Jump to content

Infected, again?


Recommended Posts

Hello

I am going crazy. I think my laptop may have been infected again. Or am i getting paranoid? I have just cleaned an infection with fantastic help on this board (http://forums.malwarebytes.org/index.php?showtopic=89419). Today my AntiMalware bytes (Trial version, expires in 5 days it says) has started blocking a different IP adres. I haven't had time yet to finish all the recommendations from the previous infection. I am starting to think FORMAT C:\ is becoming the only option. Please help.

I tried to update Windows (Vista), but the latest update keeps failing (Security Update for Windows Vista (KB2532531)). I install it, succesfully, then i restart my machine. When it gets to the 'configuring updates' screen, it times out and reverts to old settings. Is this a sign there is still an infection present on my machine? I have 'automatic updates' switched off, as I try to avoid installing IE9, because i would like to switch to Firefox (as recommended)

I have attached the daily protection log from MBAM and the quick scan is just ran. Last time i ran into a problem when running the defoggers, hence i have skipped the procedure at the top of this subforum. Again, please help.

Logs of the latest MBAM (quick)scan and daily protection log:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7174

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19088

17/07/2011 20:35:04

mbam-log-2011-07-17 (20-35-04).txt

Scan type: Quick scan

Objects scanned: 165271

Time elapsed: 9 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

---------------

07:42:34 Peter en Ellen MESSAGE Protection started successfully

07:42:38 Peter en Ellen MESSAGE IP Protection started successfully

10:53:42 Peter en Ellen IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50192, Process: iexplore.exe)

10:55:27 Peter en Ellen IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50245, Process: iexplore.exe)

10:55:59 Peter en Ellen IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50265, Process: iexplore.exe)

15:16:15 Peter en Ellen MESSAGE Scheduled update executed successfully

15:16:17 Peter en Ellen MESSAGE IP Protection stopped

15:16:28 Peter en Ellen MESSAGE Database updated successfully

15:16:29 Peter en Ellen MESSAGE IP Protection started successfully

21:17:10 Peter en Ellen MESSAGE Protection started successfully

21:17:15 Peter en Ellen MESSAGE IP Protection started successfully

Link to post
Share on other sites

hi again

Step 1

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

Things I would like to see in your reply:

  • aswMBR log
  • OTL.txt and Extras.txt

Link to post
Share on other sites

Hello again

To be honest i am a bit embarressed having to ask for so soon again. I was still implementing your recommendations! I have posted the requested logs below. One more thing that i came across when making my pc more secure has to do with Windows defender. I found it was switched off, and when I tried to switch it on it kept refusing to do so. Whether this is because MicroSoft Security Essentials was blocking it, MBAM or a virus/spyware infection i don't know.

Anyway, thanks again for your help.

aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software

Run date: 2011-07-18 07:34:38

-----------------------------

07:34:38.944 OS Version: Windows 6.0.6002 Service Pack 2

07:34:38.944 Number of processors: 2 586 0xF0D

07:34:38.945 ComputerName: PETERENELLEN-PC UserName: Peter en Ellen

07:34:40.625 Initialize success

08:03:31.479 AVAST engine defs: 11071702

08:04:56.712 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

08:04:56.716 Disk 0 Vendor: TOSHIBA_ LV01 Size: 152627MB BusType: 3

08:04:56.737 Disk 0 MBR read successfully

08:04:56.743 Disk 0 MBR scan

08:04:56.748 Disk 0 unknown MBR code

08:04:56.757 Disk 0 scanning sectors +312578048

08:04:56.796 Disk 0 scanning C:\Windows\system32\drivers

08:05:17.273 Service scanning

08:05:18.549 Disk 0 trace - called modules:

08:05:18.600 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll

08:05:18.608 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x852b9618]

08:05:18.617 3 CLASSPNP.SYS[87da48b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84800030]

08:05:21.041 AVAST engine scan C:\Windows

10:47:13.399 AVAST engine scan C:\Users\Peter en Ellen

11:22:34.221 AVAST engine scan C:\ProgramData

11:32:58.719 Scan finished successfully

11:33:20.685 Disk 0 MBR has been saved successfully to "C:\Users\Peter en Ellen\Desktop\MBR.dat"

11:33:20.715 The log file has been saved successfully to "C:\Users\Peter en Ellen\Desktop\aswMBR.txt"

OTL logfile created on: 18/07/2011 11:48:39 - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Peter en Ellen\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.06% Memory free

4.21 Gb Paging File | 3.15 Gb Available in Paging File | 74.85% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 136.46 Gb Total Space | 77.14 Gb Free Space | 56.53% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.45 Gb Free Space | 54.50% Space Free | Partition Type: NTFS

Computer Name: PETERENELLEN-PC | User Name: Peter en Ellen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/18 11:47:19 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe

PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2008/06/13 17:04:02 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmsdmon.exe

PRC - [2008/06/13 17:04:01 | 000,668,328 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe

PRC - [2008/02/28 01:53:25 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdxcoms.exe

PRC - [2007/11/12 12:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe

PRC - [2007/11/12 12:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe

PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (SafeList) ==========

MOD - [2011/07/18 11:47:19 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/08/26 09:44:24 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\599\g2aservice.exe -- (GoToAssist)

SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)

SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV - [2009/10/16 19:00:52 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)

SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)

SRV - [2008/02/28 01:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdxcoms.exe -- (lxdx_device)

SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/11/12 12:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)

SRV - [2007/11/12 12:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)

SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV - [2011/07/18 11:35:54 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{600AD132-6043-49DF-91F0-36E5A2A448D4}\MpKsle34a9154.sys -- (MpKsle34a9154)

DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)

DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)

DRV - [2008/03/06 08:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV - [2008/03/04 06:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)

DRV - [2008/03/04 06:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)

DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2008/01/21 03:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2007/11/17 02:34:22 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2007/11/17 02:34:22 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2007/11/12 12:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2007/09/26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®

DRV - [2007/09/07 07:49:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2007/09/06 17:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/09/06 17:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/09/06 17:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006/08/05 01:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-925633505-260543186-3398771177-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.mc866.mail.yahoo.com/mc/welcome?.partner=bt-1&.gx=1&.tm=1288193974&.rand=1662e9sd58gne#_pg=showFolder&fid=Inbox&order=down&tt=697&pSize=25&.rand=1482196693&.jsrand=6797472

IE - HKU\S-1-5-21-925633505-260543186-3398771177-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-925633505-260543186-3398771177-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-925633505-260543186-3398771177-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-925633505-260543186-3398771177-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2011/07/15 19:57:22 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O3 - HKU\S-1-5-21-925633505-260543186-3398771177-1000\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKU\S-1-5-21-925633505-260543186-3398771177-1000\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKU\S-1-5-21-925633505-260543186-3398771177-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [lxdxamon] C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe ()

O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()

O4 - Startup: C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_82026456.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-925633505-260543186-3398771177-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-925633505-260543186-3398771177-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\.DEFAULT\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\.DEFAULT\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Ranges: GD ([http] in Local intranet)

O15 - HKU\S-1-5-18\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-18\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Ranges: GD ([http] in Local intranet)

O15 - HKU\S-1-5-21-925633505-260543186-3398771177-1000\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKU\S-1-5-21-925633505-260543186-3398771177-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKU\S-1-5-21-925633505-260543186-3398771177-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O15 - HKU\S-1-5-21-925633505-260543186-3398771177-1000\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites)

O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090814132336 (PhotoboxPhotowaysUploader5 Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\599\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\599\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O24 - Desktop WallPaper: C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/18 11:47:06 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

[2011/07/16 17:26:37 | 000,000,000 | ---D | C] -- C:\Users\Peter en Ellen\AppData\Roaming\Media Player Classic

[2011/07/16 17:25:05 | 000,000,000 | ---D | C] -- C:\FilmPlayer

[2011/07/15 07:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2011/07/14 08:48:28 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011/07/13 23:14:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/07/13 23:14:13 | 000,000,000 | ---D | C] -- C:\Users\Peter en Ellen\AppData\Local\temp

[2011/07/13 23:02:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/07/12 16:32:36 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Users\Peter en Ellen\Desktop\aswMBR.exe

[2011/07/09 17:33:48 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe

[2011/07/09 17:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro

[2011/07/09 14:22:34 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/07/09 14:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/09 14:22:29 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/07/09 14:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/07/08 17:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/07/05 11:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2011/07/05 11:40:53 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2009/10/16 16:27:52 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxdxcoin.dll

[2009/05/22 09:26:40 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDXhcp.dll

[2009/05/22 09:26:40 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdxinpa.dll

[2009/05/22 09:26:40 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxiesc.dll

[2009/05/22 09:26:39 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\lxdxserv.dll

[2009/05/22 09:26:39 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdxusb1.dll

[2009/05/22 09:26:39 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxpmui.dll

[2009/05/22 09:26:39 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdxprox.dll

[2009/05/22 09:26:38 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdxlmpm.dll

[2009/05/22 09:26:37 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdxhbn3.dll

[2009/05/22 09:26:37 | 000,320,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxih.exe

[2009/05/22 09:26:36 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomc.dll

[2009/05/22 09:26:36 | 000,594,600 | ---- | C] ( ) -- C:\Windows\System32\lxdxcoms.exe

[2009/05/22 09:26:36 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomm.dll

[2009/05/22 09:26:36 | 000,365,224 | ---- | C] ( ) -- C:\Windows\System32\lxdxcfg.exe

========== Files - Modified Within 30 Days ==========

[2011/07/18 11:47:19 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Peter en Ellen\Desktop\OTL.scr

[2011/07/18 11:40:20 | 000,611,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/07/18 11:40:20 | 000,109,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/07/18 11:36:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/18 11:36:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/18 11:35:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/07/18 11:35:48 | 2134,990,848 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/18 11:33:20 | 000,000,512 | ---- | M] () -- C:\Users\Peter en Ellen\Desktop\MBR.dat

[2011/07/16 10:45:28 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2011/07/16 10:41:57 | 000,270,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/07/15 20:07:12 | 000,139,264 | ---- | M] () -- C:\Users\Peter en Ellen\Desktop\RKUnhookerLE.EXE

[2011/07/15 19:57:22 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

[2011/07/15 15:59:26 | 000,000,814 | ---- | M] () -- C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_82026456.lnk

[2011/07/15 15:49:49 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/14 21:39:54 | 097,946,776 | ---- | M] () -- C:\Users\Peter en Ellen\Desktop\setup_11.0.0.1245.x01_2011_07_14_23_14.exe

[2011/07/14 11:27:22 | 000,000,997 | ---- | M] () -- C:\Users\Peter en Ellen\Desktop\new functions v144.lnk

[2011/07/13 12:45:40 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2011/07/12 16:32:41 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Users\Peter en Ellen\Desktop\aswMBR.exe

[2011/07/11 19:43:52 | 000,000,000 | ---- | M] () -- C:\Users\Peter en Ellen\defogger_reenable

[2011/07/09 17:33:48 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe

[2011/07/09 17:27:24 | 000,020,552 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/07/05 11:41:21 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2011/07/03 07:14:21 | 000,003,656 | -HS- | M] () -- C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2

[2011/07/02 13:15:30 | 000,000,945 | ---- | M] () -- C:\Users\Peter en Ellen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/06/20 18:46:09 | 000,022,016 | ---- | M] () -- C:\Users\Peter en Ellen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/07/18 11:33:20 | 000,000,512 | ---- | C] () -- C:\Users\Peter en Ellen\Desktop\MBR.dat

[2011/07/15 20:06:57 | 000,139,264 | ---- | C] () -- C:\Users\Peter en Ellen\Desktop\RKUnhookerLE.EXE

[2011/07/15 15:59:26 | 000,000,814 | ---- | C] () -- C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_82026456.lnk

[2011/07/15 15:53:33 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011/07/14 21:39:53 | 097,946,776 | ---- | C] () -- C:\Users\Peter en Ellen\Desktop\setup_11.0.0.1245.x01_2011_07_14_23_14.exe

[2011/07/11 19:43:52 | 000,000,000 | ---- | C] () -- C:\Users\Peter en Ellen\defogger_reenable

[2011/07/09 17:27:24 | 000,020,552 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2011/07/09 14:22:34 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/05 11:41:21 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2011/07/05 11:41:21 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2011/07/03 07:14:21 | 000,003,656 | -HS- | C] () -- C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2

[2011/07/03 07:14:20 | 000,005,224 | -HS- | C] () -- C:\Users\Peter en Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneNote Table Of Contents.onetoc2

[2010/07/17 06:24:30 | 000,000,112 | ---- | C] () -- C:\ProgramData\CSdn23.dat

[2009/10/18 08:50:00 | 000,008,248 | ---- | C] () -- C:\Users\Peter en Ellen\AppData\Local\en.ini

[2009/09/26 20:39:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/09/26 20:39:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/09/26 19:57:04 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdxgrd.dll

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2009/05/22 09:31:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdxvs.dll

[2009/05/22 09:30:23 | 000,782,336 | ---- | C] () -- C:\Windows\System32\lxdxdrs.dll

[2009/05/22 09:30:23 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdxcaps.dll

[2009/05/22 09:30:23 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdxcnv4.dll

[2009/05/22 09:29:36 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL

[2009/05/22 09:29:36 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL

[2009/05/22 09:29:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll

[2009/05/22 09:29:16 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL

[2009/05/22 09:26:58 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdxrwrd.ini

[2009/05/22 09:26:41 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDXinst.dll

[2009/04/24 19:14:08 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2009/02/21 20:39:51 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll

[2009/02/21 20:39:51 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll

[2008/09/14 14:36:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/07/06 12:46:49 | 000,022,016 | ---- | C] () -- C:\Users\Peter en Ellen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/06/19 18:00:30 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll

[2008/06/19 18:00:30 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll

[2008/06/19 18:00:29 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll

[2008/06/19 18:00:29 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll

[2008/06/19 18:00:29 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2008/06/19 18:00:26 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2008/02/04 00:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2007/07/25 16:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll

[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 13:47:37 | 000,270,632 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 11:33:01 | 000,611,296 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 11:33:01 | 000,109,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/07/26 10:24:19 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2010/10/27 14:43:25 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Floodlight Games

[2010/11/23 07:33:09 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Juniper Networks

[2009/05/22 22:26:55 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Lexmark Productivity Studio

[2010/10/27 14:42:03 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Oberon Media

[2011/02/07 15:15:48 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Rovio

[2009/09/28 19:34:17 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\SharePod

[2010/07/18 00:12:09 | 000,000,000 | ---D | M] -- C:\Users\Peter en Ellen\AppData\Roaming\Teletekst

[2011/07/18 11:35:09 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >

[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe

[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe

[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

[2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >

[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe

[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe

[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >

[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe

[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >

[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe

[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/28 05:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/28 05:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/28 05:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/28 07:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/05/28 07:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/28 05:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/28 05:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/28 05:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/28 07:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/05/28 07:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

< >

< End of report >

OTL Extras logfile created on: 18/07/2011 11:48:39 - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Peter en Ellen\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.06% Memory free

4.21 Gb Paging File | 3.15 Gb Available in Paging File | 74.85% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 136.46 Gb Total Space | 77.14 Gb Free Space | 56.53% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.45 Gb Free Space | 54.50% Space Free | Partition Type: NTFS

Computer Name: PETERENELLEN-PC | User Name: Peter en Ellen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{55526005-DCFD-49B7-ACD6-511CD1B079ED}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{678E955A-0F20-4120-BCD2-B5454DE16F95}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{69D10F3C-C2DA-4DC0-B921-ECDA09B41631}" = lport=10243 | protocol=6 | dir=in | app=system |

"{8E3882CA-029C-49CE-BB66-DFA5524E19F3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C65DB226-6E89-4BD9-922E-43026715339E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{CB17EDCA-18C9-437C-AE99-BC4F64A8D910}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E6435CB6-C392-4545-95D4-A946BBE82B31}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{EDEA746A-4C8B-4CEF-B218-474394144F30}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F0112EBA-65A0-47ED-A1EF-D7E4F2BF9E2B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F3C2B087-ECD3-4940-8BC4-4DA7908A1E36}" = rport=10243 | protocol=6 | dir=out | app=system |

"{F7EBDE5C-432D-447E-B863-798DDE233D12}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0059B072-2E10-4333-BD43-8C221B1D4A11}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{029D08C4-98CB-446E-B340-ABCCDFC9B154}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{03AD7B28-4588-4395-9738-A30F6EE2EAEA}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{0836EE2C-6A25-4755-BC0D-D248F2CB9DB8}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{0938F5CC-365E-41C0-B2BC-72F7EDEA4B96}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{0B2E3F96-B38B-4C22-B400-067B315E7089}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{0B62A7F1-10E9-4910-9D3E-FFE0E34D0349}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{11765E59-6CCD-4F33-B2A2-FD5C24813D95}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{11A23E58-DFFA-4192-9A54-F63300C206D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{11DAAACF-92D0-42DA-8E94-C6F1B85EFCF9}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{123D7CCE-B7E5-48AD-9C62-77988042E8D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{13E28B83-0C03-46D2-8974-AA09D121A975}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{144C2C02-D493-47F4-BDD5-C58DF25841AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{15C124C5-5E9D-427D-A154-82541EE4F7EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{1C44F999-1FE8-4C48-B776-F82F26EBBC0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{1E023C40-E44B-4E38-A0CC-B5A0CBB2967B}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{1F7ED432-62A8-4A5B-9F7A-1D1EF1DFBCAB}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{2136A894-5F98-4208-A9E9-70BA0711338F}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{29D9C4E4-700C-464E-BC61-295B2403C851}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{2AE0E238-1E7C-4999-890E-464CDE979294}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{2C65CB9E-98D6-4527-BEB1-BE563A0F0F26}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{2CC81963-9BBF-4DC2-A09C-123A18FADF07}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{2D36A0E0-B5E3-4854-B165-316BFCF9340C}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{2F04C77E-8975-4ECD-9DC1-85EEA59DE783}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{3236FA75-3C30-4BDC-B012-3798348F530D}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{34954527-F099-4698-A133-B669962B2DF3}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{34A60168-4768-40A1-938B-A2321779C7EB}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{35137B6A-11E8-4FE5-B2F0-D79935A79F21}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{379BE733-A395-4B95-AB42-2C1CBD093EE2}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{38BDE1EC-4844-46E1-B451-0D8F3A89A420}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{3BA27712-716B-47DF-9C0C-94F1E00A9977}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{3F76125C-7921-46AA-9AEE-FF8F936067A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{3FBC4CE8-2E40-4645-A2C5-15196DC9F138}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{41616D88-7985-49B7-9A9F-884076D80F13}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{42B70352-D73B-4D26-9603-D01866843910}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{42D95473-0082-4442-8C96-E0E5E9718363}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{44196A3F-03A3-4F2D-B171-E6E446CE2897}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{442CEB7A-5BB4-4360-9181-EB07C82FBA4A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{4523FADB-2A17-41F7-81B2-B479E884B0DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{4656EB87-69BB-4B2C-808D-13B0475AADC6}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{46D608C9-7CC7-48A9-BB99-85961C56783A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{4B71A016-BFEF-470E-94E8-3784D389D1B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{4C65B4B1-EA26-4FEF-AC7D-AE50E189C158}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{4C8952A2-2F74-492C-9E91-CFDC7BDA0AFA}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{4D60DCD0-2EA3-41DC-8FB1-2CDF7BA7C96E}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{4FC278DE-E6AA-4CB1-8709-11A4AD4B08D8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{51004CD0-DDF3-4EAA-AE1A-2A929191EBA7}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{546D03F2-E985-4660-848A-93747B52333E}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{552BB68D-41AA-48D0-9382-35C5A3BFEC5B}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{55F785E8-6E27-4A0E-B6AF-503FF17CB786}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{57DCB00A-20EE-44D6-B877-AC26B773ED8D}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{59596D23-6967-4BC7-BCC9-D6E3A49CAAB6}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{598911AC-1B23-46D1-A517-106B1B4CDEF0}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{5E33D27F-93B9-4625-9016-5676D12D8A05}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{62BAD200-2C69-430B-BFDC-9832DDE36BED}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{635ADE43-1C27-4908-AFBA-537C7956A1B3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{654C11ED-25BB-416B-8A23-37D4D41C24CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{66E42F46-CEE0-4A5B-81DF-9BA6C98325A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{6841B2EB-35FC-4CBF-9EB8-B87094119B5A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{699CB45A-4FEF-4E96-9D63-EAB626B758A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{69C4E08B-2346-4C85-9751-18CC19E2A83C}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{6C0EF35A-0E0B-4FAC-A7C9-0931A1806980}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{71D50CBE-5803-47F0-A84E-2721FA7F0F66}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{772D13C9-37EC-436E-B8B7-ED7622B5ABC9}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{783BF2D3-86FB-4A1F-90A2-C78487598442}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{794CC8C7-F8A8-4A3D-B0D2-1E76DED49F88}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{79EF2B99-A944-4B0A-AD4A-9832AB828A4F}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{7BA18EE3-E4B0-40FC-BDBF-81E3486C5CB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{7DC97CA2-8766-4FF0-9557-48EB48799E49}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{7F4C1B95-29EC-47CF-B5B6-44774A9A5870}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{7F6C0783-B7E0-411F-AF5A-F0A743D43D7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{82C7645E-57E5-402F-9AEE-2C662DB52C63}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{82EFFD4F-7EC1-4A26-B16F-1E23D604DE39}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{890E0F1F-5BD9-4654-8BF1-F5FE7F033ACD}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{8BE0FC78-DCE1-4882-A4B0-AC0C89F562D1}" = protocol=17 | dir=in | app=c:\users\peter en ellen\appdata\local\temp\7zsf594.tmp\symnrt.exe |

"{8FDBC4BE-B71D-4AEA-89B7-8711692962A1}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{90767A84-8107-4028-AF53-4E712E4E521B}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{9091C601-04DB-4EA4-B4C8-4197B19EE7CD}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{93794924-A455-4B72-8A31-F50F3F6D72BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{95163D28-D294-4CB9-996C-7CC56F863D41}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{955394C2-5DD5-439E-B6A1-8AD7E5773469}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{96B65F1D-1C19-4762-A859-0B49A7FFB426}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{96D8AB73-C0C3-4F0C-9431-592CD6EA311C}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{96E93AEC-0325-4590-B20F-AE1E40F524C8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{986A90A3-CEAE-4413-BAF8-D8BD75F4304E}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{9BA871F4-C275-4916-B4E4-3BDE6297EF52}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{9C5B28B4-7B6F-407D-9313-27B8F9BE306A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{9D572064-BF71-4D36-AC62-DC6F6AD231C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{9E47610B-5D0C-46DF-9EDD-6016AD2B2E23}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{9E65051A-024B-4F3B-8782-489B260008F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{A0834011-8B4D-4758-85F2-BEA48D650402}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{A086C3B0-6965-44C4-AA55-8D9DD4889D82}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{A5384DA1-753A-4AD4-9E0E-5DFCC9D7686D}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{A549B016-65E5-41A3-80DD-84E5E25B84AE}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{A630703F-50C6-4C52-AC9A-1CD8941E9CCF}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{A658321C-ECB5-4C55-89AE-D05A94C36E84}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{A6BE68B4-EC23-47FD-8942-462F25B5B961}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{A7E06E51-705B-459E-90D9-A1C429D0A1F5}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |

"{AB7FC708-B8C6-4F74-AF85-1D0864E11E24}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{ACD5A197-21A9-4BD2-BB9A-52D01587A483}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{AD8535C4-3D3D-4F12-A05E-B7638C1DFB0F}" = protocol=6 | dir=out | app=system |

"{AF1C5A69-E968-46D6-BE59-0908B447FDFF}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{B11D3E49-F05D-4669-8B7C-73CE6A789B47}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{B1881C24-5A84-4CB6-BB9C-A3CBE7F8E3CD}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{B24A1FD0-0E55-406A-B002-FE8F5A0375DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{B2FDF00A-62BA-4B77-9826-AD5D252CC308}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{B3F35D80-1C77-4781-8497-C9E0521253FF}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{B44D8829-E4C8-41C8-AF60-7D90C3DAB952}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{B4E87FF2-BABF-407E-B1D5-779B483B0570}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{B74A3486-846E-46B9-98CE-E19DB79D6EDA}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{BC87E2C9-1AE5-4EE5-8215-E7F2878B5CEB}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{C1260EA4-E4F0-4BD8-9B07-D591183AA139}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{C3F158F1-658C-4D1F-A77A-F8D8D043190B}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{C599F2D9-40EF-4A55-915A-24BF90CD9DBC}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{C7EB6FB5-3630-4059-9E05-A865E501D0B2}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{C8AF6D22-AC3C-4AB6-BCA1-CE5BDF9D12BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{C9A25EDA-3E08-4D9C-B987-AB51230D9739}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{CF14D74D-599F-4FFB-BEEB-D1B37B6D6297}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{CF69F260-E16F-40CE-BDE2-3D1596E02BEA}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{D11A661A-F57A-4430-A58F-4B02483600F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{D1427F88-FEE1-486F-9176-7B4B9ADCF652}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{D1919655-23E2-4D86-9294-BB3226EB5719}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{D1FDF74D-3B61-432D-AE76-C097D67E2108}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{D231DBE4-74F2-4620-8D07-3E33D57EBFD9}" = protocol=6 | dir=in | app=c:\users\peter en ellen\appdata\local\temp\7zsf594.tmp\symnrt.exe |

"{D471C218-7F59-4765-B797-8C6CAF70510A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{D6E507CA-B445-46BE-923C-8AA749000385}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{D80EFD36-6BFC-43DB-8340-67C41D931C09}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{DC7C7447-6E02-44AA-A2BC-E0196C119777}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{E0D0D448-07BB-41BA-AB3D-3E8EB8EE12AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{E61B5607-18B9-43D4-B69E-23D07BD2D60A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{EB5FE7B4-F456-45D9-8560-2987AF9C99B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{EC52987D-BBA3-4ACF-91B6-C5B57E8E451B}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{EDCF7E87-F7B4-4669-98B7-612500A41C7D}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{EF4B3169-41EC-44B3-AE9B-6AC36FBC005C}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{EFDCC78B-2528-4B23-A299-103E6A1957ED}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{F0642C27-0DA9-4C13-8DA5-2EDA92E14E7F}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{F12E5433-B6B4-4C7D-A8FA-23BAA52BFAE0}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{F2F200B2-27F6-4322-87B2-18D804FD12ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F368723C-A890-457D-8504-C96BAC019D47}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{F4B20502-04A6-4C85-AADB-A08504A26A0C}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{F6B6BC46-60F1-4C57-ACEC-42B095DC2708}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{FAC978A9-22E4-4967-9FD0-11C5E64FE91A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{FBBFA3E5-5C3C-4EF4-A87D-A9C34B55C7F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{FE162A0F-F48A-4453-9E99-EFF06ACEFCA4}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"TCP Query User{0A85DE94-39D5-496D-A924-0FEEEEAC3F45}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"TCP Query User{13166B84-A46E-4604-83D2-AE1D1F768CFA}C:\program files\lexmark 3600-4600 series\lxdxmon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxmon.exe |

"TCP Query User{1E545305-5205-4705-ACF0-30922B14AD76}C:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe |

"TCP Query User{CC3DAAD1-B882-47C2-9A17-E11DC7803140}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"TCP Query User{DE0EEF60-C337-435B-9C43-0EEFA7F6B69D}C:\program files\lexmark 3600-4600 series\lxdxmon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxmon.exe |

"UDP Query User{19E887CA-35B2-47F1-A9AA-DAE758628EFC}C:\program files\lexmark 3600-4600 series\lxdxmon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxmon.exe |

"UDP Query User{93CF2DE5-59F8-4B3F-AF95-863893977A31}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"UDP Query User{AF5CA8AA-3C5C-420D-AA1E-52FB4FE2C85E}C:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe |

"UDP Query User{B3FCC774-2E32-4FA1-B540-0D762ED1F72F}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"UDP Query User{BC4E9C59-B188-406E-994B-4B3B8DB0D5F7}C:\program files\lexmark 3600-4600 series\lxdxmon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxmon.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data

"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0

"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar

"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office

"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 23

"{29B376EF-7C81-48FC-9CC6-DED136570CFE}" = Tarantella Connection Manager

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{41C5EDB3-BE78-4C29-AE83-EDD2B1B740F1}" = CSI-Dark Motives

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A170F0F-C129-4E3C-9EC7-F36D20AE7A6B}_is1" = Teletekstbrowser versie 3.4

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector

"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI

"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs

"{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}" = Internet From BT

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio

"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware

"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)

"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client

"{78225D0F-D12C-09E4-5D6D-A64D763E8982}" = BBC iPlayer Desktop

"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118906753}" = Agatha Christie 4.50 from Paddington Special Edition

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}" = McAfee Virtual Technician

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes

"{ABC5A6A3-573D-4578-949B-D643E629385E}" = Germany Radar Demo

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE325D55-FCAF-4273-BB79-069BB8747270}" = TomTom HOME

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E2F1B35F-7C8A-41F4-8248-F5CF9ABD7261}" = London Control

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore

"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool

"{FBEDD989-D0C3-4DF4-A41C-5FC9DD693E18}" = Agatha Christie - Murder on the Orient Express

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"Advanced Video FX Engine" = Advanced Video FX Engine

"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop

"BT Broadband Desktop Help" = BT Broadband Desktop Help

"BT Wireless Connection Manager" = BT Wireless Connection Manager

"BTHomeHub" = BTHomeHub

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem

"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)

"Dell Webcam Center" = Dell Webcam Center

"Dell Webcam Manager" = Dell Webcam Manager

"ESET Online Scanner" = ESET Online Scanner v3

"GamesBar" = GamesBar 2.0.1.55

"GoToAssist" = GoToAssist Corporate

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control

"Lexmark 3600-4600 Series" = Lexmark 3600-4600 Series

"Lexmark Fax Solutions" = Lexmark Fax Solutions

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"ProInst" = Intel® PROSet/Wireless Software

"SopCast" = SopCast 3.2.4

"StreamTorrent 1.0" = Stream Torrent 1.0

"WinLiveSuite" = Windows Live Essentials

"Yahoo! Applications" = BT Yahoo! Applications

"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-925633505-260543186-3398771177-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client

"Juniper_Term_Services" = Juniper Terminal Services Client

"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 16/07/2011 02:25:47 | Computer Name = PeterenEllen-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 16/07/2011 02:25:47 | Computer Name = PeterenEllen-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 33395103

Error - 16/07/2011 02:25:47 | Computer Name = PeterenEllen-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 33395103

Error - 16/07/2011 02:25:48 | Computer Name = PeterenEllen-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 16/07/2011 02:25:48 | Computer Name = PeterenEllen-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 33396351

Error - 16/07/2011 02:25:48 | Computer Name = PeterenEllen-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 33396351

Error - 16/07/2011 02:41:46 | Computer Name = PeterenEllen-PC | Source = WinMgmt | ID = 10

Description =

Error - 16/07/2011 02:49:57 | Computer Name = PeterenEllen-PC | Source = WinMgmt | ID = 10

Description =

Error - 16/07/2011 05:38:21 | Computer Name = PeterenEllen-PC | Source = WinMgmt | ID = 10

Description =

Error - 16/07/2011 05:43:22 | Computer Name = PeterenEllen-PC | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 18/07/2011 02:20:52 | Computer Name = PeterenEllen-PC | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 18/07/2011 02:21:48 | Computer Name = PeterenEllen-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 18/07/2011 02:21:48 | Computer Name = PeterenEllen-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 18/07/2011 02:21:48 | Computer Name = PeterenEllen-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 18/07/2011 02:22:41 | Computer Name = PeterenEllen-PC | Source = Service Control Manager | ID = 7024

Description =

Error - 18/07/2011 06:36:17 | Computer Name = PeterenEllen-PC | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 18/07/2011 06:37:33 | Computer Name = PeterenEllen-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 18/07/2011 06:37:33 | Computer Name = PeterenEllen-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 18/07/2011 06:37:33 | Computer Name = PeterenEllen-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 18/07/2011 06:38:07 | Computer Name = PeterenEllen-PC | Source = Service Control Manager | ID = 7024

Description =

< End of report >

Link to post
Share on other sites

Hi

I guess if the logs are clean I must be wrong. It must have been a one-off then that MBAM was blocking a site, probably just doing its job. I recall having read/heard once that not being able to have Windows complete it's updates could be an indication of a problem. Also, as i said in my last post, Windows defender refusing to be switched on. But my guess this happens because of the other spy/malware protection is installed. I think I might be a bit paranoid after the last infection! :blush:

Please close this thread if you think there is nothing there, i don't want to take up your resources when you could be helping somebody else. I'll continue implementing your recommendations tomorrow.

Thank you again for your time!

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.