E}
[2012/01/04 19:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware(87)
[2012/01/04 19:12:55 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\AMD
[2012/01/04 12:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
[2012/01/04 12:04:36 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{76208897-001C-4D7C-920D-BD6636BE50D3}
[2012/01/04 12:04:21 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{C6D2A597-5D31-448A-8264-4DE002100C4B}
[2012/01/03 19:52:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012/01/03 16:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/01/03 16:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/01/03 16:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/01/03 16:16:21 | 000,000,000 | ---D | C] -- C:\ATI
[2012/01/03 16:05:51 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Roaming\UpdateStar Drivers
[2012/01/03 10:57:10 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{881E9B3A-284E-4595-A758-74E06C363FEA}
[2012/01/03 10:47:31 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{EFCDB3E5-383B-4D5A-8B8C-109D32787E38}
[2012/01/02 15:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/02 08:35:39 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{7F8AA3F9-569F-4E90-9AC3-A3C2681E2DE0}
[2012/01/02 08:35:32 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{417BFCC2-4016-4CFE-9C73-0B2102A78BBD}
[2012/01/01 12:29:48 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Roaming\Malwarebytes
[2012/01/01 12:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/01 12:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/01 12:24:03 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{0F0F0D63-AC5F-4C03-AF14-7E0FA4CD6741}
[2012/01/01 12:23:47 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{01B32FDB-4867-460A-BF6B-2A8808A68EEB}
[2011/12/29 14:22:37 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{F9D1B573-5EBC-41EC-9DC1-615EA22A6397}
[2011/12/29 14:22:32 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{8DE3C406-A7B8-4B5B-BC2F-F19BDA806290}
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/26 20:40:53 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG.bck
[2012/01/26 20:40:53 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG
[2012/01/26 20:40:53 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg.bck
[2012/01/26 20:40:53 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg
[2012/01/26 20:40:53 | 000,000,116 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt.bck
[2012/01/26 20:40:53 | 000,000,116 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt
[2012/01/26 20:40:53 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg.bck
[2012/01/26 20:40:53 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg
[2012/01/26 20:40:53 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg.bck
[2012/01/26 20:40:53 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg
[2012/01/26 20:40:53 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg.bck
[2012/01/26 20:40:53 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg
[2012/01/26 20:40:44 | 000,303,044 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls.bck
[2012/01/26 20:40:44 | 000,303,044 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls
[2012/01/26 20:38:19 | 000,291,384 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck
[2012/01/26 20:38:19 | 000,291,384 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT
[2012/01/26 20:35:02 | 000,000,152 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg
[2012/01/26 20:35:02 | 000,000,076 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt.bck
[2012/01/26 20:35:02 | 000,000,076 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt
[2012/01/26 20:34:03 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/26 20:34:03 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/26 20:33:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/26 20:33:52 | 938,926,080 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/26 20:33:05 | 000,000,152 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg.bck
[2012/01/26 20:29:20 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/01/19 20:59:21 | 000,000,512 | ---- | M] () -- C:\Users\lucas\Desktop\MBR.dat
[2012/01/19 20:56:52 | 000,001,105 | ---- | M] () -- C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk
[2012/01/14 17:55:33 | 000,000,947 | ---- | M] () -- C:\Users\lucas\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/14 16:54:49 | 000,426,208 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/14 15:37:38 | 000,357,766 | ---- | M] () -- C:\Users\lucas\Desktop\HostsXpert.zip
[2012/01/14 15:23:30 | 000,001,491 | ---- | M] () -- C:\user.js
[2012/01/14 15:00:07 | 001,402,880 | ---- | M] () -- C:\Users\lucas\Desktop\HijackThis.msi
[2012/01/14 14:40:17 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/08 16:25:42 | 000,001,347 | ---- | M] () -- C:\Users\lucas\Desktop\sdsetup.exe.lnk
[2012/01/08 13:24:51 | 000,001,356 | ---- | M] () -- C:\Users\lucas\AppData\Local\d3d9caps.dat
[2012/01/08 13:06:55 | 000,000,360 | ---- | M] () -- C:\Windows\System32\drivers\etc\wnmuth.wlt.bck
[2012/01/08 13:06:55 | 000,000,360 | ---- | M] () -- C:\Windows\System32\drivers\etc\wnmuth.wlt
[2012/01/07 11:17:33 | 000,000,940 | ---- | M] () -- C:\Users\lucas\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/19 20:59:21 | 000,000,512 | ---- | C] () -- C:\Users\lucas\Desktop\MBR.dat
[2012/01/19 20:56:52 | 000,001,105 | ---- | C] () -- C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk
[2012/01/14 17:55:33 | 000,000,947 | ---- | C] () -- C:\Users\lucas\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/14 15:37:39 | 000,357,766 | ---- | C] () -- C:\Users\lucas\Desktop\HostsXpert.zip
[2012/01/14 15:23:26 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2012/01/14 15:23:22 | 000,001,491 | ---- | C] () -- C:\user.js
[2012/01/14 15:00:34 | 001,402,880 | ---- | C] () -- C:\Users\lucas\Desktop\HijackThis.msi
[2012/01/14 14:34:11 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/08 15:33:18 | 000,001,347 | ---- | C] () -- C:\Users\lucas\Desktop\sdsetup.exe.lnk
[2012/01/08 13:26:45 | 938,926,080 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/07 11:17:33 | 000,000,940 | ---- | C] () -- C:\Users\lucas\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/01/03 10:58:57 | 000,001,356 | ---- | C] () -- C:\Users\lucas\AppData\Local\d3d9caps.dat
[2011/06/07 21:37:24 | 000,013,880 | ---- | C] () -- C:\Windows\System32\drivers\COMFiltr.sys
[2011/06/07 21:36:49 | 000,000,262 | -H-- | C] () -- C:\Windows\System32\PavCPL.dat
[2011/06/07 21:36:38 | 000,291,384 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck
[2011/06/07 21:36:38 | 000,291,384 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT
[2011/02/07 21:03:54 | 000,000,106 | ---- | C] () -- C:\Users\lucas\AppData\Roaming\wklnhst.dat
[2009/09/19 19:44:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/19 19:43:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | -H-- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | -H-- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/14 12:24:44 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2009/06/14 12:01:14 | 000,000,000 | ---- | C] () -- C:\ProgramData\Sounds
[2009/06/13 16:18:07 | 000,000,000 | ---- | C] () -- C:\Users\lucas\AppData\Roaming\Standard
[2009/06/13 16:18:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/06/09 20:54:48 | 000,055,296 | -H-- | C] () -- C:\Users\lucas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/17 16:00:56 | 000,000,069 | -H-- | C] () -- C:\Windows\NeroDigital.ini
[2008/12/22 18:06:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/03/23 16:25:57 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLec.DAT
[2008/02/24 14:16:29 | 000,000,392 | -H-- | C] () -- C:\Windows\ODBC.INI
[2008/01/13 15:28:43 | 000,000,268 | R--- | C] () -- C:\ProgramData\StartupItems
[2008/01/13 15:28:43 | 000,000,268 | R--- | C] () -- C:\Users\lucas\AppData\Roaming\Speech Enhancer
[2008/01/13 15:28:43 | 000,000,012 | R--- | C] () -- C:\ProgramData\String Comparison
[2008/01/13 15:28:42 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLds.DAT
[2008/01/03 21:05:56 | 000,015,377 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007/10/07 19:37:07 | 000,000,416 | -H-- | C] () -- C:\Windows\MAXLINK.INI
[2007/08/13 13:57:52 | 000,127,184 | -H-- | C] () -- C:\Windows\Unwise.exe
[2007/08/10 13:20:57 | 003,107,788 | -H-- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/08/10 13:20:57 | 000,159,744 | -H-- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/08/10 13:20:56 | 000,144,773 | -H-- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/08/10 12:11:57 | 000,009,824 | -H-- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2006/11/02 17:11:51 | 000,679,906 | -H-- | C] () -- C:\Windows\System32\perfh013.dat
[2006/11/02 17:11:51 | 000,336,440 | -H-- | C] () -- C:\Windows\System32\perfi013.dat
[2006/11/02 17:11:51 | 000,131,026 | -H-- | C] () -- C:\Windows\System32\perfc013.dat
[2006/11/02 17:11:51 | 000,041,976 | -H-- | C] () -- C:\Windows\System32\perfd013.dat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,426,208 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,598,702 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,104,716 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2007/10/11 20:43:27 | 000,000,000 | ---D | M] -- C:\Users\esther\AppData\Roaming\BullGuard
[2010/11/29 19:51:48 | 000,000,000 | ---D | M] -- C:\Users\esther\AppData\Roaming\Canon
[2008/07/24 19:04:56 | 000,000,000 | ---D | M] -- C:\Users\esther\AppData\Roaming\Nikon
[2010/11/15 17:01:16 | 000,000,000 | ---D | M] -- C:\Users\esther\AppData\Roaming\Template
[2009/09/28 16:03:44 | 000,000,000 | ---D | M] -- C:\Users\esther\AppData\Roaming\Ulead Systems
[2007/10/14 17:03:34 | 000,000,000 | ---D | M] -- C:\Users\florien\AppData\Roaming\BullGuard
[2011/04/08 15:14:50 | 000,000,000 | ---D | M] -- C:\Users\florien\AppData\Roaming\Canon
[2008/07/24 19:59:24 | 000,000,000 | ---D | M] -- C:\Users\florien\AppData\Roaming\Nikon
[2008/01/26 12:57:49 | 000,000,000 | ---D | M] -- C:\Users\florien\AppData\Roaming\ScanSoft
[2012/01/23 07:50:52 | 000,000,000 | ---D | M] -- C:\Users\florien\AppData\Roaming\Spotify
[2011/02/08 21:32:18 | 000,000,000 | ---D | M] -- C:\Users\florien\AppData\Roaming\Template
[2011/06/30 19:57:49 | 000,000,000 | ---D | M] -- C:\Users\florien\AppData\Roaming\Windows Live Writer
[2009/10/04 14:52:49 | 000,000,000 | ---D | M] -- C:\Users\florien\AppData\Roaming\Zylom
[2007/10/10 06:53:59 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\BullGuard
[2010/07/27 20:16:25 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\Canon
[2012/01/26 20:37:26 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\Dropbox
[2009/06/13 16:22:19 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\Nikon
[2011/06/07 21:30:26 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\Panda Security
[2007/10/07 19:36:59 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\ScanSoft
[2012/01/14 18:00:18 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\Systweak
[2011/02/07 21:04:01 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\Template
[2012/01/08 15:33:14 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\TestApp
[2008/03/23 17:32:35 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\Ulead Systems
[2012/01/03 20:30:10 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\UpdateStar Drivers
[2011/06/07 11:30:55 | 000,000,000 | ---D | M] -- C:\Users\sabine\AppData\Roaming\Nikon
[2012/01/26 20:32:50 | 000,032,586 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/15 17:01:34 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/15 17:01:33 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 10:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = NETBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2009/04/11 05:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation)
"Description" = This service implements NetBios over TCP/IP.
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{2CE621A6-AD07-46A5-9937-A50BAA9CCD32}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{4719DAC7-5553-4158-A4E8-49B357D04C07}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{7E2F66D5-1A92-4F23-9B25-A6A1E98C5118}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/01/19 06:55:45 | 000,035,840 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 08 01 00 01 02 01 07 01 06 01 09 01 04 01 05 01 01 01 03 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 9
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2006/11/02 10:46:14 | 000,011,264 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

#9
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
I know you are eager to get back to home banking with this machine but please hold off until we are assured it is clean. ;)

I will post the next steps tomorrow.

Edited by CompCav, 26 January 2012 - 08:55 PM.

  • 0

#10
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
I know you are eager to get back to home banking with this machine but please hold off until we are assured it is clean. ;)


Step 1.

We need to run an OTL Fix

Please download the attached file named fix.txt to your desktop (where you can see it on your computer screen)
Attached File  fix.txt   5.35KB   47 downloads


  • Please reopen Posted Image on your desktop.
  • Click on the Run Fix button just below the Run Scan button.

    A dialogue box will open
    Posted Image
    Click OK and this box will open. At the top please use the arrow to select the Desktop.
    Posted Image
    Then click Open

    The fix will now be in the Custom Scans/Fixes box so you can click Run Fix one more time. This should run it.

  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 2.


Posted ImagePlease download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application. Or if you have it installed, open it and click the update tab and then click Check for Updates if it downloads a new version please install it and download the updated definition files before running it.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 3.

Re-run OTL on your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 4.

Please Post:


OTL fix log
mbam log
OTL.txt



How is your computer doing?
  • 0

#11
green and black

green and black

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hallo,

Thanks for your reply. I succeeded in doing what you asked for. :thumbsup:
By the way : the fact that I received google in another way is caused by one of my daughters who downloaded google chrome . So no problem here. I thought it was caused by malware :blush:
I hope everything is alright now, and that i can use my computer now safely.

Here are the logs :

otl.fix.log

ll processes killed
========== OTL ==========
File C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ not found.
File C:\Program Files\DealPly\DealPlyIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-2528648001-3019182305-1618475911-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched not found.
File move failed. C:\Users\esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk scheduled to be moved on reboot.
File move failed. C:\Users\florien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk scheduled to be moved on reboot.
File move failed. C:\Users\sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk scheduled to be moved on reboot.
Registry key HKEY_USERS\S-1-5-21-2528648001-3019182305-1618475911-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ not found.
Registry value HKEY_USERS\S-1-5-21-2528648001-3019182305-1618475911-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http not found.
Folder C:\Users\lucas\AppData\Local\{4C816735-F175-4D3F-B641-D0B098C5810D}\ not found.
Folder C:\Users\lucas\AppData\Local\{87B82590-44D4-4C4E-B1F0-217B0F9564DE}\ not found.
Folder C:\Users\lucas\AppData\Local\{265CA8BE-EA8B-418A-923B-CCC9FA2F5AE8}\ not found.
Folder C:\Users\lucas\AppData\Local\{0563A40A-32D8-4FF7-9BD2-21AB1FA3C070}\ not found.
Folder C:\Users\lucas\AppData\Local\{E175A91A-1914-47A3-BD4E-A826A6DC2465}\ not found.
Folder C:\Users\lucas\AppData\Local\{1386CF7D-AB4A-40EF-95E9-3EB7CAA0F499}\ not found.
Folder C:\Users\lucas\AppData\Local\{FE84CAC8-637C-4F77-BA37-6A01BA9B111B}\ not found.
Folder C:\Users\lucas\AppData\Local\{029936A4-39A1-4B83-9FAF-9CBA3F981190}\ not found.
Folder C:\Users\lucas\AppData\Local\{D7531E2B-F7BF-49B7-8CC8-84F8438ED35F}\ not found.
Folder C:\Users\lucas\AppData\Local\{8672F35C-2C4E-4B29-AA00-46E473546CD6}\ not found.
Folder C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\ not found.
Folder C:\Program Files\DealPly\ not found.
Folder C:\Users\lucas\AppData\Local\{D8AC7B71-1904-4244-A1F6-125EC26AE539}\ not found.
Folder C:\Users\lucas\AppData\Local\{7B80337A-06D8-44EA-874C-A267EC38235A}\ not found.
Folder C:\Users\lucas\AppData\Local\{99216981-3F49-4EA5-B8F2-6E572689B22A}\ not found.
Folder C:\Users\lucas\AppData\Local\{1772A14D-8070-457D-BE49-DC887B3006C8}\ not found.
Folder C:\Users\lucas\AppData\Local\{2E7D85CC-8E9B-424B-A067-921C920D0BCB}\ not found.
Folder C:\Users\lucas\AppData\Local\{AEE4F370-A519-4300-9D77-A3AB4416E226}\ not found.
Folder C:\Users\lucas\AppData\Local\{A01D0847-5B1D-4A97-809B-0B34F0E40F04}\ not found.
Folder C:\Users\lucas\AppData\Local\{B61184D8-A594-4B26-858E-D45FF1195C0D}\ not found.
Folder C:\Users\lucas\AppData\Local\{26ACF9BC-EEA2-49C3-BA3D-B2DC31816637}\ not found.
Folder C:\Users\lucas\AppData\Local\blekkotb\ not found.
Folder C:\Program Files\blekkotb\ not found.
Folder C:\Users\lucas\AppData\Local\{CA5D2AE9-0AE7-471C-9924-1811B2AE103B}\ not found.
Folder C:\Users\lucas\AppData\Local\{75750C5B-17A3-4805-AB86-E48EB8270F0E}\ not found.
Folder C:\Users\lucas\AppData\Local\{76208897-001C-4D7C-920D-BD6636BE50D3}\ not found.
Folder C:\Users\lucas\AppData\Local\{C6D2A597-5D31-448A-8264-4DE002100C4B}\ not found.
Folder C:\Users\lucas\AppData\Local\{881E9B3A-284E-4595-A758-74E06C363FEA}\ not found.
Folder C:\Users\lucas\AppData\Local\{EFCDB3E5-383B-4D5A-8B8C-109D32787E38}\ not found.
Folder C:\Users\lucas\AppData\Local\{7F8AA3F9-569F-4E90-9AC3-A3C2681E2DE0}\ not found.
Folder C:\Users\lucas\AppData\Local\{417BFCC2-4016-4CFE-9C73-0B2102A78BBD}\ not found.
Folder C:\Users\lucas\AppData\Local\{0F0F0D63-AC5F-4C03-AF14-7E0FA4CD6741}\ not found.
Folder C:\Users\lucas\AppData\Local\{01B32FDB-4867-460A-BF6B-2A8808A68EEB}\ not found.
Folder C:\Users\lucas\AppData\Local\{F9D1B573-5EBC-41EC-9DC1-615EA22A6397}\ not found.
Folder C:\Users\lucas\AppData\Local\{8DE3C406-A7B8-4B5B-BC2F-F19BDA806290}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP-configuratie
De DNS-omzettingscache is leeggemaakt.
c:\Users\lucas\Downloads\cmd.bat deleted successfully.
c:\Users\lucas\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: esther
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: florien
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: lucas
->Temp folder emptied: 731672 bytes
->Temporary Internet Files folder emptied: 7622039 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Public

User: sabine
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 584867 bytes
RecycleBin emptied: 5476 bytes

Total Files Cleaned = 9,00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 01292012_175028

Files\Folders moved on Reboot...
File\Folder C:\Users\esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk not found!
File\Folder C:\Users\florien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk not found!
File\Folder C:\Users\sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk not found!
C:\Users\lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X6TPPBEJ\313104-internet-explorer-redirecting-again[1].htm moved successfully.
C:\Users\lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X6TPPBEJ\ads[2].htm moved successfully.
C:\Users\lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WQ8GVD3J\ads[2].htm moved successfully.
C:\Users\lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WQ8GVD3J\fastbutton[1].htm moved successfully.
C:\Users\lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G7C2R137\ads[2].htm moved successfully.
C:\Users\lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

mbam.log

2012/01/29 12:52:34 +0100 PCTHUIS sabine MESSAGE Starting protection
2012/01/29 12:52:43 +0100 PCTHUIS sabine MESSAGE Protection started successfully
2012/01/29 12:52:46 +0100 PCTHUIS sabine MESSAGE Starting IP protection
2012/01/29 12:52:52 +0100 PCTHUIS sabine MESSAGE IP Protection started successfully
2012/01/29 12:52:52 +0100 PCTHUIS sabine MESSAGE Stopping IP protection
2012/01/29 12:52:53 +0100 PCTHUIS sabine MESSAGE IP Protection stopped
2012/01/29 14:48:10 +0100 PCTHUIS lucas MESSAGE Starting protection
2012/01/29 14:48:14 +0100 PCTHUIS lucas MESSAGE Protection started successfully
2012/01/29 14:48:17 +0100 PCTHUIS lucas MESSAGE Starting IP protection
2012/01/29 14:48:21 +0100 PCTHUIS lucas MESSAGE IP Protection started successfully
2012/01/29 14:48:21 +0100 PCTHUIS lucas MESSAGE Stopping IP protection
2012/01/29 14:48:22 +0100 PCTHUIS lucas MESSAGE IP Protection stopped
2012/01/29 14:53:41 +0100 PCTHUIS lucas MESSAGE Starting protection
2012/01/29 14:53:44 +0100 PCTHUIS lucas MESSAGE Protection started successfully
2012/01/29 14:53:47 +0100 PCTHUIS lucas MESSAGE Starting IP protection
2012/01/29 14:53:51 +0100 PCTHUIS lucas MESSAGE IP Protection started successfully
2012/01/29 14:53:51 +0100 PCTHUIS lucas MESSAGE Stopping IP protection
2012/01/29 14:53:52 +0100 PCTHUIS lucas MESSAGE IP Protection stopped
2012/01/29 15:35:03 +0100 PCTHUIS esther MESSAGE Starting protection
2012/01/29 15:35:06 +0100 PCTHUIS esther MESSAGE Protection started successfully
2012/01/29 15:35:09 +0100 PCTHUIS esther MESSAGE Starting IP protection
2012/01/29 15:35:12 +0100 PCTHUIS esther MESSAGE IP Protection started successfully
2012/01/29 15:35:17 +0100 PCTHUIS esther MESSAGE Stopping IP protection
2012/01/29 15:35:19 +0100 PCTHUIS esther MESSAGE IP Protection stopped
2012/01/29 16:30:12 +0100 PCTHUIS lucas MESSAGE Starting protection
2012/01/29 16:30:22 +0100 PCTHUIS lucas MESSAGE Protection started successfully
2012/01/29 16:30:25 +0100 PCTHUIS lucas MESSAGE Starting IP protection
2012/01/29 16:30:29 +0100 PCTHUIS lucas MESSAGE IP Protection started successfully
2012/01/29 16:30:33 +0100 PCTHUIS lucas MESSAGE Stopping IP protection
2012/01/29 16:30:34 +0100 PCTHUIS lucas MESSAGE IP Protection stopped
2012/01/29 16:50:19 +0100 PCTHUIS lucas MESSAGE Starting protection
2012/01/29 16:50:23 +0100 PCTHUIS lucas MESSAGE Protection started successfully
2012/01/29 16:50:26 +0100 PCTHUIS lucas MESSAGE Starting IP protection
2012/01/29 16:50:29 +0100 PCTHUIS lucas MESSAGE IP Protection started successfully
2012/01/29 16:50:29 +0100 PCTHUIS lucas MESSAGE Stopping IP protection
2012/01/29 16:50:30 +0100 PCTHUIS lucas MESSAGE IP Protection stopped
2012/01/29 17:05:27 +0100 PCTHUIS lucas MESSAGE Starting protection
2012/01/29 17:05:34 +0100 PCTHUIS lucas MESSAGE Protection started successfully
2012/01/29 17:05:37 +0100 PCTHUIS lucas MESSAGE Starting IP protection
2012/01/29 17:05:42 +0100 PCTHUIS lucas MESSAGE IP Protection started successfully
2012/01/29 17:05:42 +0100 PCTHUIS lucas MESSAGE Stopping IP protection
2012/01/29 17:05:43 +0100 PCTHUIS lucas MESSAGE IP Protection stopped
2012/01/29 17:17:32 +0100 PCTHUIS lucas MESSAGE Starting protection
2012/01/29 17:17:36 +0100 PCTHUIS lucas MESSAGE Protection started successfully
2012/01/29 17:17:39 +0100 PCTHUIS lucas MESSAGE Starting IP protection
2012/01/29 17:17:42 +0100 PCTHUIS lucas MESSAGE IP Protection started successfully
2012/01/29 17:17:42 +0100 PCTHUIS lucas MESSAGE Stopping IP protection
2012/01/29 17:17:43 +0100 PCTHUIS lucas MESSAGE IP Protection stopped
2012/01/29 17:36:10 +0100 PCTHUIS lucas MESSAGE Starting protection
2012/01/29 17:36:14 +0100 PCTHUIS lucas MESSAGE Protection started successfully
2012/01/29 17:36:17 +0100 PCTHUIS lucas MESSAGE Starting IP protection
2012/01/29 17:36:20 +0100 PCTHUIS lucas MESSAGE IP Protection started successfully
2012/01/29 17:36:20 +0100 PCTHUIS lucas MESSAGE Stopping IP protection
2012/01/29 17:36:21 +0100 PCTHUIS lucas MESSAGE IP Protection stopped
2012/01/29 17:42:47 +0100 PCTHUIS lucas MESSAGE Starting database refresh
2012/01/29 17:42:59 +0100 PCTHUIS lucas MESSAGE Database refreshed successfully
2012/01/29 17:56:12 +0100 PCTHUIS lucas MESSAGE Starting protection
2012/01/29 17:56:16 +0100 PCTHUIS lucas MESSAGE Protection started successfully
2012/01/29 17:56:19 +0100 PCTHUIS lucas MESSAGE Starting IP protection
2012/01/29 17:56:23 +0100 PCTHUIS lucas MESSAGE IP Protection started successfully
2012/01/29 17:56:23 +0100 PCTHUIS lucas MESSAGE Stopping IP protection
2012/01/29 17:56:24 +0100 PCTHUIS lucas MESSAGE IP Protection stopped

OTL logfile created on: 29/01/2012 18:48:17 - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = c:\Users\lucas\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000813 | Country: BelgiŽ | Language: NLB | Date Format: d/MM/yyyy

894,70 Mb Total Physical Memory | 253,07 Mb Available Physical Memory | 28,28% Memory free
2,01 Gb Paging File | 0,70 Gb Available in Paging File | 34,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 305,44 Gb Total Space | 238,76 Gb Free Space | 78,17% Space Free | Partition Type: NTFS
Drive D: | 29,89 Gb Total Space | 23,17 Gb Free Space | 77,49% Space Free | Partition Type: FAT32

Computer Name: PCTHUIS | User Name: lucas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/07 19:02:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- c:\Users\lucas\Downloads\OTL.exe
PRC - [2011/11/14 20:37:44 | 000,247,968 | -H-- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/09/02 01:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/09/02 01:15:40 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2011/04/14 15:07:56 | 000,156,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\TPSrv.exe
PRC - [2011/04/13 16:06:56 | 001,000,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\ApVxdWin.exe
PRC - [2010/10/20 14:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\PavFnSvr.exe
PRC - [2010/08/16 13:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\psksvc.exe
PRC - [2010/06/04 09:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\pavsrvx86.exe
PRC - [2010/05/28 12:42:32 | 000,225,600 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\AVENGINE.EXE
PRC - [2010/04/22 17:29:12 | 000,107,776 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\WebProxy.exe
PRC - [2010/02/23 11:09:34 | 000,111,872 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\PavBckPT.exe
PRC - [2009/11/26 16:03:56 | 000,226,560 | ---- | M] (Panda Security International) -- c:\Program Files\Panda Security\Panda Internet Security 2012\FIREWALL\PSHost.exe
PRC - [2009/08/10 13:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\PsCtrlS.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/06/27 12:23:00 | 000,091,392 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\SrvLoad.exe
PRC - [2008/06/19 11:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\PsImSvc.exe
PRC - [2008/02/04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe
PRC - [2008/01/19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/07/06 10:06:52 | 004,669,440 | -H-- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/12 10:22:00 | 000,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2006/10/11 11:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2001/11/12 12:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/15 19:50:07 | 000,998,400 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011/10/15 19:47:50 | 000,771,584 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/15 19:47:47 | 011,804,672 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/10/15 19:47:05 | 000,971,264 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/15 17:58:12 | 005,450,752 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/15 17:50:45 | 012,430,848 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/15 17:50:22 | 001,587,200 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/15 17:48:48 | 007,950,848 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/15 17:48:40 | 011,490,816 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/10/09 12:14:22 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/03/31 19:04:19 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_nl_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009/03/31 19:04:18 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007/08/15 15:30:38 | 000,233,472 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2736.38325__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2007/08/15 15:30:36 | 000,073,728 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2736.38339__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2007/08/15 15:30:35 | 000,438,272 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2736.38346__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2007/08/15 15:30:35 | 000,208,896 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2736.38389__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2007/08/15 15:30:34 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2700.34701__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2007/08/15 15:30:34 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2700.34689__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2007/08/15 15:30:34 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2700.34706__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2007/08/15 15:30:34 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2700.34739__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,065,536 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2700.34728__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,053,248 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2700.34714__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,053,248 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2700.34722__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,049,152 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2700.34674__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,049,152 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2700.34697__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,049,152 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2700.34727__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,045,056 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2007/08/15 15:30:33 | 000,045,056 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2705.19134__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,040,960 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2700.34759__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,040,960 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2700.34721__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,040,960 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2700.34726__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,032,768 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2700.34671__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,028,672 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2700.34808__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2007/08/15 15:30:33 | 000,028,672 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2700.34716__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,028,672 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2700.34721__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2700.34680__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.2700.34739__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2700.34758__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Shared\2.0.2700.34723__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2700.34724__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2700.34672__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2700.34751__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2700.34705__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2700.34694__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2700.34686__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2700.34717__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Shared\2.0.2700.34753__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2700.34704__90ba9c70f846762e\APM.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2700.34703__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2700.34718__90ba9c70f846762e\DEM.OS.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2700.34754__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2700.34702__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2700.34729__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2700.34697__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2007/08/15 15:30:32 | 000,086,016 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2736.38600_nl_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2007/08/15 15:30:32 | 000,036,864 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2736.38653__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2007/08/15 15:30:32 | 000,006,656 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2736.38316__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2007/08/15 15:30:31 | 001,503,232 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2736.38333__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2007/08/15 15:30:31 | 000,471,040 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2736.38354__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2007/08/15 15:30:31 | 000,446,464 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2736.38600__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2007/08/15 15:30:31 | 000,102,400 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2736.38608__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2007/08/15 15:30:31 | 000,069,632 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2736.38317__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2007/08/15 15:30:31 | 000,061,440 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2736.38607__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2007/08/15 15:30:31 | 000,040,960 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2700.34690__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2007/08/15 15:30:31 | 000,040,960 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2700.34706__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2007/08/15 15:30:31 | 000,040,960 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2700.34698__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2007/08/15 15:30:31 | 000,032,768 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2700.34681__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2007/08/15 15:30:31 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2700.34752__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2007/08/15 15:30:31 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2700.34708__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2007/08/15 15:30:31 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2700.34711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2007/08/15 15:30:30 | 000,065,536 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2736.38318__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2007/08/15 15:30:30 | 000,045,056 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2736.38317__90ba9c70f846762e\APM.Server.dll
MOD - [2007/08/15 15:30:30 | 000,045,056 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2736.38316__90ba9c70f846762e\AEM.Server.dll
MOD - [2007/08/15 15:30:30 | 000,032,768 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2736.38608__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2007/08/15 15:30:30 | 000,032,768 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2007/06/27 02:51:00 | 000,159,744 | -H-- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007/02/14 12:55:12 | 000,165,424 | ---- | M] () -- C:\Program Files\Panda Security\Panda Internet Security 2012\MiniCrypto.dll
MOD - [2004/05/19 10:33:12 | 000,507,904 | ---- | M] () -- C:\Program Files\Panda Security\Panda Internet Security 2012\LIBXML2.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SymAppCore)
SRV - File not found [Auto | Stopped] -- -- (Planner voor Automatische LiveUpdate)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/14 15:07:56 | 000,156,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\TPSrv.exe -- (TPSrv)
SRV - [2010/10/20 14:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2010/08/16 13:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PskSvc.exe -- (PskSvcRetail)
SRV - [2010/06/04 09:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\pavsrvx86.exe -- (PAVSRV)
SRV - [2009/11/26 16:03:56 | 000,226,560 | ---- | M] (Panda Security International) [Auto | Running] -- c:\program files\panda security\panda internet security 2012\firewall\PSHOST.EXE -- (PSHost)
SRV - [2009/08/24 12:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/08/10 13:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PsCtrls.exe -- (Panda Software Controller)
SRV - [2008/06/19 11:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PsImSvc.exe -- (PSIMSVC)
SRV - [2008/02/04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/12 10:22:00 | 000,517,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe -- (LiveUpdate Notice Service)
SRV - [2001/11/12 12:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (PavTPK.sys)
DRV - [2011/06/07 21:37:24 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\COMFiltr.sys -- (ComFiltr)
DRV - [2011/02/21 13:38:32 | 000,037,448 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ShlDrv51.sys -- (ShldDrv)
DRV - [2011/01/31 15:41:28 | 000,083,528 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\APPFLT.SYS -- (APPFLT)
DRV - [2010/09/09 15:23:00 | 000,193,864 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\idsflt.sys -- (IDSFLT)
DRV - [2010/09/01 10:09:14 | 000,201,032 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\neti1644.sys -- (NETIMFLT01060044)
DRV - [2010/06/22 17:13:00 | 000,026,696 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\pavboot.sys -- (pavboot)
DRV - [2010/05/21 12:50:40 | 000,054,344 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\amm8660.sys -- (AmFSM)
DRV - [2010/05/06 16:11:58 | 000,163,848 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PavProc.sys -- (PavProc)
DRV - [2009/09/25 13:54:08 | 000,046,856 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\wnmflt.sys -- (WNMFLT)
DRV - [2009/09/25 13:54:06 | 000,159,112 | ---- | M] (Panda Security, S.L.) [TDI Layer] [Kernel | System | Running] -- C:\Windows\System32\drivers\NETFLTDI.SYS -- (NETFLTDI)
DRV - [2009/09/25 13:54:04 | 000,022,024 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\fnetmon.sys -- (FNETMON)
DRV - [2009/09/25 13:54:02 | 000,053,256 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\dsaflt.sys -- (DSAFLT)
DRV - [2007/07/23 14:07:52 | 001,223,008 | -H-- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007/06/27 03:00:42 | 002,770,432 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/06/27 03:00:42 | 002,770,432 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/06/25 12:37:24 | 000,084,480 | -H-- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/05/14 09:10:02 | 000,135,400 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2006/11/17 09:31:04 | 000,013,976 | -H-- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006/10/30 16:23:12 | 000,007,680 | -H-- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2005/10/18 01:50:06 | 000,245,376 | -H-- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rt2500usb.sys -- (RT2500USB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2528648001-3019182305-1618475911-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKU\S-1-5-21-2528648001-3019182305-1618475911-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nieuwsblad.be/
IE - HKU\S-1-5-21-2528648001-3019182305-1618475911-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Users\florien\AppData\Roaming\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)


[2012/01/26 20:28:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/01/29 17:50:44 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Internet Security 2012\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Verzenden naar OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.5 195.130.131.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CE621A6-AD07-46A5-9937-A50BAA9CCD32}: DhcpNameServer = 195.130.130.5 195.130.131.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4719DAC7-5553-4158-A4E8-49B357D04C07}: DhcpNameServer = 195.130.130.5 195.130.131.5
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avldr: DllName - (avldr.dll) - avldr.dll (On-Access Anti-Malware Scanner Sync)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/29 18:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/29 18:29:10 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/29 18:25:12 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\lucas\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/29 13:30:22 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{8610D0EE-E5DC-4D20-B07C-4C948A039BE1}
[2012/01/29 13:30:12 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{0B260960-FC2E-4237-B4E5-A4796E2F35B8}
[2012/01/19 20:34:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/19 20:04:11 | 000,000,000 | ---D | C] -- C:\Users\lucas\Desktop\RK_Quarantine
[2012/01/14 15:25:47 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Roaming\Systweak
[2012/01/14 15:25:45 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2012/01/14 15:23:26 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab PDF Creator
[2012/01/14 15:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\FoxTabPDFConverter
[2012/01/14 15:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/01/14 11:57:38 | 000,939,368 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\flash.ocx
[2012/01/14 11:57:09 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\PackageAware
[2012/01/08 15:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/01/08 15:33:14 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Roaming\TestApp
[2012/01/08 15:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2012/01/08 15:16:26 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012/01/08 13:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2012/01/07 06:54:06 | 000,000,000 | ---D | C] -- C:\NBRT
[2012/01/07 00:17:37 | 000,000,000 | ---D | C] -- C:\Program Files\Anti-Hijacker
[2012/01/06 21:41:30 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\CrashDumps
[2012/01/06 19:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2012/01/06 19:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/01/06 19:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/01/06 19:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/01/04 19:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware(87)
[2012/01/04 19:12:55 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\AMD
[2012/01/04 12:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
[2012/01/03 19:52:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012/01/03 16:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/01/03 16:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/01/03 16:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/01/03 16:16:21 | 000,000,000 | ---D | C] -- C:\ATI
[2012/01/03 16:05:51 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Roaming\UpdateStar Drivers
[2012/01/02 15:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/01 12:29:48 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Roaming\Malwarebytes
[2012/01/01 12:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/01 12:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2012/01/29 18:30:48 | 000,287,040 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck
[2012/01/29 18:30:48 | 000,287,040 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT
[2012/01/29 18:29:12 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/29 18:27:41 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG.bck
[2012/01/29 18:27:41 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG
[2012/01/29 18:27:41 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg.bck
[2012/01/29 18:27:41 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg
[2012/01/29 18:27:41 | 000,000,128 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt.bck
[2012/01/29 18:27:41 | 000,000,128 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt
[2012/01/29 18:27:41 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg.bck
[2012/01/29 18:27:41 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg
[2012/01/29 18:27:41 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg.bck
[2012/01/29 18:27:41 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg
[2012/01/29 18:27:41 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg.bck
[2012/01/29 18:27:41 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg
[2012/01/29 18:27:31 | 000,303,044 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls.bck
[2012/01/29 18:27:31 | 000,303,044 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls
[2012/01/29 18:25:27 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\lucas\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/29 18:07:45 | 000,000,152 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg.bck
[2012/01/29 18:07:45 | 000,000,152 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg
[2012/01/29 18:07:45 | 000,000,076 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt.bck
[2012/01/29 18:07:45 | 000,000,076 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt
[2012/01/29 18:07:28 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/29 18:07:27 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/29 18:07:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/29 18:07:16 | 938,926,080 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/29 17:50:44 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/01/19 20:59:21 | 000,000,512 | ---- | M] () -- C:\Users\lucas\Desktop\MBR.dat
[2012/01/19 20:56:52 | 000,001,105 | ---- | M] () -- C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk
[2012/01/14 17:55:33 | 000,000,947 | ---- | M] () -- C:\Users\lucas\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/14 16:54:49 | 000,426,208 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/14 15:37:38 | 000,357,766 | ---- | M] () -- C:\Users\lucas\Desktop\HostsXpert.zip
[2012/01/14 15:23:30 | 000,001,491 | ---- | M] () -- C:\user.js
[2012/01/14 15:00:07 | 001,402,880 | ---- | M] () -- C:\Users\lucas\Desktop\HijackThis.msi
[2012/01/08 16:25:42 | 000,001,347 | ---- | M] () -- C:\Users\lucas\Desktop\sdsetup.exe.lnk
[2012/01/08 13:24:51 | 000,001,356 | ---- | M] () -- C:\Users\lucas\AppData\Local\d3d9caps.dat
[2012/01/08 13:06:55 | 000,000,360 | ---- | M] () -- C:\Windows\System32\drivers\etc\wnmuth.wlt.bck
[2012/01/08 13:06:55 | 000,000,360 | ---- | M] () -- C:\Windows\System32\drivers\etc\wnmuth.wlt
[2012/01/07 11:17:33 | 000,000,940 | ---- | M] () -- C:\Users\lucas\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk

========== Files Created - No Company Name ==========

[2012/01/29 18:29:12 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/19 20:59:21 | 000,000,512 | ---- | C] () -- C:\Users\lucas\Desktop\MBR.dat
[2012/01/19 20:56:52 | 000,001,105 | ---- | C] () -- C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk
[2012/01/14 17:55:33 | 000,000,947 | ---- | C] () -- C:\Users\lucas\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/14 15:37:39 | 000,357,766 | ---- | C] () -- C:\Users\lucas\Desktop\HostsXpert.zip
[2012/01/14 15:23:26 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2012/01/14 15:23:22 | 000,001,491 | ---- | C] () -- C:\user.js
[2012/01/14 15:00:34 | 001,402,880 | ---- | C] () -- C:\Users\lucas\Desktop\HijackThis.msi
[2012/01/08 15:33:18 | 000,001,347 | ---- | C] () -- C:\Users\lucas\Desktop\sdsetup.exe.lnk
[2012/01/08 13:26:45 | 938,926,080 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/07 11:17:33 | 000,000,940 | ---- | C] () -- C:\Users\lucas\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/01/03 10:58:57 | 000,001,356 | ---- | C] () -- C:\Users\lucas\AppData\Local\d3d9caps.dat
[2011/06/07 21:37:24 | 000,013,880 | ---- | C] () -- C:\Windows\System32\drivers\COMFiltr.sys
[2011/06/07 21:36:49 | 000,000,262 | -H-- | C] () -- C:\Windows\System32\PavCPL.dat
[2011/06/07 21:36:38 | 000,287,040 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck
[2011/06/07 21:36:38 | 000,287,040 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT
[2011/02/07 21:03:54 | 000,000,106 | ---- | C] () -- C:\Users\lucas\AppData\Roaming\wklnhst.dat
[2009/09/19 19:44:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/19 19:43:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | -H-- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | -H-- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/14 12:24:44 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2009/06/14 12:01:14 | 000,000,000 | ---- | C] () -- C:\ProgramData\Sounds
[2009/06/13 16:18:07 | 000,000,000 | ---- | C] () -- C:\Users\lucas\AppData\Roaming\Standard
[2009/06/13 16:18:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/06/09 20:54:48 | 000,055,296 | -H-- | C] () -- C:\Users\lucas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/17 16:00:56 | 000,000,069 | -H-- | C] () -- C:\Windows\NeroDigital.ini
[2008/12/22 18:06:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/03/23 16:25:57 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLec.DAT
[2008/02/24 14:16:29 | 000,000,392 | -H-- | C] () -- C:\Windows\ODBC.INI
[2008/01/13 15:28:43 | 000,000,268 | R--- | C] () -- C:\ProgramData\StartupItems
[2008/01/13 15:28:43 | 000,000,268 | R--- | C] () -- C:\Users\lucas\AppData\Roaming\Speech Enhancer
[2008/01/13 15:28:43 | 000,000,012 | R--- | C] () -- C:\ProgramData\String Comparison
[2008/01/13 15:28:42 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLds.DAT
[2008/01/03 21:05:56 | 000,015,377 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007/10/07 19:37:07 | 000,000,416 | -H-- | C] () -- C:\Windows\MAXLINK.INI
[2007/08/13 13:57:52 | 000,127,184 | -H-- | C] () -- C:\Windows\Unwise.exe
[2007/08/10 13:20:57 | 003,107,788 | -H-- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/08/10 13:20:57 | 000,159,744 | -H-- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/08/10 13:20:56 | 000,144,773 | -H-- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/08/10 12:11:57 | 000,009,824 | -H-- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2006/11/02 17:11:51 | 000,679,906 | -H-- | C] () -- C:\Windows\System32\perfh013.dat
[2006/11/02 17:11:51 | 000,336,440 | -H-- | C] () -- C:\Windows\System32\perfi013.dat
[2006/11/02 17:11:51 | 000,131,026 | -H-- | C] () -- C:\Windows\System32\perfc013.dat
[2006/11/02 17:11:51 | 000,041,976 | -H-- | C] () -- C:\Windows\System32\perfd013.dat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,426,208 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,598,702 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,104,716 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2007/10/11 20:43:27 | 000,000,000 | ---D | M] -- C:\Users\esther\AppData\Roaming\BullGuard
[2010/11/29 19:51:48 | 000,000,000 | ---D | M] -- C:\Users\esther\AppData\Roaming\Canon
[2008/07/24 19:04:56 | 000,000,000 | ---D | M] -- C:\Users\esther\AppData\Roaming\Nikon
[2010/11/15 17:01:16 | 000,000,000 | ---D | M] -- C:\Users\esther\AppData\Roaming\Template
[2009/09/28 16:03:44 | 000,000,000 | ---D | M] -- C:\Users\esther\AppData\Roaming\Ulead Systems
[2007/10/14 17:03:34 | 000,000,000 | ---D | M] -- C:\Users\florien\AppData\Roaming\BullGuard
[2011/04/08 15:14:50 | 000,000,000 | ---D | M] -- C:\Users\florien\AppData\Roaming\Canon
[2008/07/24 19:59:24 | 000,000,000 | ---D | M] -- C:\Users\florien\AppData\Roaming\Nikon
[2008/01/26 12:57:49 | 000,000,000 | ---D | M] -- C:\Users\florien\AppData\Roaming\ScanSoft
[2012/01/23 07:50:52 | 000,000,000 | ---D | M] -- C:\Users\florien\AppData\Roaming\Spotify
[2011/02/08 21:32:18 | 000,000,000 | ---D | M] -- C:\Users\florien\AppData\Roaming\Template
[2011/06/30 19:57:49 | 000,000,000 | ---D | M] -- C:\Users\florien\AppData\Roaming\Windows Live Writer
[2009/10/04 14:52:49 | 000,000,000 | ---D | M] -- C:\Users\florien\AppData\Roaming\Zylom
[2007/10/10 06:53:59 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\BullGuard
[2010/07/27 20:16:25 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\Canon
[2012/01/29 18:24:44 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\Dropbox
[2009/06/13 16:22:19 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\Nikon
[2011/06/07 21:30:26 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\Panda Security
[2007/10/07 19:36:59 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\ScanSoft
[2012/01/14 18:00:18 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\Systweak
[2011/02/07 21:04:01 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\Template
[2012/01/08 15:33:14 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\TestApp
[2008/03/23 17:32:35 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\Ulead Systems
[2012/01/03 20:30:10 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\UpdateStar Drivers
[2011/06/07 11:30:55 | 000,000,000 | ---D | M] -- C:\Users\sabine\AppData\Roaming\Nikon
[2012/01/29 18:06:09 | 000,032,586 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/15 17:01:34 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/15 17:01:33 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 10:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = NETBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2009/04/11 05:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation)
"Description" = This service implements NetBios over TCP/IP.
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{2CE621A6-AD07-46A5-9937-A50BAA9CCD32}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{4719DAC7-5553-4158-A4E8-49B357D04C07}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{7E2F66D5-1A92-4F23-9B25-A6A1E98C5118}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/01/19 06:55:45 | 000,035,840 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 08 01 00 01 02 01 06 01 07 01 09 01 04 01 05 01 01 01 03 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 9
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2006/11/02 10:46:14 | 000,011,264 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Thanks again for everything !
  • 0

#12
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
I need you to answer these questions:

Are you still having internet explorer redirects?

What issues do you still have with the computer?



Also you posted a special log for mbam please do the following:

  • Double click MalwareBytes' on your desktop.
  • Click the Update tab
  • Click Check for Updates
  • Click the Scanner tab
  • Click Perform quick scan
  • Click Scan

  • When the scan completes a notepad window of the quickscan log will open, please click edit >> Select all >> Edit >> Copy
  • Then click paste to put it in your next reply.


Next Post:

Answers to questions.

MalwareBytes' log
  • 0

#13
green and black

green and black

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
hallo,

I have no internet explorer redirects anymore.

The only problem I have is that he is slow sometimes , but since it is an old computer (1 GB) I think it must be normal.

Can i perhaps do another check with e.g. spybot or is this nog necessary ?

Here you can find the malwarebytes log. Thanks for everyting



Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Databaseversie: v2012.02.01.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
lucas :: PCTHUIS [administrator]

1/02/2012 19:16:41
mbam-log-2012-02-01 (19-16-41).txt

Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 229401
Verstreken tijd: 11 minuut/minuten, 36 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)
  • 0

#14
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 2.

We need to run a Check disk on your hard drive as a first step to correct the slowness.

Open Computer by clicking the Start button Posted Image, and then clicking Computer.

Click once the hard disk drive that you want to check, and then click Properties.

Posted Image

Then select the Tools tab, and click the ďCheck NowĒ button.
Posted Image
A little dialog will pop up to allow you to choose the options you want for the disk check. You should check both options.
Posted Image
The only problem with that is that Windows canít check a drive thatís being used, such as the system drive, but Windows will let you schedule a disk check for the next reboot.
Posted Image
Now reboot the computer and let the disk check run.
Once it is finished Windows will automatically restart.


Step 3.

Open Disk Defragmenter by clicking the Start button Posted Image
  • Click All Programs
  • Click Accessories
  • Click System Tools
  • Click Disk Defragmenter (Administrator permission required If you are prompted for an administrator password or confirmation, type the password or provide confirmation)
  • Click Defragment Now


Step 4.

Please post checkup.txt


To best improve your computer speed you need to add memory to your computer. ! Gig is simply not enough, even for 32 bit systems you should have a minimum of 1 Gig more.

To find out what memory stick you need to purchase, if you choose to do so, please run this scanner:

Run the Crucial scanner as that will give you full details about the RAM that your system will accept.
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP