Jump to content

Trying to remove infection


Recommended Posts

Hello

on Friday the 9th of July 2011 i found out my laptop is infected by some sort of virus. I did not trust the sign in method for my internet banking. With help from my brother-in-law i ran several spy sweepers and virus scanners. I ran the Malwarebytes' Anti Malware removal before i was familiar with this forum. It didn't get rid of the infection. I was getting warnings from Malwarebytes that my computor was trying to acces internet sites with ip adresses: 195.14.112.166 and 95.64.56.15. I did a google search and find this site. I would like some help please.

I followed the instructions in the topic at the top of this sub-forum (http://forums.malwarebytes.org/index.php?showtopic=9573).

I updated malwarebytes' and ran it, log is at the end of this post. I also update my virus scanner (Microsoft Security Essentials) and ran a full scan. Nothing was found. I came across a problem when running the DeFoggers. When it says 'Finished', I was NOT asked to reboot my pc, but got the screen asking Disable/Enable again. What now? Reboot anyway and move on to the DDS? I have included the log further down.

Thanks in advance for your help.

LOGS:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7071

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19088

11/07/2011 15:27:38

mbam-log-2011-07-11 (15-27-38).txt

Scan type: Quick scan

Objects scanned: 162081

Time elapsed: 6 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

------------------------------

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 19:45 on 11/07/2011 (Peter en Ellen)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

Link to post
Share on other sites

hi :welcome:

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

Step 1

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

Things I would like to see in your reply:

  • aswMBR log
  • OTL.txt and Extras.txt

Link to post
Share on other sites

Hi,

first of all thank you for your assistance. My apologies for taking a while to reply. Problem is i am a shift worker, so I eat, sleep and work at funny times. I performed the two scans you requested. After the first, aswMBR, had completed and i saved the log, i had to restart my computer because it frooze up. It restarted as normal, no safe mode required.

Posted underneath are the requested logs.

Regards.

1st log:

aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software

Run date: 2011-07-12 16:48:46

-----------------------------

16:48:46.215 OS Version: Windows 6.0.6002 Service Pack 2

16:48:46.215 Number of processors: 2 586 0xF0D

16:48:46.216 ComputerName: PETERENELLEN-PC UserName: Peter en Ellen

16:48:49.072 Initialize success

17:02:44.829 AVAST engine defs: 11071201

17:02:59.518 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

17:02:59.522 Disk 0 Vendor: TOSHIBA_ LV01 Size: 152627MB BusType: 3

17:02:59.585 Disk 0 MBR read successfully

17:02:59.590 Disk 0 MBR scan

17:02:59.595 Disk 0 unknown MBR code

17:02:59.615 Disk 0 scanning sectors +312578048

17:02:59.677 Disk 0 scanning C:\Windows\system32\drivers

17:03:57.772 Service scanning

17:04:00.611 Disk 0 trace - called modules:

17:04:00.642 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll

17:04:00.650 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x852974c0]

17:04:00.659 3 CLASSPNP.SYS[87dab8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x847fd030]

17:04:01.749 AVAST engine scan C:\Windows

20:18:40.224 AVAST engine scan C:\Users\Peter en Ellen

20:55:14.752 AVAST engine scan C:\ProgramData

21:05:41.626 Scan finished successfully

07:44:17.396 Disk 0 MBR has been saved successfully to "C:\Users\Peter en Ellen\Desktop\MBR.dat"

07:44:17.410 The log file has been saved successfully to "C:\Users\Peter en Ellen\Desktop\aswMBR.txt"

-----------------------

2nd log:

OTL logfile created on: 13/07/2011 07:57:46 - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Peter en Ellen\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.41% Memory free

4.21 Gb Paging File | 3.13 Gb Available in Paging File | 74.25% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 136.46 Gb Total Space | 73.27 Gb Free Space | 53.70% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.45 Gb Free Space | 54.50% Space Free | Partition Type: NTFS

Computer Name: PETERENELLEN-PC | User Name: Peter en Ellen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/13 07:56:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe

PRC - [2009/04/11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE

PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2008/06/13 17:04:02 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmsdmon.exe

PRC - [2008/06/13 17:04:01 | 000,668,328 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe

PRC - [2008/02/28 01:53:25 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdxcoms.exe

PRC - [2007/11/12 12:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe

PRC - [2007/11/12 12:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe

PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (SafeList) ==========

MOD - [2011/07/13 07:56:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/07/09 17:33:49 | 000,018,944 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\zqroty.exe -- (zqroty)

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/08/26 09:44:24 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\599\g2aservice.exe -- (GoToAssist)

SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)

SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV - [2009/10/16 19:00:52 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)

SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)

SRV - [2008/02/28 01:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdxcoms.exe -- (lxdx_device)

SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/11/12 12:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)

SRV - [2007/11/12 12:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)

SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV - [2011/07/13 07:53:17 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8C710634-6657-45A1-A358-0334DC3809A4}\MpKsl45c7e1be.sys -- (MpKsl45c7e1be)

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)

DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)

DRV - [2008/03/06 08:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV - [2008/03/04 06:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)

DRV - [2008/03/04 06:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)

DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2008/01/21 03:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2007/11/17 02:34:22 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2007/11/17 02:34:22 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2007/11/12 12:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2007/09/26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®

DRV - [2007/09/07 07:49:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2007/09/06 17:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/09/06 17:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/09/06 17:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006/08/05 01:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-925633505-260543186-3398771177-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0080619

IE - HKU\S-1-5-21-925633505-260543186-3398771177-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.mc866.mail.yahoo.com/mc/welcome?.partner=bt-1&.gx=1&.tm=1288193974&.rand=1662e9sd58gne#_pg=showFolder&fid=Inbox&order=down&tt=697&pSize=25&.rand=1482196693&.jsrand=6797472

IE - HKU\S-1-5-21-925633505-260543186-3398771177-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-925633505-260543186-3398771177-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-925633505-260543186-3398771177-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-925633505-260543186-3398771177-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\2.0.1.55\oberontb.dll (Oberon Media Ltd.)

O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\2.0.1.55\oberontb.dll (Oberon Media Ltd.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O3 - HKU\S-1-5-21-925633505-260543186-3398771177-1000\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKU\S-1-5-21-925633505-260543186-3398771177-1000\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKU\S-1-5-21-925633505-260543186-3398771177-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [lxdxamon] C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe ()

O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - Startup: C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\.DEFAULT\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\.DEFAULT\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Ranges: GD ([http] in Local intranet)

O15 - HKU\S-1-5-18\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-18\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Ranges: GD ([http] in Local intranet)

O15 - HKU\S-1-5-21-925633505-260543186-3398771177-1000\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKU\S-1-5-21-925633505-260543186-3398771177-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKU\S-1-5-21-925633505-260543186-3398771177-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O15 - HKU\S-1-5-21-925633505-260543186-3398771177-1000\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites)

O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090814132336 (PhotoboxPhotowaysUploader5 Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\599\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\599\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O24 - Desktop WallPaper: C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{74374581-4d14-11df-a4a8-001d095f5e57}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT

Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/07/13 07:56:22 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

[2011/07/12 16:32:36 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Users\Peter en Ellen\Desktop\aswMBR.exe

[2011/07/09 17:33:48 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe

[2011/07/09 17:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro

[2011/07/09 14:22:34 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/07/09 14:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/09 14:22:29 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/07/09 14:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/07/08 17:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/07/05 11:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2011/07/05 11:40:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2009/10/16 16:27:52 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxdxcoin.dll

[2009/05/22 09:26:40 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDXhcp.dll

[2009/05/22 09:26:40 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdxinpa.dll

[2009/05/22 09:26:40 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxiesc.dll

[2009/05/22 09:26:39 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\lxdxserv.dll

[2009/05/22 09:26:39 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdxusb1.dll

[2009/05/22 09:26:39 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxpmui.dll

[2009/05/22 09:26:39 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdxprox.dll

[2009/05/22 09:26:38 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdxlmpm.dll

[2009/05/22 09:26:37 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdxhbn3.dll

[2009/05/22 09:26:37 | 000,320,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxih.exe

[2009/05/22 09:26:36 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomc.dll

[2009/05/22 09:26:36 | 000,594,600 | ---- | C] ( ) -- C:\Windows\System32\lxdxcoms.exe

[2009/05/22 09:26:36 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomm.dll

[2009/05/22 09:26:36 | 000,365,224 | ---- | C] ( ) -- C:\Windows\System32\lxdxcfg.exe

========== Files - Modified Within 30 Days ==========

[2011/07/13 07:57:47 | 000,611,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/07/13 07:57:46 | 000,109,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/07/13 07:56:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

[2011/07/13 07:53:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/13 07:53:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/13 07:53:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/07/13 07:53:11 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/13 07:50:30 | 000,000,512 | ---- | M] () -- C:\Users\Peter en Ellen\Desktop\MBR.dat

[2011/07/12 16:32:41 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Users\Peter en Ellen\Desktop\aswMBR.exe

[2011/07/11 19:43:52 | 000,000,000 | ---- | M] () -- C:\Users\Peter en Ellen\defogger_reenable

[2011/07/11 19:42:19 | 000,050,477 | ---- | M] () -- C:\Users\Peter en Ellen\Desktop\Defogger.exe

[2011/07/09 17:33:49 | 000,018,944 | ---- | M] () -- C:\Windows\System32\zqroty.exe

[2011/07/09 17:33:48 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe

[2011/07/09 17:27:24 | 000,020,552 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2011/07/09 14:22:34 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/09 10:51:37 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2011/07/05 11:41:21 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2011/07/03 07:14:21 | 000,003,656 | -HS- | M] () -- C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2

[2011/07/02 13:15:30 | 000,000,945 | ---- | M] () -- C:\Users\Peter en Ellen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/06/29 10:17:01 | 000,270,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/06/20 18:46:09 | 000,022,016 | ---- | M] () -- C:\Users\Peter en Ellen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/07/13 07:44:17 | 000,000,512 | ---- | C] () -- C:\Users\Peter en Ellen\Desktop\MBR.dat

[2011/07/11 19:43:52 | 000,000,000 | ---- | C] () -- C:\Users\Peter en Ellen\defogger_reenable

[2011/07/11 19:42:16 | 000,050,477 | ---- | C] () -- C:\Users\Peter en Ellen\Desktop\Defogger.exe

[2011/07/09 17:33:48 | 000,018,944 | ---- | C] () -- C:\Windows\System32\zqroty.exe

[2011/07/09 17:27:24 | 000,020,552 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2011/07/09 14:22:34 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/05 11:41:21 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2011/07/05 11:41:21 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2011/07/03 07:14:21 | 000,003,656 | -HS- | C] () -- C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2

[2011/07/03 07:14:20 | 000,005,224 | -HS- | C] () -- C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneNote Table Of Contents.onetoc2

[2010/07/17 06:24:30 | 000,000,112 | ---- | C] () -- C:\ProgramData\CSdn23.dat

[2009/10/18 08:50:00 | 000,008,248 | ---- | C] () -- C:\Users\Peter en Ellen\AppData\Local\en.ini

[2009/09/26 20:39:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/09/26 20:39:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/09/26 19:57:04 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdxgrd.dll

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2009/05/22 09:31:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdxvs.dll

[2009/05/22 09:30:23 | 000,782,336 | ---- | C] () -- C:\Windows\System32\lxdxdrs.dll

[2009/05/22 09:30:23 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdxcaps.dll

[2009/05/22 09:30:23 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdxcnv4.dll

[2009/05/22 09:29:36 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL

[2009/05/22 09:29:36 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL

[2009/05/22 09:29:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll

[2009/05/22 09:29:16 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL

[2009/05/22 09:26:58 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdxrwrd.ini

[2009/05/22 09:26:41 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDXinst.dll

[2009/04/24 19:14:08 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2009/02/21 20:39:51 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll

[2009/02/21 20:39:51 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll

[2008/09/14 14:36:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/07/06 12:46:49 | 000,022,016 | ---- | C] () -- C:\Users\Peter en Ellen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/06/19 18:00:30 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll

[2008/06/19 18:00:30 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll

[2008/06/19 18:00:29 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll

[2008/06/19 18:00:29 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll

[2008/06/19 18:00:29 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2008/06/19 18:00:26 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2008/06/19 09:19:51 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin

[2008/02/04 00:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2007/07/25 16:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll

[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 13:47:37 | 000,270,632 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 11:33:01 | 000,611,296 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 11:33:01 | 000,109,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2008/12/01 14:14:04 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\1

[2010/07/26 10:24:19 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2010/10/27 14:43:25 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Floodlight Games

[2010/11/23 07:33:09 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Juniper Networks

[2009/05/22 22:26:55 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Lexmark Productivity Studio

[2010/10/27 14:42:03 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Oberon Media

[2011/02/07 15:15:48 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Rovio

[2009/09/28 19:34:17 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\SharePod

[2010/07/18 00:12:09 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Teletekst

[2011/07/13 07:53:18 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >

[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe

[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

[2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >

[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe

[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >

[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >

[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/28 05:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/28 05:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/28 05:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/28 07:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/28 07:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/28 05:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/28 05:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/28 05:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/28 07:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/28 07:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:098DBB8A

< End of report >

---------------------

3rd log:

OTL Extras logfile created on: 13/07/2011 07:57:46 - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Peter en Ellen\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.41% Memory free

4.21 Gb Paging File | 3.13 Gb Available in Paging File | 74.25% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 136.46 Gb Total Space | 73.27 Gb Free Space | 53.70% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.45 Gb Free Space | 54.50% Space Free | Partition Type: NTFS

Computer Name: PETERENELLEN-PC | User Name: Peter en Ellen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 1

"InternetSettingsDisableNotify" = 1

"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{55526005-DCFD-49B7-ACD6-511CD1B079ED}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{678E955A-0F20-4120-BCD2-B5454DE16F95}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{69D10F3C-C2DA-4DC0-B921-ECDA09B41631}" = lport=10243 | protocol=6 | dir=in | app=system |

"{8E3882CA-029C-49CE-BB66-DFA5524E19F3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C65DB226-6E89-4BD9-922E-43026715339E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{CB17EDCA-18C9-437C-AE99-BC4F64A8D910}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E6435CB6-C392-4545-95D4-A946BBE82B31}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{EDEA746A-4C8B-4CEF-B218-474394144F30}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F0112EBA-65A0-47ED-A1EF-D7E4F2BF9E2B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F3C2B087-ECD3-4940-8BC4-4DA7908A1E36}" = rport=10243 | protocol=6 | dir=out | app=system |

"{F7EBDE5C-432D-447E-B863-798DDE233D12}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0059B072-2E10-4333-BD43-8C221B1D4A11}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{029D08C4-98CB-446E-B340-ABCCDFC9B154}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{03AD7B28-4588-4395-9738-A30F6EE2EAEA}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{0836EE2C-6A25-4755-BC0D-D248F2CB9DB8}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{0938F5CC-365E-41C0-B2BC-72F7EDEA4B96}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{0B2E3F96-B38B-4C22-B400-067B315E7089}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{0B62A7F1-10E9-4910-9D3E-FFE0E34D0349}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{11765E59-6CCD-4F33-B2A2-FD5C24813D95}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{11A23E58-DFFA-4192-9A54-F63300C206D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{11DAAACF-92D0-42DA-8E94-C6F1B85EFCF9}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{123D7CCE-B7E5-48AD-9C62-77988042E8D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{13E28B83-0C03-46D2-8974-AA09D121A975}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{144C2C02-D493-47F4-BDD5-C58DF25841AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{15C124C5-5E9D-427D-A154-82541EE4F7EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{1C44F999-1FE8-4C48-B776-F82F26EBBC0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{1E023C40-E44B-4E38-A0CC-B5A0CBB2967B}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{1F7ED432-62A8-4A5B-9F7A-1D1EF1DFBCAB}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{2136A894-5F98-4208-A9E9-70BA0711338F}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{29D9C4E4-700C-464E-BC61-295B2403C851}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{2AE0E238-1E7C-4999-890E-464CDE979294}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{2C65CB9E-98D6-4527-BEB1-BE563A0F0F26}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{2CC81963-9BBF-4DC2-A09C-123A18FADF07}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{2D36A0E0-B5E3-4854-B165-316BFCF9340C}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{2F04C77E-8975-4ECD-9DC1-85EEA59DE783}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{3236FA75-3C30-4BDC-B012-3798348F530D}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{34954527-F099-4698-A133-B669962B2DF3}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{34A60168-4768-40A1-938B-A2321779C7EB}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{35137B6A-11E8-4FE5-B2F0-D79935A79F21}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{379BE733-A395-4B95-AB42-2C1CBD093EE2}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{38BDE1EC-4844-46E1-B451-0D8F3A89A420}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{3BA27712-716B-47DF-9C0C-94F1E00A9977}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{3F76125C-7921-46AA-9AEE-FF8F936067A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{3FBC4CE8-2E40-4645-A2C5-15196DC9F138}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{41616D88-7985-49B7-9A9F-884076D80F13}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{42B70352-D73B-4D26-9603-D01866843910}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{42D95473-0082-4442-8C96-E0E5E9718363}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{44196A3F-03A3-4F2D-B171-E6E446CE2897}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{442CEB7A-5BB4-4360-9181-EB07C82FBA4A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{4523FADB-2A17-41F7-81B2-B479E884B0DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{4656EB87-69BB-4B2C-808D-13B0475AADC6}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{46D608C9-7CC7-48A9-BB99-85961C56783A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{4B71A016-BFEF-470E-94E8-3784D389D1B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{4C65B4B1-EA26-4FEF-AC7D-AE50E189C158}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{4C8952A2-2F74-492C-9E91-CFDC7BDA0AFA}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{4D60DCD0-2EA3-41DC-8FB1-2CDF7BA7C96E}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{4FC278DE-E6AA-4CB1-8709-11A4AD4B08D8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{51004CD0-DDF3-4EAA-AE1A-2A929191EBA7}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{546D03F2-E985-4660-848A-93747B52333E}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{552BB68D-41AA-48D0-9382-35C5A3BFEC5B}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{55F785E8-6E27-4A0E-B6AF-503FF17CB786}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{57DCB00A-20EE-44D6-B877-AC26B773ED8D}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{59596D23-6967-4BC7-BCC9-D6E3A49CAAB6}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{598911AC-1B23-46D1-A517-106B1B4CDEF0}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{5E33D27F-93B9-4625-9016-5676D12D8A05}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{62BAD200-2C69-430B-BFDC-9832DDE36BED}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{635ADE43-1C27-4908-AFBA-537C7956A1B3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{654C11ED-25BB-416B-8A23-37D4D41C24CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{66E42F46-CEE0-4A5B-81DF-9BA6C98325A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{6841B2EB-35FC-4CBF-9EB8-B87094119B5A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{699CB45A-4FEF-4E96-9D63-EAB626B758A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{69C4E08B-2346-4C85-9751-18CC19E2A83C}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{6C0EF35A-0E0B-4FAC-A7C9-0931A1806980}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{71D50CBE-5803-47F0-A84E-2721FA7F0F66}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{772D13C9-37EC-436E-B8B7-ED7622B5ABC9}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{783BF2D3-86FB-4A1F-90A2-C78487598442}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{794CC8C7-F8A8-4A3D-B0D2-1E76DED49F88}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{79EF2B99-A944-4B0A-AD4A-9832AB828A4F}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{7BA18EE3-E4B0-40FC-BDBF-81E3486C5CB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{7DC97CA2-8766-4FF0-9557-48EB48799E49}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{7F4C1B95-29EC-47CF-B5B6-44774A9A5870}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{7F6C0783-B7E0-411F-AF5A-F0A743D43D7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{82C7645E-57E5-402F-9AEE-2C662DB52C63}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{82EFFD4F-7EC1-4A26-B16F-1E23D604DE39}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{890E0F1F-5BD9-4654-8BF1-F5FE7F033ACD}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{8BE0FC78-DCE1-4882-A4B0-AC0C89F562D1}" = protocol=17 | dir=in | app=c:\users\peter en ellen\appdata\local\temp\7zsf594.tmp\symnrt.exe |

"{8FDBC4BE-B71D-4AEA-89B7-8711692962A1}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{90767A84-8107-4028-AF53-4E712E4E521B}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{9091C601-04DB-4EA4-B4C8-4197B19EE7CD}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{93794924-A455-4B72-8A31-F50F3F6D72BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{95163D28-D294-4CB9-996C-7CC56F863D41}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{955394C2-5DD5-439E-B6A1-8AD7E5773469}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{96B65F1D-1C19-4762-A859-0B49A7FFB426}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{96D8AB73-C0C3-4F0C-9431-592CD6EA311C}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{96E93AEC-0325-4590-B20F-AE1E40F524C8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{986A90A3-CEAE-4413-BAF8-D8BD75F4304E}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{9BA871F4-C275-4916-B4E4-3BDE6297EF52}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{9C5B28B4-7B6F-407D-9313-27B8F9BE306A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{9D572064-BF71-4D36-AC62-DC6F6AD231C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{9E47610B-5D0C-46DF-9EDD-6016AD2B2E23}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{9E65051A-024B-4F3B-8782-489B260008F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{A0834011-8B4D-4758-85F2-BEA48D650402}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{A086C3B0-6965-44C4-AA55-8D9DD4889D82}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{A5384DA1-753A-4AD4-9E0E-5DFCC9D7686D}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{A549B016-65E5-41A3-80DD-84E5E25B84AE}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{A630703F-50C6-4C52-AC9A-1CD8941E9CCF}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{A658321C-ECB5-4C55-89AE-D05A94C36E84}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{A6BE68B4-EC23-47FD-8942-462F25B5B961}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{A7E06E51-705B-459E-90D9-A1C429D0A1F5}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |

"{AB7FC708-B8C6-4F74-AF85-1D0864E11E24}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{ACD5A197-21A9-4BD2-BB9A-52D01587A483}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{AD8535C4-3D3D-4F12-A05E-B7638C1DFB0F}" = protocol=6 | dir=out | app=system |

"{AF1C5A69-E968-46D6-BE59-0908B447FDFF}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{B11D3E49-F05D-4669-8B7C-73CE6A789B47}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{B1881C24-5A84-4CB6-BB9C-A3CBE7F8E3CD}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{B24A1FD0-0E55-406A-B002-FE8F5A0375DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{B2FDF00A-62BA-4B77-9826-AD5D252CC308}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{B3F35D80-1C77-4781-8497-C9E0521253FF}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{B44D8829-E4C8-41C8-AF60-7D90C3DAB952}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{B4E87FF2-BABF-407E-B1D5-779B483B0570}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{B74A3486-846E-46B9-98CE-E19DB79D6EDA}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{BC87E2C9-1AE5-4EE5-8215-E7F2878B5CEB}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{C1260EA4-E4F0-4BD8-9B07-D591183AA139}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{C3F158F1-658C-4D1F-A77A-F8D8D043190B}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{C599F2D9-40EF-4A55-915A-24BF90CD9DBC}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{C7EB6FB5-3630-4059-9E05-A865E501D0B2}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{C8AF6D22-AC3C-4AB6-BCA1-CE5BDF9D12BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{C9A25EDA-3E08-4D9C-B987-AB51230D9739}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{CF14D74D-599F-4FFB-BEEB-D1B37B6D6297}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{CF69F260-E16F-40CE-BDE2-3D1596E02BEA}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{D11A661A-F57A-4430-A58F-4B02483600F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{D1427F88-FEE1-486F-9176-7B4B9ADCF652}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{D1919655-23E2-4D86-9294-BB3226EB5719}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{D1FDF74D-3B61-432D-AE76-C097D67E2108}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{D231DBE4-74F2-4620-8D07-3E33D57EBFD9}" = protocol=6 | dir=in | app=c:\users\peter en ellen\appdata\local\temp\7zsf594.tmp\symnrt.exe |

"{D471C218-7F59-4765-B797-8C6CAF70510A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{D6E507CA-B445-46BE-923C-8AA749000385}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{D80EFD36-6BFC-43DB-8340-67C41D931C09}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{DC7C7447-6E02-44AA-A2BC-E0196C119777}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{E0D0D448-07BB-41BA-AB3D-3E8EB8EE12AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{E61B5607-18B9-43D4-B69E-23D07BD2D60A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{EB5FE7B4-F456-45D9-8560-2987AF9C99B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{EC52987D-BBA3-4ACF-91B6-C5B57E8E451B}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{EDCF7E87-F7B4-4669-98B7-612500A41C7D}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{EF4B3169-41EC-44B3-AE9B-6AC36FBC005C}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{EFDCC78B-2528-4B23-A299-103E6A1957ED}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{F0642C27-0DA9-4C13-8DA5-2EDA92E14E7F}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{F12E5433-B6B4-4C7D-A8FA-23BAA52BFAE0}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{F2F200B2-27F6-4322-87B2-18D804FD12ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F368723C-A890-457D-8504-C96BAC019D47}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{F4B20502-04A6-4C85-AADB-A08504A26A0C}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{F6B6BC46-60F1-4C57-ACEC-42B095DC2708}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{FAC978A9-22E4-4967-9FD0-11C5E64FE91A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{FBBFA3E5-5C3C-4EF4-A87D-A9C34B55C7F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{FE162A0F-F48A-4453-9E99-EFF06ACEFCA4}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"TCP Query User{0A85DE94-39D5-496D-A924-0FEEEEAC3F45}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"TCP Query User{13166B84-A46E-4604-83D2-AE1D1F768CFA}C:\program files\lexmark 3600-4600 series\lxdxmon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxmon.exe |

"TCP Query User{1E545305-5205-4705-ACF0-30922B14AD76}C:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe |

"TCP Query User{CC3DAAD1-B882-47C2-9A17-E11DC7803140}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"TCP Query User{DE0EEF60-C337-435B-9C43-0EEFA7F6B69D}C:\program files\lexmark 3600-4600 series\lxdxmon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxmon.exe |

"UDP Query User{19E887CA-35B2-47F1-A9AA-DAE758628EFC}C:\program files\lexmark 3600-4600 series\lxdxmon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxmon.exe |

"UDP Query User{93CF2DE5-59F8-4B3F-AF95-863893977A31}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"UDP Query User{AF5CA8AA-3C5C-420D-AA1E-52FB4FE2C85E}C:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe |

"UDP Query User{B3FCC774-2E32-4FA1-B540-0D762ED1F72F}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"UDP Query User{BC4E9C59-B188-406E-994B-4B3B8DB0D5F7}C:\program files\lexmark 3600-4600 series\lxdxmon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxmon.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data

"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0

"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar

"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office

"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 23

"{29B376EF-7C81-48FC-9CC6-DED136570CFE}" = Tarantella Connection Manager

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{41C5EDB3-BE78-4C29-AE83-EDD2B1B740F1}" = CSI-Dark Motives

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A170F0F-C129-4E3C-9EC7-F36D20AE7A6B}_is1" = Teletekstbrowser versie 3.4

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector

"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI

"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs

"{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}" = Internet From BT

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio

"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware

"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)

"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client

"{78225D0F-D12C-09E4-5D6D-A64D763E8982}" = BBC iPlayer Desktop

"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118906753}" = Agatha Christie 4.50 from Paddington Special Edition

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}" = McAfee Virtual Technician

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes

"{ABC5A6A3-573D-4578-949B-D643E629385E}" = Germany Radar Demo

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE325D55-FCAF-4273-BB79-069BB8747270}" = TomTom HOME

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E2F1B35F-7C8A-41F4-8248-F5CF9ABD7261}" = London Control

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore

"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool

"{FBEDD989-D0C3-4DF4-A41C-5FC9DD693E18}" = Agatha Christie - Murder on the Orient Express

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"Advanced Video FX Engine" = Advanced Video FX Engine

"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop

"BT Broadband Desktop Help" = BT Broadband Desktop Help

"BT Wireless Connection Manager" = BT Wireless Connection Manager

"BTHomeHub" = BTHomeHub

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem

"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)

"Dell Webcam Center" = Dell Webcam Center

"Dell Webcam Manager" = Dell Webcam Manager

"ESET Online Scanner" = ESET Online Scanner v3

"GamesBar" = GamesBar 2.0.1.55

"GoToAssist" = GoToAssist Corporate

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control

"Lexmark 3600-4600 Series" = Lexmark 3600-4600 Series

"Lexmark Fax Solutions" = Lexmark Fax Solutions

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"ProInst" = Intel® PROSet/Wireless Software

"SopCast" = SopCast 3.2.4

"StreamTorrent 1.0" = Stream Torrent 1.0

"WinLiveSuite" = Windows Live Essentials

"Yahoo! Applications" = BT Yahoo! Applications

"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-925633505-260543186-3398771177-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client

"Juniper_Term_Services" = Juniper Terminal Services Client

"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 08/07/2011 02:34:11 | Computer Name = PeterenEllen-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 32589326

Error - 08/07/2011 02:46:14 | Computer Name = PeterenEllen-PC | Source = VSS | ID = 39

Description =

Error - 08/07/2011 02:46:14 | Computer Name = PeterenEllen-PC | Source = VSS | ID = 8193

Description =

Error - 08/07/2011 02:46:14 | Computer Name = PeterenEllen-PC | Source = System Restore | ID = 8193

Description =

Error - 08/07/2011 04:55:15 | Computer Name = PeterenEllen-PC | Source = VSS | ID = 39

Description =

Error - 08/07/2011 04:55:15 | Computer Name = PeterenEllen-PC | Source = VSS | ID = 8193

Description =

Error - 08/07/2011 19:00:00 | Computer Name = PeterenEllen-PC | Source = VSS | ID = 39

Description =

Error - 08/07/2011 19:00:00 | Computer Name = PeterenEllen-PC | Source = VSS | ID = 8193

Description =

Error - 09/07/2011 00:46:31 | Computer Name = PeterenEllen-PC | Source = WinMgmt | ID = 10

Description =

Error - 09/07/2011 09:20:12 | Computer Name = PeterenEllen-PC | Source = VSS | ID = 39

Description =

[ System Events ]

Error - 09/07/2011 00:46:32 | Computer Name = PeterenEllen-PC | Source = Service Control Manager | ID = 7034

Description =

Error - 09/07/2011 00:47:06 | Computer Name = PeterenEllen-PC | Source = Service Control Manager | ID = 7024

Description =

Error - 12/07/2011 03:39:43 | Computer Name = PeterenEllen-PC | Source = Service Control Manager | ID = 7034

Description =

Error - 13/07/2011 02:51:54 | Computer Name = PeterenEllen-PC | Source = DCOM | ID = 10010

Description =

Error - 13/07/2011 02:53:39 | Computer Name = PeterenEllen-PC | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 13/07/2011 02:54:43 | Computer Name = PeterenEllen-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 13/07/2011 02:54:43 | Computer Name = PeterenEllen-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 13/07/2011 02:54:43 | Computer Name = PeterenEllen-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 13/07/2011 02:54:43 | Computer Name = PeterenEllen-PC | Source = Service Control Manager | ID = 7034

Description =

Error - 13/07/2011 02:55:29 | Computer Name = PeterenEllen-PC | Source = Service Control Manager | ID = 7024

Description =

< End of report >

Link to post
Share on other sites

hi

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2011/07/09 17:33:48 | 000,018,944 | ---- | C] () -- C:\Windows\System32\zqroty.exe

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Update MalwareBytes AntiMalware and Run a Quick Scan.

Post the log it produces

Things I would like to see in your reply:

  • OTL log
  • MBAM log

Link to post
Share on other sites

I have done the things you have said. Not trying to get ahead, but outgoing messages are still being blocked by MBAM while writing this post. If needed i can post the protection log from MBAM.

Here are the logs you requested:

OTL:

OTL logfile created on: 13/07/2011 11:54:17 - Run 2

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Peter en Ellen\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.25% Memory free

4.21 Gb Paging File | 3.00 Gb Available in Paging File | 71.28% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 136.46 Gb Total Space | 73.75 Gb Free Space | 54.05% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.45 Gb Free Space | 54.50% Space Free | Partition Type: NTFS

Computer Name: PETERENELLEN-PC | User Name: Peter en Ellen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/13 07:56:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe

PRC - [2009/04/11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE

PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2008/06/13 17:04:02 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmsdmon.exe

PRC - [2008/06/13 17:04:01 | 000,668,328 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe

PRC - [2008/02/28 01:53:25 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdxcoms.exe

PRC - [2007/11/12 12:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe

PRC - [2007/11/12 12:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe

PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (SafeList) ==========

MOD - [2011/07/13 07:56:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/07/13 11:40:57 | 000,018,944 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\ntervm.exe -- (ntervm)

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/08/26 09:44:24 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\599\g2aservice.exe -- (GoToAssist)

SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)

SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV - [2009/10/16 19:00:52 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)

SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)

SRV - [2008/02/28 01:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdxcoms.exe -- (lxdx_device)

SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/11/12 12:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)

SRV - [2007/11/12 12:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)

SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV - [2011/07/13 11:48:57 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8C710634-6657-45A1-A358-0334DC3809A4}\MpKslfc1cd914.sys -- (MpKslfc1cd914)

DRV - [2011/07/13 07:53:17 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8C710634-6657-45A1-A358-0334DC3809A4}\MpKsl45c7e1be.sys -- (MpKsl45c7e1be)

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)

DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)

DRV - [2008/03/06 08:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV - [2008/03/04 06:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)

DRV - [2008/03/04 06:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)

DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2008/01/21 03:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2007/11/17 02:34:22 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2007/11/17 02:34:22 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2007/11/12 12:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2007/09/26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®

DRV - [2007/09/07 07:49:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2007/09/06 17:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/09/06 17:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/09/06 17:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006/08/05 01:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0080619

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.mc866.mail.yahoo.com/mc/welcome?.partner=bt-1&.gx=1&.tm=1288193974&.rand=1662e9sd58gne#_pg=showFolder&fid=Inbox&order=down&tt=697&pSize=25&.rand=1482196693&.jsrand=6797472

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2011/07/13 11:40:58 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\2.0.1.55\oberontb.dll (Oberon Media Ltd.)

O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\2.0.1.55\oberontb.dll (Oberon Media Ltd.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [lxdxamon] C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe ()

O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites)

O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090814132336 (PhotoboxPhotowaysUploader5 Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\599\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\599\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O24 - Desktop WallPaper: C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{74374581-4d14-11df-a4a8-001d095f5e57}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/13 11:40:56 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/07/13 07:56:22 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

[2011/07/12 16:32:36 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Users\Peter en Ellen\Desktop\aswMBR.exe

[2011/07/09 17:33:48 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe

[2011/07/09 17:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro

[2011/07/09 14:22:34 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/07/09 14:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/09 14:22:29 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/07/09 14:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/07/08 17:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/07/05 11:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2011/07/05 11:40:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2009/10/16 16:27:52 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxdxcoin.dll

[2009/05/22 09:26:40 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDXhcp.dll

[2009/05/22 09:26:40 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdxinpa.dll

[2009/05/22 09:26:40 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxiesc.dll

[2009/05/22 09:26:39 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\lxdxserv.dll

[2009/05/22 09:26:39 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdxusb1.dll

[2009/05/22 09:26:39 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxpmui.dll

[2009/05/22 09:26:39 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdxprox.dll

[2009/05/22 09:26:38 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdxlmpm.dll

[2009/05/22 09:26:37 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdxhbn3.dll

[2009/05/22 09:26:37 | 000,320,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxih.exe

[2009/05/22 09:26:36 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomc.dll

[2009/05/22 09:26:36 | 000,594,600 | ---- | C] ( ) -- C:\Windows\System32\lxdxcoms.exe

[2009/05/22 09:26:36 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomm.dll

[2009/05/22 09:26:36 | 000,365,224 | ---- | C] ( ) -- C:\Windows\System32\lxdxcfg.exe

========== Files - Modified Within 30 Days ==========

[2011/07/13 11:55:01 | 000,611,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/07/13 11:55:01 | 000,109,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/07/13 11:49:05 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/13 11:49:05 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/13 11:48:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/07/13 11:48:51 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/13 11:40:58 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

[2011/07/13 11:40:57 | 000,018,944 | ---- | M] () -- C:\Windows\System32\ntervm.exe

[2011/07/13 10:13:45 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2011/07/13 07:56:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

[2011/07/13 07:50:30 | 000,000,512 | ---- | M] () -- C:\Users\Peter en Ellen\Desktop\MBR.dat

[2011/07/12 16:32:41 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Users\Peter en Ellen\Desktop\aswMBR.exe

[2011/07/11 19:43:52 | 000,000,000 | ---- | M] () -- C:\Users\Peter en Ellen\defogger_reenable

[2011/07/11 19:42:19 | 000,050,477 | ---- | M] () -- C:\Users\Peter en Ellen\Desktop\Defogger.exe

[2011/07/09 17:33:48 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe

[2011/07/09 17:27:24 | 000,020,552 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2011/07/09 14:22:34 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/05 11:41:21 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2011/07/03 07:14:21 | 000,003,656 | -HS- | M] () -- C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2

[2011/07/02 13:15:30 | 000,000,945 | ---- | M] () -- C:\Users\Peter en Ellen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/06/29 10:17:01 | 000,270,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/06/20 18:46:09 | 000,022,016 | ---- | M] () -- C:\Users\Peter en Ellen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/07/13 11:40:57 | 000,018,944 | ---- | C] () -- C:\Windows\System32\ntervm.exe

[2011/07/13 07:44:17 | 000,000,512 | ---- | C] () -- C:\Users\Peter en Ellen\Desktop\MBR.dat

[2011/07/11 19:43:52 | 000,000,000 | ---- | C] () -- C:\Users\Peter en Ellen\defogger_reenable

[2011/07/11 19:42:16 | 000,050,477 | ---- | C] () -- C:\Users\Peter en Ellen\Desktop\Defogger.exe

[2011/07/09 17:27:24 | 000,020,552 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2011/07/09 14:22:34 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/05 11:41:21 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2011/07/05 11:41:21 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2011/07/03 07:14:21 | 000,003,656 | -HS- | C] () -- C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2

[2011/07/03 07:14:20 | 000,005,224 | -HS- | C] () -- C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneNote Table Of Contents.onetoc2

[2010/07/17 06:24:30 | 000,000,112 | ---- | C] () -- C:\ProgramData\CSdn23.dat

[2009/10/18 08:50:00 | 000,008,248 | ---- | C] () -- C:\Users\Peter en Ellen\AppData\Local\en.ini

[2009/09/26 20:39:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/09/26 20:39:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/09/26 19:57:04 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdxgrd.dll

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2009/05/22 09:31:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdxvs.dll

[2009/05/22 09:30:23 | 000,782,336 | ---- | C] () -- C:\Windows\System32\lxdxdrs.dll

[2009/05/22 09:30:23 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdxcaps.dll

[2009/05/22 09:30:23 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdxcnv4.dll

[2009/05/22 09:29:36 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL

[2009/05/22 09:29:36 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL

[2009/05/22 09:29:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll

[2009/05/22 09:29:16 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL

[2009/05/22 09:26:58 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdxrwrd.ini

[2009/05/22 09:26:41 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDXinst.dll

[2009/04/24 19:14:08 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2009/02/21 20:39:51 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll

[2009/02/21 20:39:51 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll

[2008/09/14 14:36:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/07/06 12:46:49 | 000,022,016 | ---- | C] () -- C:\Users\Peter en Ellen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/06/19 18:00:30 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll

[2008/06/19 18:00:30 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll

[2008/06/19 18:00:29 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll

[2008/06/19 18:00:29 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll

[2008/06/19 18:00:29 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2008/06/19 18:00:26 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2008/06/19 09:19:51 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin

[2008/02/04 00:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2007/07/25 16:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll

[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 13:47:37 | 000,270,632 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 11:33:01 | 000,611,296 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 11:33:01 | 000,109,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2008/12/01 14:14:04 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\1

[2010/07/26 10:24:19 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2010/10/27 14:43:25 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Floodlight Games

[2010/11/23 07:33:09 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Juniper Networks

[2009/05/22 22:26:55 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Lexmark Productivity Studio

[2010/10/27 14:42:03 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Oberon Media

[2011/02/07 15:15:48 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Rovio

[2009/09/28 19:34:17 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\SharePod

[2010/07/18 00:12:09 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Teletekst

[2011/07/13 11:48:02 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:098DBB8A

< End of report >

------------------

MBAM log

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7111

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19088

13/07/2011 12:06:41

mbam-log-2011-07-13 (12-06-41).txt

Scan type: Quick scan

Objects scanned: 154555

Time elapsed: 5 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

hi

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    SRV - [2011/07/13 11:40:57 | 000,018,944 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\ntervm.exe -- (ntervm)
    [2008/12/01 14:14:04 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\1

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download ComboFix here :

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them
    Click me
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Things I would like to see in your reply:

  • OTL log
  • Combofix.txt

Link to post
Share on other sites

Hello again,

Scans have been run. Below are the requested logs. I have re-enabled my anti-virus and antimalware for now. There is a windows security alert showing. When i open the Windows Security Center it indicates that 'User Account Control' is turned off. Can i re-enable this or is it better to leave it of while we try to clean my machine?

One more quick question if you don't mind. Before i started i backed-up pictures onto a USB drive. Is it likely that this drive is infected as well?

Regards.

OTL log:

OTL logfile created on: 13/07/2011 22:36:55 - Run 3

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Peter en Ellen\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.22% Memory free

4.21 Gb Paging File | 3.14 Gb Available in Paging File | 74.67% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 136.46 Gb Total Space | 73.63 Gb Free Space | 53.96% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.45 Gb Free Space | 54.50% Space Free | Partition Type: NTFS

Computer Name: PETERENELLEN-PC | User Name: Peter en Ellen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/13 07:56:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2009/05/21 11:14:02 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe

PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe

PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2008/06/13 17:04:02 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmsdmon.exe

PRC - [2008/06/13 17:04:01 | 000,668,328 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe

PRC - [2008/02/28 01:53:25 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdxcoms.exe

PRC - [2007/11/12 12:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe

PRC - [2007/11/12 12:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe

PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (SafeList) ==========

MOD - [2011/07/13 07:56:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/07/13 22:31:36 | 000,018,944 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\ktixk.exe -- (ktixk)

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/08/26 09:44:24 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\599\g2aservice.exe -- (GoToAssist)

SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)

SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV - [2009/10/16 19:00:52 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)

SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)

SRV - [2008/02/28 01:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdxcoms.exe -- (lxdx_device)

SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/11/12 12:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)

SRV - [2007/11/12 12:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)

SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV - [2011/07/13 22:34:32 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8C710634-6657-45A1-A358-0334DC3809A4}\MpKslbc0dc7b5.sys -- (MpKslbc0dc7b5)

DRV - [2011/07/13 11:48:57 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8C710634-6657-45A1-A358-0334DC3809A4}\MpKslfc1cd914.sys -- (MpKslfc1cd914)

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)

DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)

DRV - [2008/03/06 08:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV - [2008/03/04 06:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)

DRV - [2008/03/04 06:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)

DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2008/01/21 03:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2007/11/17 02:34:22 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2007/11/17 02:34:22 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2007/11/12 12:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2007/09/26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®

DRV - [2007/09/07 07:49:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2007/09/06 17:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/09/06 17:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/09/06 17:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006/08/05 01:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0080619

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.mc866.mail.yahoo.com/mc/welcome?.partner=bt-1&.gx=1&.tm=1288193974&.rand=1662e9sd58gne#_pg=showFolder&fid=Inbox&order=down&tt=697&pSize=25&.rand=1482196693&.jsrand=6797472

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2011/07/13 22:31:36 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\2.0.1.55\oberontb.dll (Oberon Media Ltd.)

O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\2.0.1.55\oberontb.dll (Oberon Media Ltd.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [lxdxamon] C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe ()

O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites)

O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090814132336 (PhotoboxPhotowaysUploader5 Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\599\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\599\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O24 - Desktop WallPaper: C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{74374581-4d14-11df-a4a8-001d095f5e57}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/13 11:40:56 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/07/13 07:56:22 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

[2011/07/12 16:32:36 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Users\Peter en Ellen\Desktop\aswMBR.exe

[2011/07/09 17:33:48 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe

[2011/07/09 17:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro

[2011/07/09 14:22:34 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/07/09 14:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/09 14:22:29 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/07/09 14:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/07/08 17:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/07/05 11:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2011/07/05 11:40:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2009/10/16 16:27:52 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxdxcoin.dll

[2009/05/22 09:26:40 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDXhcp.dll

[2009/05/22 09:26:40 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdxinpa.dll

[2009/05/22 09:26:40 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxiesc.dll

[2009/05/22 09:26:39 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\lxdxserv.dll

[2009/05/22 09:26:39 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdxusb1.dll

[2009/05/22 09:26:39 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxpmui.dll

[2009/05/22 09:26:39 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdxprox.dll

[2009/05/22 09:26:38 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdxlmpm.dll

[2009/05/22 09:26:37 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdxhbn3.dll

[2009/05/22 09:26:37 | 000,320,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxih.exe

[2009/05/22 09:26:36 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomc.dll

[2009/05/22 09:26:36 | 000,594,600 | ---- | C] ( ) -- C:\Windows\System32\lxdxcoms.exe

[2009/05/22 09:26:36 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomm.dll

[2009/05/22 09:26:36 | 000,365,224 | ---- | C] ( ) -- C:\Windows\System32\lxdxcfg.exe

========== Files - Modified Within 30 Days ==========

[2011/07/13 22:34:41 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/13 22:34:41 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/13 22:34:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/07/13 22:34:26 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/13 22:31:36 | 000,018,944 | ---- | M] () -- C:\Windows\System32\ktixk.exe

[2011/07/13 22:31:36 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

[2011/07/13 12:45:40 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2011/07/13 11:55:01 | 000,611,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/07/13 11:55:01 | 000,109,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/07/13 07:56:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

[2011/07/13 07:50:30 | 000,000,512 | ---- | M] () -- C:\Users\Peter en Ellen\Desktop\MBR.dat

[2011/07/12 16:32:41 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Users\Peter en Ellen\Desktop\aswMBR.exe

[2011/07/11 19:43:52 | 000,000,000 | ---- | M] () -- C:\Users\Peter en Ellen\defogger_reenable

[2011/07/11 19:42:19 | 000,050,477 | ---- | M] () -- C:\Users\Peter en Ellen\Desktop\Defogger.exe

[2011/07/09 17:33:48 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe

[2011/07/09 17:27:24 | 000,020,552 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2011/07/09 14:22:34 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/05 11:41:21 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2011/07/03 07:14:21 | 000,003,656 | -HS- | M] () -- C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2

[2011/07/02 13:15:30 | 000,000,945 | ---- | M] () -- C:\Users\Peter en Ellen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/06/29 10:17:01 | 000,270,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/06/20 18:46:09 | 000,022,016 | ---- | M] () -- C:\Users\Peter en Ellen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/07/13 22:31:36 | 000,018,944 | ---- | C] () -- C:\Windows\System32\ktixk.exe

[2011/07/13 07:44:17 | 000,000,512 | ---- | C] () -- C:\Users\Peter en Ellen\Desktop\MBR.dat

[2011/07/11 19:43:52 | 000,000,000 | ---- | C] () -- C:\Users\Peter en Ellen\defogger_reenable

[2011/07/11 19:42:16 | 000,050,477 | ---- | C] () -- C:\Users\Peter en Ellen\Desktop\Defogger.exe

[2011/07/09 17:27:24 | 000,020,552 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2011/07/09 14:22:34 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/05 11:41:21 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2011/07/05 11:41:21 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2011/07/03 07:14:21 | 000,003,656 | -HS- | C] () -- C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2

[2011/07/03 07:14:20 | 000,005,224 | -HS- | C] () -- C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneNote Table Of Contents.onetoc2

[2010/07/17 06:24:30 | 000,000,112 | ---- | C] () -- C:\ProgramData\CSdn23.dat

[2009/10/18 08:50:00 | 000,008,248 | ---- | C] () -- C:\Users\Peter en Ellen\AppData\Local\en.ini

[2009/09/26 20:39:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/09/26 20:39:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/09/26 19:57:04 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdxgrd.dll

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2009/05/22 09:31:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdxvs.dll

[2009/05/22 09:30:23 | 000,782,336 | ---- | C] () -- C:\Windows\System32\lxdxdrs.dll

[2009/05/22 09:30:23 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdxcaps.dll

[2009/05/22 09:30:23 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdxcnv4.dll

[2009/05/22 09:29:36 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL

[2009/05/22 09:29:36 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL

[2009/05/22 09:29:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll

[2009/05/22 09:29:16 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL

[2009/05/22 09:26:58 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdxrwrd.ini

[2009/05/22 09:26:41 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDXinst.dll

[2009/04/24 19:14:08 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2009/02/21 20:39:51 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll

[2009/02/21 20:39:51 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll

[2008/09/14 14:36:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/07/06 12:46:49 | 000,022,016 | ---- | C] () -- C:\Users\Peter en Ellen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/06/19 18:00:30 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll

[2008/06/19 18:00:30 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll

[2008/06/19 18:00:29 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll

[2008/06/19 18:00:29 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll

[2008/06/19 18:00:29 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2008/06/19 18:00:26 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2008/06/19 09:19:51 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin

[2008/02/04 00:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2007/07/25 16:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll

[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 13:47:37 | 000,270,632 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 11:33:01 | 000,611,296 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 11:33:01 | 000,109,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/07/26 10:24:19 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2010/10/27 14:43:25 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Floodlight Games

[2010/11/23 07:33:09 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Juniper Networks

[2009/05/22 22:26:55 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Lexmark Productivity Studio

[2010/10/27 14:42:03 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Oberon Media

[2011/02/07 15:15:48 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Rovio

[2009/09/28 19:34:17 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\SharePod

[2010/07/18 00:12:09 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Teletekst

[2011/07/13 22:33:39 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:098DBB8A

< End of report >

---------------------

ComboFix log:

ComboFix 11-07-13.03 - Peter en Ellen 13/07/2011 23:04:50.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2037.935 [GMT 1:00]

Running from: c:\users\Peter en Ellen\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Peter en Ellen\GoToAssistDownloadHelper.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-06-13 to 2011-07-13 )))))))))))))))))))))))))))))))

.

.

2011-07-13 22:11 . 2011-07-13 22:11 -------- d-----w- c:\users\Peter en Ellen\AppData\Local\temp

2011-07-13 22:11 . 2011-07-13 22:11 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-13 21:34 . 2011-07-13 21:34 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C710634-6657-45A1-A358-0334DC3809A4}\MpKslbc0dc7b5.sys

2011-07-13 21:31 . 2011-07-13 21:31 18944 ----a-w- c:\windows\system32\ktixk.exe

2011-07-13 10:48 . 2011-07-13 10:48 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C710634-6657-45A1-A358-0334DC3809A4}\MpKslfc1cd914.sys

2011-07-13 10:40 . 2011-07-13 10:40 -------- d-----w- C:\_OTL

2011-07-12 18:21 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C710634-6657-45A1-A358-0334DC3809A4}\mpengine.dll

2011-07-09 16:33 . 2011-07-09 16:33 12872 ----a-w- c:\windows\system32\bootdelete.exe

2011-07-09 16:27 . 2011-07-09 16:27 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-07-09 16:26 . 2011-07-09 16:33 -------- d-----w- c:\programdata\Hitman Pro

2011-07-09 13:22 . 2011-05-29 08:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-09 13:22 . 2011-07-09 13:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-09 13:22 . 2011-05-29 08:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-08 16:17 . 2011-07-08 16:17 -------- d-----w- c:\program files\ESET

2011-07-05 10:41 . 2011-07-05 10:41 -------- d-----w- c:\program files\Common Files\Adobe

2011-06-29 04:15 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll

2011-06-16 09:24 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-16 09:24 . 2011-04-30 06:09 758784 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll

2011-06-16 09:24 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-16 09:24 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-16 09:24 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-16 09:24 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-07 15:55 . 2011-02-07 18:21 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-06-13 668328]

"lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-06-13 16040]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

c:\users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote Table Of Contents.onetoc2 [2011-7-3 3656]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-19 50688]

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]

Refresh Secure Global Desktop Shortcuts.lnk - c:\windows\Installer\{29B376EF-7C81-48FC-9CC6-DED136570CFE}\Icon29B376EF.exe [2008-12-1 55296]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2010-08-26 08:44 13672 ----a-w- c:\program files\Citrix\GoToAssist\599\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2006-12-12 17:08 3577512 ----a-w- c:\program files\TomTom HOME\TomTomHOME.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R1 MpKsle3b06aa8;MpKsle3b06aa8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{32D3CE8E-CF27-4CDE-A046-CCD3638E1CCE}\MpKsle3b06aa8.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 ktixk;NVIDIA Display Srv;c:\windows\system32\ktixk.exe [2011-07-13 18944]

R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe [2009-10-16 94208]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]

S1 MpKslbc0dc7b5;MpKslbc0dc7b5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C710634-6657-45A1-A358-0334DC3809A4}\MpKslbc0dc7b5.sys [2011-07-13 28752]

S1 MpKslfc1cd914;MpKslfc1cd914;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C710634-6657-45A1-A358-0334DC3809A4}\MpKslfc1cd914.sys [2011-07-13 28752]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]

S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2008-02-28 594600]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSLBC0DC7B5

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://de.mc866.mail.yahoo.com/mc/welcome?.partner=bt-1&.gx=1&.tm=1288193974&.rand=1662e9sd58gne#_pg=showFolder&fid=Inbox&order=down&tt=697&pSize=25&.rand=1482196693&.jsrand=6797472

uInternet Settings,ProxyOverride = *.local

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: motive.com\pbttbc.bt

TCP: DhcpNameServer = 192.168.1.254

DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090814132336

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-HitmanPro35 - c:\users\Peter en Ellen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9C56Z96T\HitmanPro35[1].exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-13 23:11

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\users\PETERE~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,5d,fb,34,da,49,b2,45,be,24,ca,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,5d,fb,34,da,49,b2,45,be,24,ca,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2011-07-13 23:14:11

ComboFix-quarantined-files.txt 2011-07-13 22:14

.

Pre-Run: 78,904,754,176 bytes free

Post-Run: 78,850,576,384 bytes free

.

- - End Of File - - A80A74C4144868522FE88A1223BB9DF4

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillALL::

File::

c:\windows\system32\ktixk.exe

Driver::

ktixk

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next

Update MalwareBytes AntiMalware and Run a Quick Scan.

Post the log it produces

Next

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Things i would like to see in your reply:

  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

Link to post
Share on other sites

I ran into a problem. I made the .txt file and dragged to the the ComboFix icon. I started the process. Now i have had a windows open for several hours. It is like a DOS prompt window, with blue background. The title bar says Administrator: Autoscan. The text in the box is:

Scanning for infected files . . .

this typically doesn't take more than 10 minutes

However, scan times for badly infected may easily double

(blinking cursor)

What do i do now? Close the window and reboot the macine? Or just reboot the machine? I have made this post from a differet machine by the way.

regards

Link to post
Share on other sites

While i was posting the last reply i had taken my laptop upstairs with me. It was unplugged from the mains power uring this time. Now the screen has gone completely black. When i wiggle the mouse nothing happens. The power light is still on, the Wi-Fi light is on, the optical mouse is still on and it is indicating it is charging. I imagine the only option now is switching of and restarting?

Link to post
Share on other sites

hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.

Post the log it produces

Step 2

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Things i would like to see in your reply:

  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

Link to post
Share on other sites

Hi,

i have done the things you requested. Logs are below. MBAM is still blocking outgoing messages. I have also added todays 'protection log' at the end of the post. One more thing happened, during the ESET scan windows decided to install updates. I am 99% sure that automatic install of updates was switched off, as i alsways manually choose when to install them. Something must have reset it to original settings. I have switched it back to manual install again. If have icluded a list of updates that were installed at the end of this post. I took a screenshot and use paint to save, but don't know how to paste into my post.

Logs:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7129

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19088

14/07/2011 09:11:44

mbam-log-2011-07-14 (09-11-44).txt

Scan type: Quick scan

Objects scanned: 157981

Time elapsed: 3 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

------------------------

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=16cb14ef1ad3814880a3da502950aa65

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-07-08 06:48:35

# local_time=2011-07-08 07:48:35 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=5892 16776574 100 100 13341572 147675521 0 0

# compatibility_mode=8192 67108863 100 0 930 930 0 0

# scanned=190035

# found=2

# cleaned=2

# scan_time=8121

C:\Users\Peter en Ellen\AppData\Local\Temp\jar_cache654480786454661420.tmp Win32/TrojanDownloader.Agent.SPCK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Peter en Ellen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\3fc0aefb-2671d49c a variant of Java/Exploit.CVE-2009-2843.B trojan (deleted - quarantined) 00000000000000000000000000000000 C

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=16cb14ef1ad3814880a3da502950aa65

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-07-09 06:53:36

# local_time=2011-07-09 07:53:36 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=5892 16776574 100 100 13385913 147719862 0 0

# compatibility_mode=8192 67108863 100 0 45271 45271 0 0

# scanned=188190

# found=0

# cleaned=0

# scan_time=7281

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=16cb14ef1ad3814880a3da502950aa65

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-14 09:39:12

# local_time=2011-07-14 10:39:12 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=5892 16776574 100 100 13830262 148164211 0 0

# compatibility_mode=8192 67108863 100 0 489620 489620 0 0

# scanned=183538

# found=0

# cleaned=0

# scan_time=4869

-------------------

Protection log from MBAM for today

08:51:08 Peter en Ellen MESSAGE Protection started successfully

08:51:13 Peter en Ellen MESSAGE IP Protection started successfully

08:59:22 Peter en Ellen IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 49581, Process: iexplore.exe)

08:59:22 Peter en Ellen IP-BLOCK 195.14.112.166 (Type: outgoing, Port: 49584, Process: iexplore.exe)

09:06:16 Peter en Ellen MESSAGE IP Protection stopped

09:06:23 Peter en Ellen MESSAGE Database updated successfully

09:06:24 Peter en Ellen MESSAGE IP Protection started successfully

09:10:25 Peter en Ellen IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 49159, Process: svchost.exe)

09:10:25 Peter en Ellen IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 50437, Process: svchost.exe)

09:10:25 Peter en Ellen IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 50438, Process: svchost.exe)

09:10:25 Peter en Ellen IP-BLOCK 195.14.112.166 (Type: outgoing, Port: 50439, Process: svchost.exe)

09:10:25 Peter en Ellen IP-BLOCK 195.14.112.166 (Type: outgoing, Port: 50440, Process: svchost.exe)

09:20:37 Peter en Ellen IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 50543, Process: iexplore.exe)

09:20:37 Peter en Ellen IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 50544, Process: iexplore.exe)

09:20:37 Peter en Ellen IP-BLOCK 195.14.112.166 (Type: outgoing, Port: 50545, Process: iexplore.exe)

09:20:37 Peter en Ellen IP-BLOCK 195.14.112.166 (Type: outgoing, Port: 50546, Process: iexplore.exe)

09:31:05 Peter en Ellen IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 50549, Process: iexplore.exe)

09:31:05 Peter en Ellen IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 50550, Process: iexplore.exe)

09:31:05 Peter en Ellen IP-BLOCK 195.14.112.166 (Type: outgoing, Port: 50551, Process: iexplore.exe)

09:31:05 Peter en Ellen IP-BLOCK 195.14.112.166 (Type: outgoing, Port: 50552, Process: iexplore.exe)

09:41:26 Peter en Ellen IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 50556, Process: svchost.exe)

09:51:38 Peter en Ellen IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 50565, Process: iexplore.exe)

09:51:38 Peter en Ellen IP-BLOCK 195.14.112.166 (Type: outgoing, Port: 50566, Process: iexplore.exe)

09:51:38 Peter en Ellen IP-BLOCK 195.14.112.166 (Type: outgoing, Port: 50567, Process: iexplore.exe)

10:02:00 Peter en Ellen IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 50571, Process: iexplore.exe)

10:02:00 Peter en Ellen IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 50572, Process: iexplore.exe)

10:02:00 Peter en Ellen IP-BLOCK 195.14.112.166 (Type: outgoing, Port: 50573, Process: iexplore.exe)

10:02:00 Peter en Ellen IP-BLOCK 195.14.112.166 (Type: outgoing, Port: 50574, Process: iexplore.exe)

10:12:29 Peter en Ellen IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 50577, Process: svchost.exe)

10:12:29 Peter en Ellen IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 50578, Process: svchost.exe)

10:12:29 Peter en Ellen IP-BLOCK 195.14.112.166 (Type: outgoing, Port: 50579, Process: svchost.exe)

10:12:29 Peter en Ellen IP-BLOCK 195.14.112.166 (Type: outgoing, Port: 50580, Process: svchost.exe)

10:22:41 Peter en Ellen IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 50586, Process: iexplore.exe)

10:22:41 Peter en Ellen IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 50587, Process: iexplore.exe)

10:22:41 Peter en Ellen IP-BLOCK 195.14.112.166 (Type: outgoing, Port: 50588, Process: iexplore.exe)

10:22:41 Peter en Ellen IP-BLOCK 195.14.112.166 (Type: outgoing, Port: 50589, Process: iexplore.exe)

10:33:09 Peter en Ellen IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 50592, Process: iexplore.exe)

10:33:09 Peter en Ellen IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 50593, Process: iexplore.exe)

10:33:09 Peter en Ellen IP-BLOCK 195.14.112.166 (Type: outgoing, Port: 50594, Process: iexplore.exe)

10:33:09 Peter en Ellen IP-BLOCK 195.14.112.166 (Type: outgoing, Port: 50595, Process: iexplore.exe)

10:43:30 Peter en Ellen IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 50601, Process: svchost.exe)

10:43:30 Peter en Ellen IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 50602, Process: svchost.exe)

10:43:30 Peter en Ellen IP-BLOCK 195.14.112.166 (Type: outgoing, Port: 50603, Process: svchost.exe)

10:43:30 Peter en Ellen IP-BLOCK 195.14.112.166 (Type: outgoing, Port: 50604, Process: svchost.exe)

10:53:43 Peter en Ellen IP-BLOCK 195.14.112.166 (Type: outgoing, Port: 50612, Process: iexplore.exe)

11:04:29 (null) IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 50648, Process: svchost.exe)

11:04:29 (null) IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 50649, Process: svchost.exe)

11:14:21 Peter en Ellen MESSAGE Protection started successfully

11:14:25 Peter en Ellen MESSAGE IP Protection started successfully

11:15:36 Peter en Ellen IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 49186, Process: svchost.exe)

11:15:37 Peter en Ellen IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 49187, Process: svchost.exe)

11:15:37 Peter en Ellen IP-BLOCK 195.14.112.166 (Type: outgoing, Port: 49188, Process: svchost.exe)

11:15:37 Peter en Ellen IP-BLOCK 195.14.112.166 (Type: outgoing, Port: 49189, Process: svchost.exe)

11:25:40 Peter en Ellen IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 49268, Process: svchost.exe)

11:25:40 Peter en Ellen IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 49269, Process: svchost.exe)

11:25:40 Peter en Ellen IP-BLOCK 195.14.112.166 (Type: outgoing, Port: 49270, Process: svchost.exe)

11:25:40 Peter en Ellen IP-BLOCK 195.14.112.166 (Type: outgoing, Port: 49271, Process: svchost.exe)

11:35:36 Peter en Ellen IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 49505, Process: svchost.exe)

11:35:36 Peter en Ellen IP-BLOCK 95.64.56.15 (Type: outgoing, Port: 49506, Process: svchost.exe)

11:35:36 Peter en Ellen IP-BLOCK 195.14.112.166 (Type: outgoing, Port: 49507, Process: svchost.exe)

11:35:36 Peter en Ellen IP-BLOCK 195.14.112.166 (Type: outgoing, Port: 49508, Process: svchost.exe)

----------------------

Installed updates by windows today.

Security Update for Windows Vista (KB2532531) Failed

Security Update for Windows Vista (KB2555917) Successfull

Update for Windoww Mail Junk E-mail filter [July 2011] (KB905866) Successfull

Windows Malicious Software Removal Tool - July 2011 (KB890830) Succesfull

Update for Windows Vista (KB2533623) Successfull

Security Update for Windows Vista (KB2507938) Successfull

Definition Update for Microsoft Security Essentials - KB2310138 (Defenition 1.107.1742.0) Successfull

Link to post
Share on other sites

OTL log

OTL logfile created on: 14/07/2011 19:59:46 - Run 4

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Peter en Ellen\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.20% Memory free

4.21 Gb Paging File | 2.86 Gb Available in Paging File | 68.01% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 136.46 Gb Total Space | 76.33 Gb Free Space | 55.93% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.45 Gb Free Space | 54.50% Space Free | Partition Type: NTFS

Computer Name: PETERENELLEN-PC | User Name: Peter en Ellen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/13 07:56:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe

PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2008/06/13 17:04:02 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmsdmon.exe

PRC - [2008/06/13 17:04:01 | 000,668,328 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe

PRC - [2008/02/28 01:53:25 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdxcoms.exe

PRC - [2007/11/12 12:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe

PRC - [2007/11/12 12:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe

PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (SafeList) ==========

MOD - [2011/07/13 07:56:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/07/13 22:31:36 | 000,018,944 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\ktixk.exe -- (ktixk)

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/08/26 09:44:24 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\599\g2aservice.exe -- (GoToAssist)

SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)

SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV - [2009/10/16 19:00:52 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)

SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)

SRV - [2008/02/28 01:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdxcoms.exe -- (lxdx_device)

SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/11/12 12:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)

SRV - [2007/11/12 12:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)

SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV - [2011/07/14 11:45:02 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6AEFF95C-E5D2-4E72-B5C9-E3E19E4A0682}\MpKsl9647c2c3.sys -- (MpKsl9647c2c3)

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)

DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)

DRV - [2008/03/06 08:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV - [2008/03/04 06:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)

DRV - [2008/03/04 06:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)

DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2008/01/21 03:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2007/11/17 02:34:22 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2007/11/17 02:34:22 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2007/11/12 12:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2007/09/26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®

DRV - [2007/09/07 07:49:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2007/09/06 17:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/09/06 17:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/09/06 17:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006/08/05 01:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.mc866.mail.yahoo.com/mc/welcome?.partner=bt-1&.gx=1&.tm=1288193974&.rand=1662e9sd58gne#_pg=showFolder&fid=Inbox&order=down&tt=697&pSize=25&.rand=1482196693&.jsrand=6797472

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2011/07/13 23:11:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [lxdxamon] C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe ()

O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites)

O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090814132336 (PhotoboxPhotowaysUploader5 Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\599\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\599\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O24 - Desktop WallPaper: C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/14 08:48:28 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011/07/13 23:52:01 | 000,000,000 | --SD | C] -- C:\ComboFix

[2011/07/13 23:14:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/07/13 23:14:13 | 000,000,000 | ---D | C] -- C:\Users\Peter en Ellen\AppData\Local\temp

[2011/07/13 23:02:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/07/13 23:02:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/07/13 23:02:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/07/13 23:02:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/07/13 23:02:36 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/07/13 22:58:19 | 004,150,977 | R--- | C] (Swearware) -- C:\Users\Peter en Ellen\Desktop\ComboFix.exe

[2011/07/13 11:40:56 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/07/13 07:56:22 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

[2011/07/12 16:32:36 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Users\Peter en Ellen\Desktop\aswMBR.exe

[2011/07/09 17:33:48 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe

[2011/07/09 17:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro

[2011/07/09 14:22:34 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/07/09 14:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/09 14:22:29 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/07/09 14:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/07/08 17:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/07/05 11:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2011/07/05 11:40:53 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2009/10/16 16:27:52 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxdxcoin.dll

[2009/05/22 09:26:40 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDXhcp.dll

[2009/05/22 09:26:40 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdxinpa.dll

[2009/05/22 09:26:40 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxiesc.dll

[2009/05/22 09:26:39 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\lxdxserv.dll

[2009/05/22 09:26:39 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdxusb1.dll

[2009/05/22 09:26:39 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxpmui.dll

[2009/05/22 09:26:39 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdxprox.dll

[2009/05/22 09:26:38 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdxlmpm.dll

[2009/05/22 09:26:37 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdxhbn3.dll

[2009/05/22 09:26:37 | 000,320,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxih.exe

[2009/05/22 09:26:36 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomc.dll

[2009/05/22 09:26:36 | 000,594,600 | ---- | C] ( ) -- C:\Windows\System32\lxdxcoms.exe

[2009/05/22 09:26:36 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomm.dll

[2009/05/22 09:26:36 | 000,365,224 | ---- | C] ( ) -- C:\Windows\System32\lxdxcfg.exe

========== Files - Modified Within 30 Days ==========

[2011/07/14 19:12:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/14 19:12:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/14 11:27:22 | 000,000,997 | ---- | M] () -- C:\Users\Peter en Ellen\Desktop\new functions v144.lnk

[2011/07/14 11:27:08 | 000,137,008 | ---- | M] () -- C:\Users\Peter en Ellen\Desktop\Updates.jpg

[2011/07/14 11:18:11 | 000,611,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/07/14 11:18:11 | 000,109,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/07/14 11:12:00 | 000,270,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/07/14 11:11:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/07/14 11:10:21 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/13 23:11:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011/07/13 22:58:26 | 004,150,977 | R--- | M] (Swearware) -- C:\Users\Peter en Ellen\Desktop\ComboFix.exe

[2011/07/13 22:31:36 | 000,018,944 | ---- | M] () -- C:\Windows\System32\ktixk.exe

[2011/07/13 12:45:40 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2011/07/13 07:56:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

[2011/07/13 07:50:30 | 000,000,512 | ---- | M] () -- C:\Users\Peter en Ellen\Desktop\MBR.dat

[2011/07/12 16:32:41 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Users\Peter en Ellen\Desktop\aswMBR.exe

[2011/07/11 19:43:52 | 000,000,000 | ---- | M] () -- C:\Users\Peter en Ellen\defogger_reenable

[2011/07/11 19:42:19 | 000,050,477 | ---- | M] () -- C:\Users\Peter en Ellen\Desktop\Defogger.exe

[2011/07/09 17:33:48 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe

[2011/07/09 17:27:24 | 000,020,552 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2011/07/09 14:22:34 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/05 11:41:21 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2011/07/03 07:14:21 | 000,003,656 | -HS- | M] () -- C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2

[2011/07/02 13:15:30 | 000,000,945 | ---- | M] () -- C:\Users\Peter en Ellen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe

[2011/06/20 18:46:09 | 000,022,016 | ---- | M] () -- C:\Users\Peter en Ellen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/07/14 11:27:07 | 000,137,008 | ---- | C] () -- C:\Users\Peter en Ellen\Desktop\Updates.jpg

[2011/07/13 23:02:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011/07/13 23:02:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/07/13 23:02:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/07/13 23:02:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/07/13 23:02:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/07/13 22:31:36 | 000,018,944 | ---- | C] () -- C:\Windows\System32\ktixk.exe

[2011/07/13 07:44:17 | 000,000,512 | ---- | C] () -- C:\Users\Peter en Ellen\Desktop\MBR.dat

[2011/07/11 19:43:52 | 000,000,000 | ---- | C] () -- C:\Users\Peter en Ellen\defogger_reenable

[2011/07/11 19:42:16 | 000,050,477 | ---- | C] () -- C:\Users\Peter en Ellen\Desktop\Defogger.exe

[2011/07/09 17:27:24 | 000,020,552 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2011/07/09 14:22:34 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/05 11:41:21 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2011/07/05 11:41:21 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2011/07/03 07:14:21 | 000,003,656 | -HS- | C] () -- C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2

[2011/07/03 07:14:20 | 000,005,224 | -HS- | C] () -- C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneNote Table Of Contents.onetoc2

[2010/07/17 06:24:30 | 000,000,112 | ---- | C] () -- C:\ProgramData\CSdn23.dat

[2009/10/18 08:50:00 | 000,008,248 | ---- | C] () -- C:\Users\Peter en Ellen\AppData\Local\en.ini

[2009/09/26 20:39:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/09/26 20:39:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/09/26 19:57:04 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdxgrd.dll

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2009/05/22 09:31:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdxvs.dll

[2009/05/22 09:30:23 | 000,782,336 | ---- | C] () -- C:\Windows\System32\lxdxdrs.dll

[2009/05/22 09:30:23 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdxcaps.dll

[2009/05/22 09:30:23 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdxcnv4.dll

[2009/05/22 09:29:36 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL

[2009/05/22 09:29:36 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL

[2009/05/22 09:29:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll

[2009/05/22 09:29:16 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL

[2009/05/22 09:26:58 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdxrwrd.ini

[2009/05/22 09:26:41 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDXinst.dll

[2009/04/24 19:14:08 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2009/02/21 20:39:51 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll

[2009/02/21 20:39:51 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll

[2008/09/14 14:36:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/07/06 12:46:49 | 000,022,016 | ---- | C] () -- C:\Users\Peter en Ellen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/06/19 18:00:30 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll

[2008/06/19 18:00:30 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll

[2008/06/19 18:00:29 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll

[2008/06/19 18:00:29 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll

[2008/06/19 18:00:29 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2008/06/19 18:00:26 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2008/06/19 09:19:51 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin

[2008/02/04 00:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2007/07/25 16:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll

[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 13:47:37 | 000,270,632 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 11:33:01 | 000,611,296 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 11:33:01 | 000,109,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/07/26 10:24:19 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2010/10/27 14:43:25 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Floodlight Games

[2010/11/23 07:33:09 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Juniper Networks

[2009/05/22 22:26:55 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Lexmark Productivity Studio

[2010/10/27 14:42:03 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Oberon Media

[2011/02/07 15:15:48 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Rovio

[2009/09/28 19:34:17 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\SharePod

[2010/07/18 00:12:09 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Teletekst

[2011/07/14 11:09:48 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:098DBB8A

< End of report >

Link to post
Share on other sites

hi

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

On the first tab select all elements down to Computer and then select start scan

Once it has finished select report and post that.

avpfront-1.jpg

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan

Select the Manual Disinfection tab

Press the Gather System Information button

Once done Open the last report saved folder then attach the zip file to your next post zip

The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

avpmanual.jpg

Link to post
Share on other sites

Hi

the scan is running on the infected machine. Did you want me to include the box in front of computer? I says it will take 7 hours to finish. There was abrief pause after 1min 58 sec. A pop-up came up to say there was a locked file and to click for a detailed report. As soon as i did, the scan resumed.

I will post the logs once the scan has finished.

regards.

ps the screens are slightly different than the screenshots you posted. Update from Kaspersky?

Link to post
Share on other sites

Here is the report from the second step in your post. I have zipped the report form the first scan and attached it.

I have a feeling i am doing something not right though.

FirstStepKasperskyScan.zip

Gathering system information: completed 3 minutes ago (events: 216, time: 00:03:06)

15/07/2011 12:12:21 Task started Gathering system information

15/07/2011 12:12:24 Main script of analysis

15/07/2011 12:12:25 Windows version: Windows Vista Home Premium, Build=6002, SP="Service Pack 2"

15/07/2011 12:12:25 System Restore: enabled

15/07/2011 12:12:26 1.1 Searching for user-mode API hooks

15/07/2011 12:12:26 Analysis: kernel32.dll, export table found in section .text

15/07/2011 12:12:26 IAT modification detected: CreateProcessA - 018A0010<>76431C28

15/07/2011 12:12:26 IAT modification detected: GetModuleFileNameA - 018A0080<>7647B8DD

15/07/2011 12:12:26 IAT modification detected: FreeLibrary - 018A00F0<>76473FA4

15/07/2011 12:12:26 IAT modification detected: GetModuleFileNameW - 018A0160<>7647B49E

15/07/2011 12:12:26 IAT modification detected: CreateProcessW - 018A01D0<>76431BF3

15/07/2011 12:12:26 IAT modification detected: LoadLibraryW - 018A02B0<>76459400

15/07/2011 12:12:26 IAT modification detected: LoadLibraryA - 018A0320<>7645957C

15/07/2011 12:12:26 IAT modification detected: GetProcAddress - 018A0390<>7647925B

15/07/2011 12:12:26 Analysis: ntdll.dll, export table found in section .text

15/07/2011 12:12:26 Analysis: user32.dll, export table found in section .text

15/07/2011 12:12:26 Analysis: advapi32.dll, export table found in section .text

15/07/2011 12:12:26 Analysis: ws2_32.dll, export table found in section .text

15/07/2011 12:12:26 Analysis: wininet.dll, export table found in section .text

15/07/2011 12:12:26 Analysis: rasapi32.dll, export table found in section .text

15/07/2011 12:12:27 Analysis: urlmon.dll, export table found in section .text

15/07/2011 12:12:27 Analysis: netapi32.dll, export table found in section .text

15/07/2011 12:12:27 1.2 Searching for kernel-mode API hooks

15/07/2011 12:12:31 Driver loaded successfully

15/07/2011 12:12:31 SDT found (RVA=137B00)

15/07/2011 12:12:31 Kernel ntkrnlpa.exe found in memory at address 81E08000

15/07/2011 12:12:31 SDT = 81F3FB00

15/07/2011 12:12:31 KiST = 81EB486C (391)

15/07/2011 12:12:31 Function NtAdjustPrivilegesToken (0C) intercepted (81FF85E2->CCC2CE36), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtAlpcConnectPort (15) intercepted (81FF281F->CCC2F074), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtAlpcCreatePort (16) intercepted (81FC2943->CCC2F2EE), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtAlpcSendWaitReceivePort (26) intercepted (8204596B->CCC2F564), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtClose (30) intercepted (82042CC1->CCC2D74A), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtConnectPort (36) intercepted (81FD5ACB->CCC2E57E), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtCreateEvent (3A) intercepted (8201AD37->CCC2EAC8), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtCreateFile (3C) intercepted (8204A2EB->CCC2DA26), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtCreateMutant (43) intercepted (820287BC->CCC2E9AE), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtCreateNamedPipeFile (44) intercepted (81FD6718->CCC2CA24), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtCreatePort (47) intercepted (81F8DA42->CCC2E882), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtCreateSection (4B) intercepted (82039D95->CCC2CBCC), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtCreateSemaphore (4C) intercepted (81FDFCC3->CCC2EBE8), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtCreateThread (4E) intercepted (82099B98->CCC2D3D0), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtCreateWaitablePort (73) intercepted (81F82D04->CCC2E918), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtDebugActiveProcess (74) intercepted (8206CCE2->CCC302D6), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtDeviceIoControlFile (7F) intercepted (82050478->CCC2DEA8), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtDuplicateObject (81) intercepted (820004E1->CCC314E4), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtFsControlFile (96) intercepted (8204E094->CCC2DCB6), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtLoadDriver (A5) intercepted (81F73DEE->CCC303C8), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtMapViewOfSection (B1) intercepted (8201882A->CCC30B30), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtOpenEvent (B8) intercepted (82001D5F->CCC2EB5E), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtOpenFile (BA) intercepted (8200E37D->CCC2D7CC), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtOpenMutant (BF) intercepted (82019AF1->CCC2EA3E), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtOpenProcess (C2) intercepted (82028F58->CCC2D074), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtOpenSection (C5) intercepted (820195FD->CCC308CA), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtOpenSemaphore (C6) intercepted (81FADEBE->CCC2EC7E), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtOpenThread (C9) intercepted (820244AA->CCC2CF64), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtQueryDirectoryObject (DB) intercepted (820196BE->CCC2F868), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtQuerySection (F2) intercepted (8202868B->CCC30E6A), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtQueueApcThread (FF) intercepted (81FB9837->CCC3075C), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtReplaceKey (10C) intercepted (8205BF76->CCC2B6DE), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtReplyPort (10E) intercepted (81FE96DF->CCC2EFE2), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtReplyWaitReceivePort (10F) intercepted (82041E59->CCC2EEA8), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtRequestWaitReplyPort (114) intercepted (8204BF40->CCC30070), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtRestoreKey (118) intercepted (8205AD72->CCC2BA56), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtResumeThread (11A) intercepted (82023AF5->CCC31386), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtSaveKey (11B) intercepted (8205AF29->CCC2B676), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtSecureConnectPort (11E) intercepted (81FD56A4->CCC2E2C4), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtSetContextThread (121) intercepted (8209A867->CCC2D5EC), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtSetInformationToken (133) intercepted (81FCDC2E->CCC2F90A), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtSetSecurityObject (13A) intercepted (81FC8008->CCC30566), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtSetSystemInformation (13D) intercepted (81FEEE83->CCC30FBA), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtSuspendProcess (14A) intercepted (8209B457->CCC310AC), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtSuspendThread (14B) intercepted (81FA292D->CCC311E6), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtSystemDebugControl (14C) intercepted (82000E51->CCC301FA), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtTerminateProcess (14E) intercepted (81FF90D3->CCC2D21A), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtTerminateThread (14F) intercepted (820244DF->CCC2D170), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtUnmapViewOfSection (15C) intercepted (82018AED->CCC30D0E), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtWriteVirtualMemory (166) intercepted (820158BD->CCC2D306), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtCreateThreadEx (17E) intercepted (82023F94->CCC2D4CE), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:31 Function NtCreateUserProcess (17F) intercepted (81FD1BA6->CCC2F7AE), hook C:\Windows\system32\DRIVERS\1427776drv.sys, driver recognized as trusted

15/07/2011 12:12:31 >>> Function restored successfully !

15/07/2011 12:12:31 >>> Hook code blocked

15/07/2011 12:12:32 Functions checked: 391, intercepted: 52, restored: 52

15/07/2011 12:12:32 1.3 Checking IDT and SYSENTER

15/07/2011 12:12:32 Analysis for CPU 1

15/07/2011 12:12:32 Analysis for CPU 2

15/07/2011 12:12:32 CmpCallCallBacks = 00000000

15/07/2011 12:12:32 Checking IDT and SYSENTER - complete

15/07/2011 12:12:33 1.4 Searching for masking processes and drivers

15/07/2011 12:12:33 Checking not performed: extended monitoring driver (AVZPM) is not installed

15/07/2011 12:12:33 1.5 Checking of IRP handlers

15/07/2011 12:12:33 Driver loaded successfully

15/07/2011 12:12:34 Checking - complete

15/07/2011 12:13:36 >> Services: potentially dangerous service allowed: TermService (Terminal Services)

15/07/2011 12:13:36 >> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery)

15/07/2011 12:13:36 >> Services: potentially dangerous service allowed: Schedule (Task Scheduler)

15/07/2011 12:13:36 > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!

15/07/2011 12:13:36 >> Security: disk drives' autorun is enabled

15/07/2011 12:13:36 >> Security: administrative shares (C$, D$ ...) are enabled

15/07/2011 12:13:36 >> Security: anonymous user access is enabled

15/07/2011 12:13:36 >> Security: sending Remote Assistant queries is enabled

15/07/2011 12:13:41 >> Disable HDD autorun

15/07/2011 12:13:41 >> Disable autorun from network drives

15/07/2011 12:13:41 >> Disable CD/DVD autorun

15/07/2011 12:13:41 >> Disable removable media autorun

15/07/2011 12:13:41 >> Windows Explorer - show extensions of known file types

15/07/2011 12:13:43 System Analysis in progress

15/07/2011 12:15:27 System Analysis - complete

15/07/2011 12:15:27 Deleting service/driver: utq4mzg4

15/07/2011 12:15:27 [microprogram of healing]> registry key deleted HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\utq4mzg4

15/07/2011 12:15:27 Delete file:C:\Windows\system32\Drivers\utq4mzg4.sys

15/07/2011 12:15:27 Deleting service/driver: ujq4mzg4

15/07/2011 12:15:27 Main script of analysis

15/07/2011 12:15:27 Task completed Gathering system information

Link to post
Share on other sites

Done, log:

OTL logfile created on: 15/07/2011 16:29:46 - Run 5

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Peter en Ellen\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.14% Memory free

4.21 Gb Paging File | 3.10 Gb Available in Paging File | 73.67% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 136.46 Gb Total Space | 76.09 Gb Free Space | 55.76% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.45 Gb Free Space | 54.50% Space Free | Partition Type: NTFS

Computer Name: PETERENELLEN-PC | User Name: Peter en Ellen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/13 07:56:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe

PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2008/06/13 17:04:02 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmsdmon.exe

PRC - [2008/06/13 17:04:01 | 000,668,328 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe

PRC - [2008/02/28 01:53:25 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdxcoms.exe

PRC - [2007/11/12 12:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe

PRC - [2007/11/12 12:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe

PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (SafeList) ==========

MOD - [2011/07/13 07:56:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/07/13 22:31:36 | 000,018,944 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\ktixk.exe -- (ktixk)

SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/08/26 09:44:24 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\599\g2aservice.exe -- (GoToAssist)

SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)

SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV - [2009/10/16 19:00:52 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)

SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)

SRV - [2008/02/28 01:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdxcoms.exe -- (lxdx_device)

SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/11/12 12:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)

SRV - [2007/11/12 12:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)

SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Running] -- -- (82026456)

DRV - File not found [File_System | Unknown | Running] -- -- (1427776drv)

DRV - [2011/07/15 16:04:50 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC1A41B5-E61B-4048-815E-EB356A2CC677}\MpKsl95d75e2d.sys -- (MpKsl95d75e2d)

DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)

DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)

DRV - [2008/03/06 08:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV - [2008/03/04 06:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)

DRV - [2008/03/04 06:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)

DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2008/01/21 03:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2007/11/17 02:34:22 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2007/11/17 02:34:22 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2007/11/12 12:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2007/09/26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®

DRV - [2007/09/07 07:49:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2007/09/06 17:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/09/06 17:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/09/06 17:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006/08/05 01:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.mc866.mail.yahoo.com/mc/welcome?.partner=bt-1&.gx=1&.tm=1288193974&.rand=1662e9sd58gne#_pg=showFolder&fid=Inbox&order=down&tt=697&pSize=25&.rand=1482196693&.jsrand=6797472

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2011/07/13 23:11:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [lxdxamon] C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe ()

O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()

O4 - Startup: C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_82026456.lnk = C:\Users\Peter en Ellen\AppData\Local\temp\_uninst_82026456.bat ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites)

O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090814132336 (PhotoboxPhotowaysUploader5 Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\599\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\599\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O24 - Desktop WallPaper: C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/15 07:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2011/07/14 08:48:28 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011/07/13 23:52:01 | 000,000,000 | --SD | C] -- C:\ComboFix

[2011/07/13 23:14:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/07/13 23:14:13 | 000,000,000 | ---D | C] -- C:\Users\Peter en Ellen\AppData\Local\temp

[2011/07/13 23:02:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/07/13 23:02:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/07/13 23:02:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/07/13 23:02:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/07/13 23:02:36 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/07/13 22:58:19 | 004,150,977 | R--- | C] (Swearware) -- C:\Users\Peter en Ellen\Desktop\ComboFix.exe

[2011/07/13 11:40:56 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/07/13 07:56:22 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

[2011/07/12 16:32:36 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Users\Peter en Ellen\Desktop\aswMBR.exe

[2011/07/09 17:33:48 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe

[2011/07/09 17:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro

[2011/07/09 14:22:34 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/07/09 14:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/09 14:22:29 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/07/09 14:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/07/08 17:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/07/05 11:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2011/07/05 11:40:53 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2009/10/16 16:27:52 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxdxcoin.dll

[2009/05/22 09:26:40 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDXhcp.dll

[2009/05/22 09:26:40 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdxinpa.dll

[2009/05/22 09:26:40 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxiesc.dll

[2009/05/22 09:26:39 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\lxdxserv.dll

[2009/05/22 09:26:39 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdxusb1.dll

[2009/05/22 09:26:39 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxpmui.dll

[2009/05/22 09:26:39 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdxprox.dll

[2009/05/22 09:26:38 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdxlmpm.dll

[2009/05/22 09:26:37 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdxhbn3.dll

[2009/05/22 09:26:37 | 000,320,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxih.exe

[2009/05/22 09:26:36 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomc.dll

[2009/05/22 09:26:36 | 000,594,600 | ---- | C] ( ) -- C:\Windows\System32\lxdxcoms.exe

[2009/05/22 09:26:36 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomm.dll

[2009/05/22 09:26:36 | 000,365,224 | ---- | C] ( ) -- C:\Windows\System32\lxdxcfg.exe

========== Files - Modified Within 30 Days ==========

[2011/07/15 16:09:45 | 000,611,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/07/15 16:09:45 | 000,109,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/07/15 16:04:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/15 16:04:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/15 16:04:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/07/15 16:04:44 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/15 15:59:26 | 000,000,814 | ---- | M] () -- C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_82026456.lnk

[2011/07/15 15:53:33 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2011/07/15 15:49:49 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/15 12:21:16 | 002,732,486 | ---- | M] () -- C:\Users\Peter en Ellen\Desktop\FirstStepKasperskyScan.zip

[2011/07/14 21:39:54 | 097,946,776 | ---- | M] () -- C:\Users\Peter en Ellen\Desktop\setup_11.0.0.1245.x01_2011_07_14_23_14.exe

[2011/07/14 11:27:22 | 000,000,997 | ---- | M] () -- C:\Users\Peter en Ellen\Desktop\new functions v144.lnk

[2011/07/14 11:27:08 | 000,137,008 | ---- | M] () -- C:\Users\Peter en Ellen\Desktop\Updates.jpg

[2011/07/14 11:12:00 | 000,270,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/07/13 23:11:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011/07/13 22:58:26 | 004,150,977 | R--- | M] (Swearware) -- C:\Users\Peter en Ellen\Desktop\ComboFix.exe

[2011/07/13 22:31:36 | 000,018,944 | ---- | M] () -- C:\Windows\System32\ktixk.exe

[2011/07/13 12:45:40 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2011/07/13 07:56:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

[2011/07/13 07:50:30 | 000,000,512 | ---- | M] () -- C:\Users\Peter en Ellen\Desktop\MBR.dat

[2011/07/12 16:32:41 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Users\Peter en Ellen\Desktop\aswMBR.exe

[2011/07/11 19:43:52 | 000,000,000 | ---- | M] () -- C:\Users\Peter en Ellen\defogger_reenable

[2011/07/11 19:42:19 | 000,050,477 | ---- | M] () -- C:\Users\Peter en Ellen\Desktop\Defogger.exe

[2011/07/09 17:33:48 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe

[2011/07/09 17:27:24 | 000,020,552 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/07/05 11:41:21 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2011/07/03 07:14:21 | 000,003,656 | -HS- | M] () -- C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2

[2011/07/02 13:15:30 | 000,000,945 | ---- | M] () -- C:\Users\Peter en Ellen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe

[2011/06/20 18:46:09 | 000,022,016 | ---- | M] () -- C:\Users\Peter en Ellen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/07/15 15:59:26 | 000,000,814 | ---- | C] () -- C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_82026456.lnk

[2011/07/15 15:53:33 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011/07/15 12:21:14 | 002,732,486 | ---- | C] () -- C:\Users\Peter en Ellen\Desktop\FirstStepKasperskyScan.zip

[2011/07/14 21:39:53 | 097,946,776 | ---- | C] () -- C:\Users\Peter en Ellen\Desktop\setup_11.0.0.1245.x01_2011_07_14_23_14.exe

[2011/07/14 11:27:07 | 000,137,008 | ---- | C] () -- C:\Users\Peter en Ellen\Desktop\Updates.jpg

[2011/07/13 23:02:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011/07/13 23:02:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/07/13 23:02:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/07/13 23:02:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/07/13 23:02:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/07/13 22:31:36 | 000,018,944 | ---- | C] () -- C:\Windows\System32\ktixk.exe

[2011/07/13 07:44:17 | 000,000,512 | ---- | C] () -- C:\Users\Peter en Ellen\Desktop\MBR.dat

[2011/07/11 19:43:52 | 000,000,000 | ---- | C] () -- C:\Users\Peter en Ellen\defogger_reenable

[2011/07/11 19:42:16 | 000,050,477 | ---- | C] () -- C:\Users\Peter en Ellen\Desktop\Defogger.exe

[2011/07/09 17:27:24 | 000,020,552 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2011/07/09 14:22:34 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/05 11:41:21 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2011/07/05 11:41:21 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2011/07/03 07:14:21 | 000,003,656 | -HS- | C] () -- C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2

[2011/07/03 07:14:20 | 000,005,224 | -HS- | C] () -- C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneNote Table Of Contents.onetoc2

[2010/07/17 06:24:30 | 000,000,112 | ---- | C] () -- C:\ProgramData\CSdn23.dat

[2009/10/18 08:50:00 | 000,008,248 | ---- | C] () -- C:\Users\Peter en Ellen\AppData\Local\en.ini

[2009/09/26 20:39:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/09/26 20:39:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/09/26 19:57:04 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdxgrd.dll

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2009/05/22 09:31:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdxvs.dll

[2009/05/22 09:30:23 | 000,782,336 | ---- | C] () -- C:\Windows\System32\lxdxdrs.dll

[2009/05/22 09:30:23 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdxcaps.dll

[2009/05/22 09:30:23 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdxcnv4.dll

[2009/05/22 09:29:36 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL

[2009/05/22 09:29:36 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL

[2009/05/22 09:29:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll

[2009/05/22 09:29:16 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL

[2009/05/22 09:26:58 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdxrwrd.ini

[2009/05/22 09:26:41 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDXinst.dll

[2009/04/24 19:14:08 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2009/02/21 20:39:51 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll

[2009/02/21 20:39:51 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll

[2008/09/14 14:36:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/07/06 12:46:49 | 000,022,016 | ---- | C] () -- C:\Users\Peter en Ellen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/06/19 18:00:30 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll

[2008/06/19 18:00:30 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll

[2008/06/19 18:00:29 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll

[2008/06/19 18:00:29 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll

[2008/06/19 18:00:29 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2008/06/19 18:00:26 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2008/06/19 09:19:51 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin

[2008/02/04 00:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2007/07/25 16:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll

[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 13:47:37 | 000,270,632 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 11:33:01 | 000,611,296 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 11:33:01 | 000,109,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/07/26 10:24:19 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2010/10/27 14:43:25 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Floodlight Games

[2010/11/23 07:33:09 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Juniper Networks

[2009/05/22 22:26:55 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Lexmark Productivity Studio

[2010/10/27 14:42:03 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Oberon Media

[2011/02/07 15:15:48 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Rovio

[2009/09/28 19:34:17 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\SharePod

[2010/07/18 00:12:09 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Teletekst

[2011/07/15 16:03:33 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:098DBB8A

< End of report >

Link to post
Share on other sites

hi

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    SRV - [2011/07/13 22:31:36 | 000,018,944 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\ktixk.exe -- (ktixk)
    DRV - File not found [Kernel | Unknown | Running] -- -- (82026456)
    DRV - File not found [File_System | Unknown | Running] -- -- (1427776drv)
    O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
    [2011/07/13 22:31:36 | 000,018,944 | ---- | C] () -- C:\Windows\System32\ktixk.exe
    [2008/06/19 09:19:51 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:098DBB8A

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Rootkit Unhooker:

  • Please download Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest and then click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

Hi

just finished the steps you requested. Below are the logs. Although it is not in the report, in the program it said 'noting detected' underneath Stealth.

OTL logfile created on: 15/07/2011 20:01:50 - Run 6

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Peter en Ellen\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.96% Memory free

4.21 Gb Paging File | 3.15 Gb Available in Paging File | 74.78% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 136.46 Gb Total Space | 76.24 Gb Free Space | 55.87% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.45 Gb Free Space | 54.50% Space Free | Partition Type: NTFS

Computer Name: PETERENELLEN-PC | User Name: Peter en Ellen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/13 07:56:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2009/05/21 11:14:02 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe

PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe

PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2008/06/13 17:04:02 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmsdmon.exe

PRC - [2008/06/13 17:04:01 | 000,668,328 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe

PRC - [2008/02/28 01:53:25 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdxcoms.exe

PRC - [2007/11/12 12:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe

PRC - [2007/11/12 12:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe

PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (SafeList) ==========

MOD - [2011/07/13 07:56:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/07/15 19:55:22 | 000,018,944 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\mulml.exe -- (mulml)

SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/08/26 09:44:24 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\599\g2aservice.exe -- (GoToAssist)

SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)

SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV - [2009/10/16 19:00:52 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)

SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)

SRV - [2008/02/28 01:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdxcoms.exe -- (lxdx_device)

SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/11/12 12:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)

SRV - [2007/11/12 12:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)

SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV - [2011/07/15 19:59:18 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC1A41B5-E61B-4048-815E-EB356A2CC677}\MpKsl1570d183.sys -- (MpKsl1570d183)

DRV - [2011/07/15 16:04:50 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC1A41B5-E61B-4048-815E-EB356A2CC677}\MpKsl95d75e2d.sys -- (MpKsl95d75e2d)

DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)

DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)

DRV - [2008/03/06 08:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV - [2008/03/04 06:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)

DRV - [2008/03/04 06:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)

DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2008/01/21 03:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2007/11/17 02:34:22 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2007/11/17 02:34:22 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2007/11/12 12:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2007/09/26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®

DRV - [2007/09/07 07:49:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2007/09/06 17:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/09/06 17:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/09/06 17:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006/08/05 01:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.mc866.mail.yahoo.com/mc/welcome?.partner=bt-1&.gx=1&.tm=1288193974&.rand=1662e9sd58gne#_pg=showFolder&fid=Inbox&order=down&tt=697&pSize=25&.rand=1482196693&.jsrand=6797472

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2011/07/15 19:57:22 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [lxdxamon] C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe ()

O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()

O4 - Startup: C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_82026456.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites)

O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090814132336 (PhotoboxPhotowaysUploader5 Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\599\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\599\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O24 - Desktop WallPaper: C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/15 07:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2011/07/14 08:48:28 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011/07/13 23:52:01 | 000,000,000 | --SD | C] -- C:\ComboFix

[2011/07/13 23:14:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/07/13 23:14:13 | 000,000,000 | ---D | C] -- C:\Users\Peter en Ellen\AppData\Local\temp

[2011/07/13 23:02:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/07/13 23:02:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/07/13 23:02:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/07/13 23:02:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/07/13 23:02:36 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/07/13 22:58:19 | 004,150,977 | R--- | C] (Swearware) -- C:\Users\Peter en Ellen\Desktop\ComboFix.exe

[2011/07/13 11:40:56 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/07/13 07:56:22 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

[2011/07/12 16:32:36 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Users\Peter en Ellen\Desktop\aswMBR.exe

[2011/07/09 17:33:48 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe

[2011/07/09 17:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro

[2011/07/09 14:22:34 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/07/09 14:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/09 14:22:29 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/07/09 14:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/07/08 17:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/07/05 11:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2011/07/05 11:40:53 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2009/10/16 16:27:52 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxdxcoin.dll

[2009/05/22 09:26:40 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDXhcp.dll

[2009/05/22 09:26:40 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdxinpa.dll

[2009/05/22 09:26:40 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxiesc.dll

[2009/05/22 09:26:39 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\lxdxserv.dll

[2009/05/22 09:26:39 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdxusb1.dll

[2009/05/22 09:26:39 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxpmui.dll

[2009/05/22 09:26:39 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdxprox.dll

[2009/05/22 09:26:38 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdxlmpm.dll

[2009/05/22 09:26:37 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdxhbn3.dll

[2009/05/22 09:26:37 | 000,320,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxih.exe

[2009/05/22 09:26:36 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomc.dll

[2009/05/22 09:26:36 | 000,594,600 | ---- | C] ( ) -- C:\Windows\System32\lxdxcoms.exe

[2009/05/22 09:26:36 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomm.dll

[2009/05/22 09:26:36 | 000,365,224 | ---- | C] ( ) -- C:\Windows\System32\lxdxcfg.exe

========== Files - Modified Within 30 Days ==========

[2011/07/15 19:59:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/15 19:59:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/15 19:59:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/07/15 19:59:13 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/15 19:57:22 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

[2011/07/15 19:55:22 | 000,018,944 | ---- | M] () -- C:\Windows\System32\mulml.exe

[2011/07/15 16:09:45 | 000,611,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/07/15 16:09:45 | 000,109,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/07/15 15:59:26 | 000,000,814 | ---- | M] () -- C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_82026456.lnk

[2011/07/15 15:53:33 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2011/07/15 15:49:49 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/15 12:21:16 | 002,732,486 | ---- | M] () -- C:\Users\Peter en Ellen\Desktop\FirstStepKasperskyScan.zip

[2011/07/14 21:39:54 | 097,946,776 | ---- | M] () -- C:\Users\Peter en Ellen\Desktop\setup_11.0.0.1245.x01_2011_07_14_23_14.exe

[2011/07/14 11:27:22 | 000,000,997 | ---- | M] () -- C:\Users\Peter en Ellen\Desktop\new functions v144.lnk

[2011/07/14 11:27:08 | 000,137,008 | ---- | M] () -- C:\Users\Peter en Ellen\Desktop\Updates.jpg

[2011/07/14 11:12:00 | 000,270,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/07/13 22:58:26 | 004,150,977 | R--- | M] (Swearware) -- C:\Users\Peter en Ellen\Desktop\ComboFix.exe

[2011/07/13 12:45:40 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2011/07/13 07:56:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

[2011/07/13 07:50:30 | 000,000,512 | ---- | M] () -- C:\Users\Peter en Ellen\Desktop\MBR.dat

[2011/07/12 16:32:41 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Users\Peter en Ellen\Desktop\aswMBR.exe

[2011/07/11 19:43:52 | 000,000,000 | ---- | M] () -- C:\Users\Peter en Ellen\defogger_reenable

[2011/07/11 19:42:19 | 000,050,477 | ---- | M] () -- C:\Users\Peter en Ellen\Desktop\Defogger.exe

[2011/07/09 17:33:48 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe

[2011/07/09 17:27:24 | 000,020,552 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/07/05 11:41:21 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2011/07/03 07:14:21 | 000,003,656 | -HS- | M] () -- C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2

[2011/07/02 13:15:30 | 000,000,945 | ---- | M] () -- C:\Users\Peter en Ellen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe

[2011/06/20 18:46:09 | 000,022,016 | ---- | M] () -- C:\Users\Peter en Ellen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/07/15 19:55:22 | 000,018,944 | ---- | C] () -- C:\Windows\System32\mulml.exe

[2011/07/15 15:59:26 | 000,000,814 | ---- | C] () -- C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_82026456.lnk

[2011/07/15 15:53:33 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011/07/15 12:21:14 | 002,732,486 | ---- | C] () -- C:\Users\Peter en Ellen\Desktop\FirstStepKasperskyScan.zip

[2011/07/14 21:39:53 | 097,946,776 | ---- | C] () -- C:\Users\Peter en Ellen\Desktop\setup_11.0.0.1245.x01_2011_07_14_23_14.exe

[2011/07/14 11:27:07 | 000,137,008 | ---- | C] () -- C:\Users\Peter en Ellen\Desktop\Updates.jpg

[2011/07/13 23:02:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011/07/13 23:02:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/07/13 23:02:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/07/13 23:02:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/07/13 23:02:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/07/13 07:44:17 | 000,000,512 | ---- | C] () -- C:\Users\Peter en Ellen\Desktop\MBR.dat

[2011/07/11 19:43:52 | 000,000,000 | ---- | C] () -- C:\Users\Peter en Ellen\defogger_reenable

[2011/07/11 19:42:16 | 000,050,477 | ---- | C] () -- C:\Users\Peter en Ellen\Desktop\Defogger.exe

[2011/07/09 17:27:24 | 000,020,552 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2011/07/09 14:22:34 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/05 11:41:21 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2011/07/05 11:41:21 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2011/07/03 07:14:21 | 000,003,656 | -HS- | C] () -- C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2

[2011/07/03 07:14:20 | 000,005,224 | -HS- | C] () -- C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneNote Table Of Contents.onetoc2

[2010/07/17 06:24:30 | 000,000,112 | ---- | C] () -- C:\ProgramData\CSdn23.dat

[2009/10/18 08:50:00 | 000,008,248 | ---- | C] () -- C:\Users\Peter en Ellen\AppData\Local\en.ini

[2009/09/26 20:39:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/09/26 20:39:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/09/26 19:57:04 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdxgrd.dll

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2009/05/22 09:31:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdxvs.dll

[2009/05/22 09:30:23 | 000,782,336 | ---- | C] () -- C:\Windows\System32\lxdxdrs.dll

[2009/05/22 09:30:23 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdxcaps.dll

[2009/05/22 09:30:23 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdxcnv4.dll

[2009/05/22 09:29:36 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL

[2009/05/22 09:29:36 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL

[2009/05/22 09:29:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll

[2009/05/22 09:29:16 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL

[2009/05/22 09:26:58 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdxrwrd.ini

[2009/05/22 09:26:41 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDXinst.dll

[2009/04/24 19:14:08 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2009/02/21 20:39:51 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll

[2009/02/21 20:39:51 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll

[2008/09/14 14:36:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/07/06 12:46:49 | 000,022,016 | ---- | C] () -- C:\Users\Peter en Ellen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/06/19 18:00:30 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll

[2008/06/19 18:00:30 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll

[2008/06/19 18:00:29 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll

[2008/06/19 18:00:29 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll

[2008/06/19 18:00:29 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2008/06/19 18:00:26 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2008/02/04 00:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2007/07/25 16:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll

[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 13:47:37 | 000,270,632 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 11:33:01 | 000,611,296 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 11:33:01 | 000,109,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/07/26 10:24:19 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2010/10/27 14:43:25 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Floodlight Games

[2010/11/23 07:33:09 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Juniper Networks

[2009/05/22 22:26:55 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Lexmark Productivity Studio

[2010/10/27 14:42:03 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Oberon Media

[2011/02/07 15:15:48 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Rovio

[2009/09/28 19:34:17 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\SharePod

[2010/07/18 00:12:09 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Teletekst

[2011/07/15 19:58:30 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

RkU Version: 3.8.389.593, Type LE (SR2)

==============================================

OS Name: Windows Vista

Version 6.0.6002 (Service Pack 2)

Number of processors #2

==============================================

>Drivers

==============================================

0x8BE04000 C:\Windows\system32\DRIVERS\igdkmd32.sys 6606848 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)

0x81E4A000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)

0x81E4A000 PnpManager 3907584 bytes

0x81E4A000 RAW 3907584 bytes

0x81E4A000 WMIxWDM 3907584 bytes

0x8C60D000 C:\Windows\system32\DRIVERS\NETw4v32.sys 2289664 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)

0x97460000 Win32k 2113536 bytes

0x97460000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0x87C0A000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)

0x87A0E000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)

0x8CE05000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)

0x8EE0E000 C:\Windows\System32\drivers\tcpip.sys 970752 bytes (Microsoft Corporation, TCP/IP Driver)

0x804DB000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)

0xABE9B000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)

0x8B800000 C:\Windows\System32\Drivers\dump_iaStor.sys 815104 bytes

0x87805000 C:\Windows\system32\drivers\iastor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)

0x8CF08000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)

0xAAA08000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)

0x8C451000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)

0x8C555000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)

0x8060A000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)

0x8793D000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0x80411000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)

0xAAB0F000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)

0x8D001000 C:\Windows\system32\drivers\stwrt.sys 348160 bytes (IDT, Inc., NDHF)

0x8C897000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)

0xABE08000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)

0x8B8FE000 C:\Windows\system32\DRIVERS\yk60x86.sys 311296 bytes (Marvell, Miniport Driver for Marvell Yukon Ethernet Controller.)

0x8073C000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)

0x8EF72000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x80693000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)

0x8049A000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)

0x8C997000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)

0x8C508000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0x87BB4000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)

0x8D192000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0x87B44000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)

0x8D08F000 C:\Windows\system32\DRIVERS\OEM02Dev.sys 237568 bytes (Creative Technology Ltd., Video Capture Device Driver)

0x805BB000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)

0x87D1A000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0x87B7F000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)

0x81E17000 ACPI_HAL 208896 bytes

0x81E17000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0x878F2000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0x8EF40000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)

0x8C968000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)

0x879AE000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0x8C8FB000 C:\Windows\system32\DRIVERS\Apfiltr.sys 180224 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)

0x87B19000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)

0x8B9A6000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)

0xAAAC8000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)

0xABE6F000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)

0x807D1000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)

0x87D6A000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)

0x8D0D3000 C:\Windows\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)

0x806EA000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0x87DD9000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0x8B94A000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0x8D170000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)

0x87DA2000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)

0x8CFC9000 C:\Windows\system32\drivers\IntcHdmi.sys 135168 bytes (Intel® Corporation, Intel® High Definition Audio HDMI)

0xAABC7000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0x8D11D000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)

0x807B2000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0x878D4000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)

0xAAB7C000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)

0x8EEFB000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)

0x879DB000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)

0x8C85A000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)

0xAAB99000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)

0x8C93D000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xAABE8000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)

0x8D1CE000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)

0x8C9E3000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0x8D056000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0xABFA9000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)

0x8EFBA000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)

0x8EF16000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)

0xAABB2000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)

0x8B981000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)

0x8B96D000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0x8C883000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)

0x8EF2C000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)

0x8C8E8000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)

0xAAAFC000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)

0x8EFDE000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0x87D91000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)

0x8B9DD000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)

0x80481000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)

0x87924000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)

0x8D078000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)

0xAAAB8000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)

0x807A2000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)

0x8C83C000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)

0x8B996000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)

0x8B8EF000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)

0x8CFEA000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)

0x87D5B000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0x80711000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)

0x8C5E2000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0x8C874000 C:\Windows\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)

0x8C546000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0x8072D000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)

0x8C84C000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)

0x976A0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)

0x8EFD0000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)

0x8D159000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)

0x8078D000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0x8D1E5000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)

0x8CFBC000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)

0x8B9D0000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)

0x80686000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)

0xABF9D000 C:\Windows\system32\DRIVERS\NisDrvWFP.sys 49152 bytes (Microsoft Corporation, Microsoft Network Inspection System Driver)

0xABF83000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)

0x8D111000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0x8C4F1000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)

0x8C932000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)

0x8C927000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)

0x8D14E000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)

0x8C600000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0x8C9D8000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)

0x8B8DB000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x8C4FD000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0x80723000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)

0x8D1F2000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)

0x8C5F1000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)

0xAAAF2000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)

0x8EE00000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)

0xABF79000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)

0xABFC3000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)

0x87DC3000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)

0x8D0FA000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)

0x8D06F000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0x87934000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0x8D167000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0x97680000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)

0x8B8E6000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x8C95F000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)

0x806D9000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0x878CC000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)

0x80492000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)

0x8D0CB000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0x806E2000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)

0x8D13E000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x8D146000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x87D53000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)

0xABF8F000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)

0x8D10A000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)

0x8D088000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0x80786000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)

0x8040A000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0x8D103000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)

0x8079B000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

0x8C955000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0xABF97000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC1A41B5-E61B-4048-815E-EB356A2CC677}\MpKsl1570d183.sys 24576 bytes (Microsoft Corporation, KSLDriver)

0x8EFF7000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC1A41B5-E61B-4048-815E-EB356A2CC677}\MpKsl95d75e2d.sys 24576 bytes (Microsoft Corporation, KSLDriver)

0x8EFF1000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)

0x8C95B000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)

0xABFBF000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)

0xABE97000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)

0x80720000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)

0x8D0C9000 C:\Windows\system32\DRIVERS\OEM02Vfx.sys 8192 bytes (EyePower Games Pte. Ltd., Advanced Video FX Filter

Driver (Win2K based))

0x8C60B000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0x8D06D000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

==============================================

>Stealth

==============================================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.