[W7] Black screen+cursor after login, no key combinations work and no OS disk available

Solved
By Adriaan V
Feb 2, 2013
Topic Status:
Not open for further replies.
  1. Hi guys,

    I've extensively searched these forums and the interwebs, but to no avail. I've had a virus infection my laptop this evening, which I think I've removed but now I'm stuck with the after-effect: after login to the normal mode (so I do manage to login), the Windows loading icons appear but then I just get a black screen with the white cursor. Ctrl+alt+del does not result in anything, neither does tapping shift 5 times. In safe mode everything is fine (as far as I can tell). This is my latest Malwarebytes log:

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Databaseversie: v2012.11.23.08

    Windows 7 Service Pack 1 x64 NTFS (Veilige modus)
    Internet Explorer 9.0.8112.16421
    aheu529 :: NB8800043 [administrator]

    2-2-2013 19:27:08
    mbam-log-2013-02-02 (19-27-08).txt

    Scantype: Volledige scan (C:\|D:\|)
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 467874
    Verstreken tijd: 53 minuut/minuten, 43 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 1
    C:\wamp\bin\apache\Apache2.2.14\bin\ab.exe (Trojan.Swrort) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)

    --------------------------------------------
    The viruses that I Had were Trojan Swrort and Exploit.Drop.GS. I do think they're gone but yeah.

    One thing I should mention: I don't have the original installation disk. Also, to complicate matters further, system repair has never been turned on for this laptop so I can't do that either.

    I'd be very very thankful to anyone that can point me in the right direction. 'Cause I'm not seeing it...

    Adriaan
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From TechSpot

    Direct Link (alternative)

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  3. Adriaan V

    Adriaan V Newcomer, in training Topic Starter Posts: 18

    Hello, thank you for the quick reply. First thing's first, I have Panda Cloud Cleaner which I disabled fine, and I also have Panda Antivirus Pro, which apparently I did not manage to disable. However I checked the processes running in the task manager, and no Panda related ones were running so I went ahead with the Combofix program... I ran this in safe mode since I can't access my normal mode. This is the log:

    ComboFix 13-02-02.05 - aheu529 02-02-2013 21:52:02.1.8 - x64 NETWORK
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.31.1043.18.3977.3308 [GMT 1:00]
    Gestart vanuit: c:\users\aheu529\Desktop\ComboFix.exe
    AV: Panda Antivirus Pro 2013 *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Nieuw herstelpunt werd aangemaakt
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
    c:\users\aheu529\AppData\Local\TempDIR
    c:\users\aheu529\AppData\Local\TempDIR\AddTrust_External_CA_Root.der
    c:\users\aheu529\AppData\Local\TempDIR\SecureW2.inf
    c:\users\aheu529\AppData\Local\TempDIR\SecureW2_TTLS_333.exe
    c:\users\aheu529\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
    c:\windows\SysWow64\URTTemp
    c:\windows\SysWow64\URTTemp\regtlib.exe
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2013-01-02 to 2013-02-02 ))))))))))))))))))))))))))))))
    .
    .
    2013-02-02 20:58 . 2013-02-02 20:58 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-02 20:58 . 2013-02-02 20:58 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2013-01-29 11:22 . 2013-02-02 20:52 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC5BF95C-3C3A-48C9-AAB3-0536C87A32D3}\offreg.dll
    2013-01-29 11:18 . 2013-01-15 01:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC5BF95C-3C3A-48C9-AAB3-0536C87A32D3}\mpengine.dll
    2013-01-28 21:36 . 2012-05-31 10:25 279656 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-28 21:18 . 2013-01-28 21:20 -------- d-----w- c:\windows\system32\appmgmt
    2013-01-28 21:17 . 2013-01-28 21:17 -------- d-----w- c:\users\aheu529\AppData\Local\Panda Security
    2013-01-28 21:12 . 2010-06-22 16:20 30792 ----a-w- c:\windows\system32\drivers\pavboot64.sys
    2013-01-28 21:12 . 2007-03-15 17:38 46640 ----a-w- c:\windows\system32\pavcpl64.cpl
    2013-01-28 21:12 . 2003-10-22 16:23 446464 ----a-w- c:\windows\SysWow64\HHActiveX.dll
    2013-01-09 08:23 . 2013-01-09 08:23 16369160 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-09 08:23 . 2012-12-19 11:58 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-09 08:23 . 2011-09-07 12:55 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
    2011-12-09 01:11 194848 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\aheu529\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\aheu529\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\aheu529\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\aheu529\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
    "Spotify Web Helper"="c:\users\aheu529\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-28 1199576]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "beid"="c:\program files (x86)\Belgium Identity Card\beid35gui.exe" [2011-07-06 2068480]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
    "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-08-11 358336]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2012-08-21 333416]
    "APVXDWIN"="c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\APVXDWIN.EXE" [2012-11-27 1037600]
    "SCANINICIO"="c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\Inicio.exe" [2012-11-08 70432]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-09-29 1089608]
    .
    c:\users\aheu529\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\aheu529\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-11 29425864]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableChangePassword"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot64.sys [2010-06-22 30792]
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-08-10 91864]
    R1 ShldFlt;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShldFlt.sys [2009-10-27 48136]
    R2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm6460.sys [2012-03-26 71432]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
    R2 PskSvcRetail;Panda PSK service;c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\PskSvc.exe [2010-08-16 28992]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
    R3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2011-09-07 38440]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-19 71168]
    R3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2011-09-07 56344]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-09-07 158976]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
    R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [2011-09-07 72808]
    R3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 88960]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 34816]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
    R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 117248]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-05 1255736]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-09-07 25960]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-29 270912]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2011-09-07 27760]
    S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [2011-09-07 74984]
    S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-09-07 83560]
    .
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2013-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-19 08:24]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\aheu529\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\aheu529\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\aheu529\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\aheu529\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-07 168216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-07 391960]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-07 419096]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-09-07 608112]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-06-05 312936]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Bijkomende Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = www.hogent.be
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\aheu529\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
    IE: Free YouTube to MP3 Converter - c:\users\aheu529\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    TCP: DhcpNameServer = 195.130.130.5 192.168.0.1
    FF - ProfilePath - c:\users\aheu529\AppData\Roaming\Mozilla\Firefox\Profiles\xxhyjy7t.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ncr
    FF - ExtSQL: 2012-12-12 21:22; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
    FF - user.js: extentions.y2layers.installId - baa47182-4fbb-48b1-a309-d6f8f378e992
    FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: security.csp.enable - false
    .
    .
    ------- Bestandsassociaties -------
    .
    JSEFile=c:\progra~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_USERS\S-1-5-21-796845957-688789844-839522115-114486\Software\SecuROM\License information*]
    "datasecu"=hex:7c,09,24,99,f9,c2,7f,ef,6d,bb,4b,9c,32,bb,f6,85,5d,04,19,d8,4d,
    bb,bb,42,cb,d2,3e,d7,f5,fb,62,40,da,c9,22,6e,78,1b,23,cc,27,77,77,16,2c,b9,\
    "rkeysecu"=hex:0c,a3,47,51,c6,5b,ae,b3,1c,24,32,c9,2f,2c,9a,52
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2013-02-02 22:02:21
    ComboFix-quarantined-files.txt 2013-02-02 21:02
    .
    Pre-Run: 26.276.401.152 bytes beschikbaar
    Post-Run: 31.093.448.704 bytes beschikbaar
    .
    - - End Of File - - F94CB929C48921248299F34B5A0F9AD5

    Thank you very very much for your help!
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You're welcome! :D Next steps:

    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

    Sometimes these logs can be very large, in that case please attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.



    RogueKiller Scan

    • Download RogueKiller from the following link and save it on your desktop:
      TechSpot
      Official Site (alternative)
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan
    [​IMG]

    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.
    [​IMG]

    • The report has been created on the desktop.
    • Next click on the ShortcutsFix

      [​IMG]
    • The report has been created on the desktop.
    Please post:

    All RKreport.txt text files located on your desktop.
  5. Adriaan V

    Adriaan V Newcomer, in training Topic Starter Posts: 18

    Alright, I did all this in Safe Mode. In attachment is the log file from TDSSKiller (there was only one suspicious file which I suppose is from my virtual server that I've had installed for ages), and here are the 3 log files that RogueKiller created on my desktop:

    1:

    RogueKiller V8.4.4 [Feb 1 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Gestart vanuit : Veilige modus met netwerk ondersteuning
    Gebruiker : aheu529 [Administrator rechten]
    Modus : Scan -- Datum : 02/02/2013 23:53:03
    | ARK || MBR |

    ¤¤¤ Kwaadaardige processen : 0 ¤¤¤

    ¤¤¤ Register verwijzingen : 8 ¤¤¤
    [RUN][BLACKLISTDLL] HKLM\[...]\Run : NVHotkey (rundll32.exe C:\Windows\system32\nvHotkey.dll,Start) -> gevonden
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> gevonden
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> gevonden
    [HJ] HKLM\[...]\System : EnableLUA (0) -> gevonden
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> gevonden
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> gevonden
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> gevonden
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> gevonden

    ¤¤¤ Speciale Files / Folders: ¤¤¤

    ¤¤¤ Driver : [Niet geladen] ¤¤¤

    ¤¤¤ HOSTS Bestand: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Controle: ¤¤¤

    +++++ PhysicalDrive0: WDC WD2500BEKT-75PVMT0 +++++
    --- User ---
    [MBR] 1a66b5f505f2696f25508c416c01e12b
    [BSP] f24548a1571b28063fa107a5b9022d6a : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 122880 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 251660288 | Size: 115593 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Gereed : << RKreport[1]_S_02022013_02d2353.txt >>
    RKreport[1]_S_02022013_02d2353.txt


    ------------------------
    --------------------------
    2:

    RogueKiller V8.4.4 [Feb 1 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Gestart vanuit : Veilige modus met netwerk ondersteuning
    Gebruiker : aheu529 [Administrator rechten]
    Modus : Verwijder -- Datum : 02/02/2013 23:53:24
    | ARK || MBR |

    ¤¤¤ Kwaadaardige processen : 0 ¤¤¤

    ¤¤¤ Register verwijzingen : 6 ¤¤¤
    [RUN][BLACKLISTDLL] HKLM\[...]\Run : NVHotkey (rundll32.exe C:\Windows\system32\nvHotkey.dll,Start) -> Verwijderd
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> Verwijderd
    [HJ] HKLM\[...]\System : EnableLUA (0) -> VERVANGEN (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> VERVANGEN (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> VERVANGEN (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> VERVANGEN (0)

    ¤¤¤ Speciale Files / Folders: ¤¤¤

    ¤¤¤ Driver : [Niet geladen] ¤¤¤

    ¤¤¤ HOSTS Bestand: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Controle: ¤¤¤

    +++++ PhysicalDrive0: WDC WD2500BEKT-75PVMT0 +++++
    --- User ---
    [MBR] 1a66b5f505f2696f25508c416c01e12b
    [BSP] f24548a1571b28063fa107a5b9022d6a : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 122880 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 251660288 | Size: 115593 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Gereed : << RKreport[2]_D_02022013_02d2353.txt >>
    RKreport[1]_S_02022013_02d2353.txt ; RKreport[2]_D_02022013_02d2353.txt


    ---------------
    ----------------------
    3:

    RogueKiller V8.4.4 [Feb 1 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Gestart vanuit : Veilige modus met netwerk ondersteuning
    Gebruiker : aheu529 [Administrator rechten]
    Modus : Snelkoppelingen HJfix -- Datum : 02/02/2013 23:53:47
    | ARK || MBR |

    ¤¤¤ Kwaadaardige processen : 0 ¤¤¤

    ¤¤¤ Driver : [Niet geladen] ¤¤¤

    ¤¤¤ Bestandattributen hersteld: ¤¤¤
    Bureaublad: Success 1 / Fail 0
    Snelstarten: Success 1 / Fail 0
    Programma's: Success 12 / Fail 0
    menu Start: Success 1 / Fail 0
    Gebruikersmap: Success 260 / Fail 0
    Mijn documenten: Success 7 / Fail 7
    Mijn favorieten: Success 0 / Fail 0
    Mijn afbeeldingen: Success 1 / Fail 0
    Mijn muziek: Success 212 / Fail 0
    Mijn videos: Success 0 / Fail 0
    Lokale harde schijven: Success 225 / Fail 0
    Backup: [NOT FOUND]

    Drives:
    [C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
    [D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
    [E:] \Device\CdRom0 -- 0x5 --> Skipped
    [G:] \Device\CdRom1 -- 0x5 --> Skipped

    Gereed : << RKreport[3]_SC_02022013_02d2353.txt >>
    RKreport[1]_S_02022013_02d2353.txt ; RKreport[2]_D_02022013_02d2353.txt ; RKreport[3]_SC_02022013_02d2353.txt



    ------------------------------------
    --------------------------------------------

    Hope you see some "light at the end of the tunnel" ! :)

    Attached Files:

  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
  7. Adriaan V

    Adriaan V Newcomer, in training Topic Starter Posts: 18

    This is the log, run from Safe Mode:

    OTL logfile created on: 3-2-2013 1:33:17 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\aheu529\Desktop
    64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    3,88 Gb Total Physical Memory | 2,89 Gb Available Physical Memory | 74,34% Memory free
    7,77 Gb Paging File | 7,06 Gb Available in Paging File | 90,96% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 120,00 Gb Total Space | 29,02 Gb Free Space | 24,19% Space Free | Partition Type: NTFS
    Drive D: | 112,88 Gb Total Space | 36,32 Gb Free Space | 32,18% Space Free | Partition Type: NTFS

    Computer Name: NB8800043 | User Name: aheu529 | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013-02-03 01:32:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\aheu529\Desktop\OTL.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV:64bit: - [2011-09-07 13:08:04 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
    SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2013-01-18 22:06:51 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013-01-09 09:24:00 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012-11-19 17:11:38 | 000,177,440 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsCtrlS.exe -- (Panda Software Controller)
    SRV - [2012-11-16 12:52:52 | 000,173,344 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\TPSrvWow.exe -- (TPSrv)
    SRV - [2012-11-09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012-10-02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012-09-21 07:25:02 | 000,202,016 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavFnSvr.exe -- (PAVFNSVR)
    SRV - [2012-08-21 15:06:00 | 000,132,712 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
    SRV - [2011-09-26 11:17:16 | 009,665,536 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe -- (wampmysqld)
    SRV - [2011-04-13 11:44:10 | 000,313,664 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\pavsrvx86.exe -- (PAVSRV)
    SRV - [2011-03-04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
    SRV - [2010-11-05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2010-08-16 13:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\psksvc.exe -- (PskSvcRetail)
    SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009-09-28 21:41:12 | 000,024,645 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- c:\wamp\bin\apache\Apache2.2.14\bin\httpd.exe -- (wampapache)
    SRV - [2009-09-18 03:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\CCM\CcmExec.exe -- (CcmExec)
    SRV - [2009-09-18 03:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\CCM\TSManager.exe -- (smstsmgr)
    SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008-06-19 11:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Stopped] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsImSvc.exe -- (PSIMSVC)
    SRV - [2008-02-04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe -- (PavPrSrv)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012-09-29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012-03-26 17:57:36 | 000,071,432 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\amm6460.sys -- (AmFSM)
    DRV:64bit: - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011-10-29 11:04:06 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2011-09-07 13:25:19 | 000,355,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2011-09-07 13:08:05 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
    DRV:64bit: - [2011-09-07 13:08:05 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
    DRV:64bit: - [2011-09-07 13:08:05 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)
    DRV:64bit: - [2011-09-07 13:07:49 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2011-09-07 13:07:48 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
    DRV:64bit: - [2011-09-07 13:07:36 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011-09-07 13:07:33 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
    DRV:64bit: - [2011-09-07 13:07:32 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
    DRV:64bit: - [2011-09-07 13:07:31 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
    DRV:64bit: - [2011-09-07 13:07:30 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2011-09-07 13:07:30 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2011-09-07 13:07:30 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2011-09-07 13:07:30 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
    DRV:64bit: - [2011-08-10 23:20:26 | 000,091,864 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
    DRV:64bit: - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011-03-04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
    DRV:64bit: - [2010-11-20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
    DRV:64bit: - [2010-11-20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
    DRV:64bit: - [2010-11-20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
    DRV:64bit: - [2010-11-20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
    DRV:64bit: - [2010-11-20 04:33:58 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
    DRV:64bit: - [2010-11-20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010-11-20 02:07:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
    DRV:64bit: - [2010-11-20 02:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010-11-20 02:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010-11-20 02:03:44 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2010-11-20 02:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010-11-20 00:57:44 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010-11-05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010-08-20 10:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
    DRV:64bit: - [2010-06-22 17:20:18 | 000,030,792 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
    DRV:64bit: - [2010-02-08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
    DRV:64bit: - [2009-10-27 11:07:42 | 000,048,136 | ---- | M] (Panda Security, S.L.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\ShldFlt.sys -- (ShldFlt)
    DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009-07-14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009-07-14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008-11-16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
    DRV - [2009-09-18 03:00:00 | 000,026,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\CCM\PrepDrv.sys -- (prepdrvr)
    DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.hogent.be
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{ACB28D5E-5887-499E-9D51-488AD98C86DC}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ncr"
    FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
    FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\belgiumeid@eid.belgium.be: C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-05-18 22:44:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012-12-12 21:22:11 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-01-18 22:06:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-01-18 22:06:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012-06-11 16:57:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

    [2011-09-12 09:43:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aheu529\AppData\Roaming\mozilla\Extensions
    [2012-12-19 17:36:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aheu529\AppData\Roaming\mozilla\Firefox\Profiles\xxhyjy7t.default\extensions
    [2012-05-18 22:44:54 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\aheu529\AppData\Roaming\mozilla\firefox\profiles\xxhyjy7t.default\extensions\DivXWebPlayer@divx.com.xpi
    [2012-12-13 22:03:42 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\aheu529\AppData\Roaming\mozilla\firefox\profiles\xxhyjy7t.default\extensions\firebug@software.joehewitt.com.xpi
    [2013-01-18 22:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013-01-18 22:06:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013-01-18 22:06:39 | 000,000,000 | ---D | M] (eID België) -- C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
    [2012-05-18 22:44:28 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
    [2013-01-18 22:06:52 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011-08-11 12:18:12 | 000,128,960 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
    [2011-08-10 23:16:34 | 000,096,192 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
    [2011-08-11 12:18:30 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
    [2011-08-11 12:18:08 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
    [2012-02-09 11:00:28 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2011-08-11 12:19:38 | 000,436,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
    [2011-08-10 23:16:34 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
    [2012-08-25 03:37:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012-12-05 18:49:08 | 000,002,616 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml
    [2012-12-05 18:49:08 | 000,004,771 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml
    [2012-12-05 18:49:08 | 000,001,262 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-nl.xml

    O1 HOSTS File: ([2013-02-02 21:59:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [APVXDWIN] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\APVXDWIN.EXE (Panda Security, S.L.)
    O4 - HKLM..\Run: [beid] C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe (Belgian Government)
    O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [SCANINICIO] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\Inicio.exe (Panda Security, S.L.)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\aheu529\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
    O4 - Startup: C:\Users\aheu529\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\aheu529\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 1
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\aheu529\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
    O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\aheu529\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Free YouTube Download - C:\Users\aheu529\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\aheu529\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.5 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = edu.ads.hogent.be
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89966CBF-AAB8-47F1-AD6E-352A24F31BD3}: DhcpNameServer = 195.130.130.5 192.168.0.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
    O18:64bit: - Protocol\Filter\ica - No CLSID value found
    O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\avldr: DllName - (avldr64.dll) - C:\Windows\SysNative\avldr64.dll (On-Access Anti-Malware Scanner Sync)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013-02-03 01:32:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\aheu529\Desktop\OTL.exe
    [2013-02-02 23:52:47 | 000,000,000 | ---D | C] -- C:\Users\aheu529\Desktop\RK_Quarantine
    [2013-02-02 22:02:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013-02-02 21:50:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013-02-02 21:50:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013-02-02 21:50:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013-02-02 21:45:40 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013-02-02 21:45:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013-02-02 21:41:53 | 005,029,149 | R--- | C] (Swearware) -- C:\Users\aheu529\Desktop\ComboFix.exe
    [2013-01-28 22:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2013-01-28 22:20:05 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2013-01-28 22:18:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
    [2013-01-28 22:17:29 | 000,000,000 | ---D | C] -- C:\Users\aheu529\AppData\Local\Panda Security
    [2013-01-28 22:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
    [2013-01-28 22:12:36 | 000,030,792 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
    [2013-01-28 22:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Antivirus Pro 2013
    [2013-01-28 22:12:20 | 000,046,640 | ---- | C] (Panda Software) -- C:\Windows\SysNative\pavcpl64.cpl
    [2013-01-28 22:12:02 | 000,446,464 | ---- | C] (eHelp Corporation.) -- C:\Windows\SysWow64\HHActiveX.dll
    [2013-01-28 22:11:58 | 000,323,392 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\TpUtil64.dll
    [2013-01-28 22:11:58 | 000,202,048 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysWow64\TpUtilWow.dll
    [2013-01-28 22:11:58 | 000,117,024 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\PavLspHook64.dll
    [2013-01-28 22:11:58 | 000,090,944 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\PavIpc64.dll
    [2013-01-28 22:11:58 | 000,087,328 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysWow64\PavLspHookWow.dll
    [2013-01-28 22:11:58 | 000,066,880 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysWow64\PavIpcWow.dll
    [2013-01-28 22:11:58 | 000,025,344 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysWow64\sysHelper32.dll
    [2013-01-28 22:11:58 | 000,024,064 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\sysHelper64.dll
    [2013-01-28 22:11:57 | 000,837,920 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\PavSHook64.dll
    [2013-01-28 22:11:57 | 000,545,056 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysWow64\PavSHookWow.dll
    [2013-01-28 22:11:53 | 000,071,432 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\amm6460.sys
    [2013-01-28 22:11:53 | 000,064,768 | ---- | C] (On-Access Anti-Malware Scanner Sync) -- C:\Windows\SysNative\avldr64.dll
    [2013-01-28 22:11:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\PAV
    [2013-01-28 22:11:52 | 000,000,000 | ---D | C] -- C:\Users\aheu529\AppData\Roaming\Panda Security
    [2013-01-28 22:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
    [2013-01-28 22:11:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
    [2013-01-28 22:11:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
    [2013-01-28 22:11:28 | 000,048,136 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\ShldFlt.sys
    [2013-01-28 22:11:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panda Security
    [2013-01-18 22:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

    ========== Files - Modified Within 30 Days ==========

    [2013-02-03 01:32:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\aheu529\Desktop\OTL.exe
    [2013-02-02 23:52:08 | 000,771,072 | ---- | M] () -- C:\Users\aheu529\Desktop\RogueKiller.exe
    [2013-02-02 21:59:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013-02-02 21:42:14 | 005,029,149 | R--- | M] (Swearware) -- C:\Users\aheu529\Desktop\ComboFix.exe
    [2013-02-02 20:35:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013-02-02 20:35:16 | 3127,586,816 | -HS- | M] () -- C:\hiberfil.sys
    [2013-02-02 18:52:54 | 000,001,273 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
    [2013-02-02 17:58:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013-02-01 09:45:30 | 000,008,627 | ---- | M] () -- C:\Windows\SysWow64\PAV_FOG.OPC
    [2013-01-30 19:19:59 | 000,034,361 | ---- | M] () -- C:\Users\aheu529\Documents\580793_10151275059282995_2011087146_n.jpg
    [2013-01-29 11:30:01 | 000,012,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013-01-29 11:30:01 | 000,012,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013-01-28 22:58:03 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2013-01-28 22:12:45 | 000,002,115 | ---- | M] () -- C:\Users\aheu529\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2013.lnk
    [2013-01-28 22:12:45 | 000,000,262 | ---- | M] () -- C:\Windows\SysNative\PavCPL64.dat
    [2013-01-28 22:12:37 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Panda Antivirus Pro 2013.lnk
    [2013-01-23 18:22:57 | 000,032,049 | ---- | M] () -- C:\Users\aheu529\Desktop\DIABOLO-TOESLAG_NAAR_BRU-NAT-L_ADRIAAN_VANHEULE_1.pdf
    [2013-01-07 08:28:03 | 000,005,470 | R-S- | M] () -- C:\ProgramData\ntuser.pol

    ========== Files Created - No Company Name ==========

    [2013-02-02 23:52:09 | 000,771,072 | ---- | C] () -- C:\Users\aheu529\Desktop\RogueKiller.exe
    [2013-02-02 21:50:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013-02-02 21:50:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013-02-02 21:50:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013-02-02 21:50:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013-02-02 21:50:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013-02-02 18:52:54 | 000,001,273 | ---- | C] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
    [2013-01-30 19:17:40 | 000,034,361 | ---- | C] () -- C:\Users\aheu529\Documents\580793_10151275059282995_2011087146_n.jpg
    [2013-01-28 22:58:03 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2013-01-28 22:40:35 | 000,008,627 | ---- | C] () -- C:\Windows\SysWow64\PAV_FOG.OPC
    [2013-01-28 22:12:45 | 000,002,115 | ---- | C] () -- C:\Users\aheu529\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2013.lnk
    [2013-01-28 22:12:45 | 000,000,262 | ---- | C] () -- C:\Windows\SysNative\PavCPL64.dat
    [2013-01-28 22:12:37 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\Panda Antivirus Pro 2013.lnk
    [2013-01-23 18:22:57 | 000,032,049 | ---- | C] () -- C:\Users\aheu529\Desktop\DIABOLO-TOESLAG_NAAR_BRU-NAT-L_ADRIAAN_VANHEULE_1.pdf
    [2012-12-02 15:23:54 | 000,003,584 | ---- | C] () -- C:\Users\aheu529\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012-08-07 21:28:25 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
    [2011-12-26 18:05:49 | 000,018,944 | ---- | C] () -- C:\Windows\eraser.exe
    [2011-09-12 08:22:13 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
    [2011-09-12 08:22:13 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
    [2011-09-12 08:03:58 | 000,001,410 | R-S- | C] () -- C:\Users\aheu529\ntuser.pol
    [2011-09-07 13:21:40 | 000,004,764 | ---- | C] () -- C:\Windows\SysWow64\CcmFramework.ini
    [2011-09-07 13:07:37 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011-09-07 13:07:36 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011-09-07 13:07:35 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011-07-05 08:58:00 | 000,005,470 | R-S- | C] () -- C:\ProgramData\ntuser.pol
    [2011-07-05 08:57:11 | 001,687,606 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011-07-05 08:55:58 | 000,000,392 | ---- | C] () -- C:\Windows\SMSCFG.INI

    ========== ZeroAccess Check ==========

    [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012-12-28 19:17:44 | 000,000,000 | ---D | M] -- C:\Users\aheu529\AppData\Roaming\Audacity
    [2012-07-01 18:25:50 | 000,000,000 | ---D | M] -- C:\Users\aheu529\AppData\Roaming\com.prezi.PreziDesktop
    [2011-10-29 11:04:46 | 000,000,000 | ---D | M] -- C:\Users\aheu529\AppData\Roaming\DAEMON Tools Lite
    [2013-01-02 23:28:42 | 000,000,000 | ---D | M] -- C:\Users\aheu529\AppData\Roaming\Dropbox
    [2012-12-12 21:38:13 | 000,000,000 | ---D | M] -- C:\Users\aheu529\AppData\Roaming\DVDVideoSoft
    [2012-12-12 21:22:19 | 000,000,000 | ---D | M] -- C:\Users\aheu529\AppData\Roaming\DVDVideoSoftIEHelpers
    [2012-01-30 15:16:36 | 000,000,000 | ---D | M] -- C:\Users\aheu529\AppData\Roaming\ICAClient
    [2013-01-28 22:11:52 | 000,000,000 | ---D | M] -- C:\Users\aheu529\AppData\Roaming\Panda Security
    [2013-02-02 18:03:14 | 000,000,000 | ---D | M] -- C:\Users\aheu529\AppData\Roaming\Spotify
    [2012-06-11 16:57:53 | 000,000,000 | ---D | M] -- C:\Users\aheu529\AppData\Roaming\Thunderbird
    [2013-01-29 21:42:54 | 000,000,000 | ---D | M] -- C:\Users\aheu529\AppData\Roaming\uTorrent
    [2011-09-14 18:32:48 | 000,000,000 | ---D | M] -- C:\Users\aheu529\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6CC69D3C

    < End of report >
  8. Adriaan V

    Adriaan V Newcomer, in training Topic Starter Posts: 18

    And the Extras file from OTL

    OTL Extras logfile created on: 3-2-2013 1:33:17 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\aheu529\Desktop
    64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    3,88 Gb Total Physical Memory | 2,89 Gb Available Physical Memory | 74,34% Memory free
    7,77 Gb Paging File | 7,06 Gb Available in Paging File | 90,96% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 120,00 Gb Total Space | 29,02 Gb Free Space | 24,19% Space Free | Partition Type: NTFS
    Drive D: | 112,88 Gb Total Space | 36,32 Gb Free Space | 32,18% Space Free | Partition Type: NTFS

    Computer Name: NB8800043 | User Name: aheu529 | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    .jse[@ = JSEFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PAVSCRIP.EXE (Panda Security, S.L.)
    .wsf[@ = WSFFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PAVSCRIP.EXE (Panda Security, S.L.)
    .wsh[@ = WSHFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PAVSCRIP.EXE (Panda Security, S.L.)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PAVSCRIP.EXE (Panda Security, S.L.)
    .wsf [@ = WSFFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PAVSCRIP.EXE (Panda Security, S.L.)
    .wsh [@ = WSHFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PAVSCRIP.EXE (Panda Security, S.L.)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    wsffile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
    wshfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    jsefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    wsffile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
    wshfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{052A9C93-EDBA-466C-AB00-628B8901C8AA}" = lport=445 | protocol=6 | dir=in | name=mmc |
    "{05D9286C-23A1-4C28-A816-9F3066DA67D8}" = lport=3389 | protocol=6 | dir=in | name=rdp |
    "{0FAC01B4-B1C8-4964-B942-E0B0F77761EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{22F87840-0E53-45BA-AC9E-3FF2B113DBC7}" = lport=2702 | protocol=6 | dir=in | name=remote tools |
    "{2F6D75E5-15BE-4058-AB83-F5AD7AB713E2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{33082ED3-FC8A-4BE0-ACF9-D3099576C5EB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{37501BFF-2725-4F11-BBF1-383D412A8A1C}" = lport=135 | protocol=6 | dir=in | name=remote tools |
    "{42833DE7-FD0C-431F-8E83-E4DB31297309}" = lport=445 | protocol=6 | dir=in | name=mmc |
    "{494D7EA8-E8B9-4784-8726-5A90C5E13E3A}" = lport=135 | protocol=6 | dir=in | name=remote tools |
    "{4FFD4382-7661-47AD-B294-07CE71FE65D3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{7EF7BA60-97F4-4156-B4EE-D35D6ADE9B5A}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{94FE9ED8-B5A9-47AA-9979-366D2E8F38D8}" = lport=135 | protocol=6 | dir=in | name=wmi |
    "{957ADA20-3235-41E5-8D42-6824C787BF69}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{95C3D0D5-8826-45A5-A90D-5506C905F1FB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{AA15681B-0BA9-476D-9B0B-51A3A1029C0F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{B0F527D4-A28C-435F-A697-F412DD09B976}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B7201DAC-E042-4D75-BFB1-BB4B24CA32FC}" = lport=2701 | protocol=6 | dir=in | name=remote tools |
    "{B7F55B29-6D72-41CD-A002-643F61F8A4F6}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{CD566EA1-57BA-45FA-96E0-5E914CE17294}" = lport=2701 | protocol=6 | dir=in | name=remote tools |
    "{D7426ED5-C532-4A1D-A4D7-F294894FD5FA}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{DF66A2B4-AEED-4BAF-B317-BD8A6AD98A44}" = lport=2702 | protocol=6 | dir=in | name=remote tools |
    "{EC33BADA-B89B-4DAE-BA79-DCE419393CD4}" = lport=135 | protocol=6 | dir=in | name=wmi |
    "{F0977948-E447-4B14-AE18-CDAE760F3102}" = lport=3389 | protocol=6 | dir=in | name=rdp |
    "{F0DD064B-8607-4B3C-868D-72AD98BB7345}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{FE4F9E0C-1896-4BB5-94B6-272EF7FFF4D8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0B88A1BE-BB01-42C2-BC22-1D207D74E3B3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{0C2E3D11-3374-45E8-A082-BDF6D4E28AA1}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
    "{0D50DC14-7783-4BBB-88D4-8D3AC087492A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{11E2A54C-7E31-4242-B30A-E9788595B6D1}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
    "{1483A0EB-EEC7-48D0-9FFC-F6DCF15FFA09}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1843FE84-A0FC-479D-8E9C-9F197D1DCFE6}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
    "{1BBB05F9-6CF9-45D0-8046-3FA86DC0EA2D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{1DDC2270-82C9-4C55-B87B-CEDB9CABCBD9}" = protocol=1 | dir=in | name=icmp |
    "{1F4DB700-597A-4B7C-A1A0-214631121E6A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{28FFF494-AB6C-430F-B92E-3CEA50C14D10}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{2ADD8E03-7D1C-4503-9C31-D71E449BAC17}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{2B0EF239-E4FD-4EB0-B8F3-E4DF1B16C762}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{2BEC5A16-80C1-405E-BBE1-73818B179B75}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{2C288F26-2D35-4545-BA23-EDF05E2095FF}" = protocol=6 | dir=out | app=system |
    "{2E6F466F-F397-491A-87A7-9D6F57480022}" = protocol=6 | dir=in | app=c:\users\aheu529\appdata\roaming\spotify\spotify.exe |
    "{3536C1CD-AE55-491A-9C19-989CFF5354EE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3DF7F5A5-7A25-46B3-890B-30702DD34DBC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{43AFC10A-CDD8-4563-83F8-FD4B9A6BC535}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{51FDC1A5-1610-4917-AA21-8CEB4B105834}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
    "{52359E78-A144-4B39-BBE3-FE6C6D8D54EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{55151905-E716-440D-A886-5178A215E920}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5FF36FA0-E7A2-4241-83DD-2E6A336D8B81}" = protocol=6 | dir=in | name=windows management instrumentation (async-in) |
    "{7556A0C2-B4E0-43E5-8BE5-E83785E22EDA}" = protocol=6 | dir=in | name=windows management instrumentation (wmi-in) |
    "{785857CF-AAB8-4E05-8C32-DA777A1AD77D}" = protocol=1 | dir=in | name=icmp |
    "{797EAD04-2ABF-49FB-839A-9BB8FBCF8F29}" = protocol=17 | dir=in | app=c:\users\aheu529\appdata\roaming\spotify\spotify.exe |
    "{7E5301DD-91B2-44F1-B52D-3585DF8B0596}" = protocol=6 | dir=in | name=windows management instrumentation (dcom-in) |
    "{86C1AD6C-6BE2-45B6-9286-3534876E9423}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{87880EFF-64EA-49E1-8F70-DB2A5FE39960}" = protocol=6 | dir=in | name=windows management instrumentation (wmi-in) |
    "{8BF0A4B2-DB81-4869-B597-2CE5229E93BE}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
    "{8E6FF6A0-DA5C-42C1-9789-DEE413F5593B}" = protocol=17 | dir=in | app=c:\users\aheu529\appdata\roaming\spotify\spotify.exe |
    "{95810FAB-E998-49FF-9192-52D4802C83AC}" = protocol=6 | dir=in | name=windows management instrumentation (async-in) |
    "{9F141639-B83C-4969-A98F-43A578169F30}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{A068974C-ABDC-4424-AAF2-FF249044B0B3}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
    "{A2F9937F-BF45-4A80-82EE-FE45DAD7D2A1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{AAC2D00F-80D7-4B64-AB3B-D35170D86513}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{B9F21120-1CD9-47B1-BA75-E110C876F189}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{C1FC4CC1-1875-4114-B61E-EBF0D3A61856}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{C3F8CB27-2189-40E0-A1AB-93C00970A896}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
    "{D04D66AB-1F08-4897-876D-D7C92B8B9C5B}" = protocol=17 | dir=in | app=c:\users\aheu529\appdata\roaming\dropbox\bin\dropbox.exe |
    "{D3BFFFFB-B652-4B84-B13F-35573320834B}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
    "{DB719BE8-001D-47E0-A81C-F2406F009F1A}" = protocol=6 | dir=in | app=c:\users\aheu529\appdata\roaming\spotify\spotify.exe |
    "{E07AF60A-888B-4A04-8E54-108C9ECE1836}" = protocol=17 | dir=in | app=c:\users\aheu529\appdata\roaming\spotify\spotify.exe |
    "{E0C0D7BC-7DD0-4981-91D6-6C1B586AFDF7}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{E2CBBFB1-868A-47B6-B6E8-F378610A308D}" = protocol=6 | dir=in | name=windows management instrumentation (dcom-in) |
    "{E2F3E6F3-40FA-41CE-8C26-D80E22419ED7}" = protocol=6 | dir=in | app=c:\users\aheu529\appdata\roaming\spotify\spotify.exe |
    "{EBA1DD61-A9B1-4CB1-8598-1E6A1FD4CD5E}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
    "{EC5BE1A1-3775-4D0A-A3ED-4E6681C6F679}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
    "{F06F0994-2BBA-427D-9263-450F8B4753CF}" = protocol=6 | dir=in | app=c:\users\aheu529\appdata\roaming\dropbox\bin\dropbox.exe |
    "{FF4A9771-C658-4B28-B96E-FAE82008FB3D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "TCP Query User{29A26672-E9FB-43B4-AA5E-C1B88C92656B}C:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" = protocol=6 | dir=in | app=c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe |
    "TCP Query User{5DE40522-E062-4513-B96C-C0DB2B115EDE}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "TCP Query User{60573DD4-9205-4D2A-8798-B07DEE3C9137}C:\wamp\bin\apache\apache2.2.14\bin\httpd.exe" = protocol=6 | dir=in | app=c:\wamp\bin\apache\apache2.2.14\bin\httpd.exe |
    "TCP Query User{6B303833-35C0-4418-B540-D4484E91C7C5}C:\program files (x86)\panda security\panda antivirus pro 2013\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\panda security\panda antivirus pro 2013\apvxdwin.exe |
    "TCP Query User{72567A04-4B76-43C3-8905-C403A31AD4A2}C:\program files (x86)\leechftp\leechftp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe |
    "TCP Query User{A51B82E1-93E7-43E9-8868-79B0D8C0A929}C:\program files (x86)\leechftp\leechftp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe |
    "TCP Query User{C2D9589D-0BE8-4F39-A902-27F8C359FEBF}C:\test\wamp\bin\apache\apache2.2.21\bin\httpd.exe" = protocol=6 | dir=in | app=c:\test\wamp\bin\apache\apache2.2.21\bin\httpd.exe |
    "TCP Query User{F271A10A-071C-44D9-A2DE-C73D23B2E576}C:\users\aheu529\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\aheu529\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{0C426A43-C26C-4007-857E-0D40D8E96D85}C:\test\wamp\bin\apache\apache2.2.21\bin\httpd.exe" = protocol=17 | dir=in | app=c:\test\wamp\bin\apache\apache2.2.21\bin\httpd.exe |
    "UDP Query User{0E997F1A-E378-4BCE-A4AD-C1565276987B}C:\program files (x86)\leechftp\leechftp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe |
    "UDP Query User{7C017134-B4C3-4A94-ABAC-720AFFC30BB2}C:\wamp\bin\apache\apache2.2.14\bin\httpd.exe" = protocol=17 | dir=in | app=c:\wamp\bin\apache\apache2.2.14\bin\httpd.exe |
    "UDP Query User{D1D10756-2080-464C-B2C3-7A07B0BADE79}C:\users\aheu529\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\aheu529\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{D1E72819-7A12-4380-9AA1-D38EE6F59D24}C:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" = protocol=17 | dir=in | app=c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe |
    "UDP Query User{E3BBD52F-5C6C-453F-8262-13E7DEE5F307}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "UDP Query User{E8A2FFDB-1C84-41BD-9854-1C04AE93A936}C:\program files (x86)\leechftp\leechftp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe |
    "UDP Query User{FDC86599-A669-4631-8199-E9ACBD569663}C:\program files (x86)\panda security\panda antivirus pro 2013\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\panda security\panda antivirus pro 2013\apvxdwin.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
    "{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
    "{824563DE-75AD-4166-9DC0-B6482F206968}" = Belgium e-ID middleware 3.5.6 (build 6968)
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{B03912CE-DF97-4CAB-8568-A2506C6CB992}" = Basissoftware voor HP Officejet 6500 E710a-f
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
    "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
    "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
    "0E9F0DFCEB7739D0CA4C8BB64F515A3C48435170" = Stuurprogrammapakket voor Windows - Fedict SmartCard (06/30/2011 4.0.0.4)
    "EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "WinRAR archiver" = WinRAR 4.11 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Haelp
    "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
    "{0B74F57C-4636-4D70-A7A9-95074DF21802}" = Citrix Receiver(Aero)
    "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
    "{164B26C5-9BC9-48E8-8FB5-C3C0AC0FE1C8}" = Citrix Receiver Inside
    "{1995804A-B1A2-4826-99DD-CEA1352D090B}" = McAfee Agent
    "{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
    "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
    "{2CCC6CF7-2F2B-4D72-831C-59D964D01783}" = Panda Antivirus Pro 2013
    "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
    "{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack
    "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
    "{50DD347D-AE3C-78A6-168D-E836D5333BED}" = Prezi Desktop
    "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
    "{5D61A009-4B5D-4A2B-8B3F-A00148AC3FCE}" = Panda Antivirus Pro 2013
    "{66E3BA00-6B3D-466B-96FA-6309A7F42BB0}" = Adobe Flash Player 10 ActiveX
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
    "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
    "{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
    "{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{83C9377F-5ED1-4AD8-B113-7C876AEAF3AB}" = Windows Live Messenger
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B35E54A8-E843-419C-8158-5462E2D4EB03}" =
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2010
    "{90140000-0015-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2010
    "{90140000-0016-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2010
    "{90140000-0018-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2010
    "{90140000-0019-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2010
    "{90140000-001A-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2010
    "{90140000-001B-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
    "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
    "{90140000-001F-0413-0000-0000000FF1CE}_Office14.PROPLUS_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0413-1000-0000000FF1CE}_Office14.PROPLUS_{B9427E36-0B0A-48F4-8A51-1C178708A28E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2010
    "{90140000-002C-0413-0000-0000000FF1CE}_Office14.PROPLUS_{D3B92058-CF96-445F-A297-F7ED19C4E841}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{B35E54A8-E843-419C-8158-5462E2D4EB03}" =
    "{90140000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2010
    "{90140000-0044-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2010
    "{90140000-006E-0413-0000-0000000FF1CE}_Office14.PROPLUS_{260407D0-98A1-4D9A-A956-3D1DEDDDF3B9}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{B35E54A8-E843-419C-8158-5462E2D4EB03}" =
    "{90140000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2010
    "{90140000-00A1-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{B35E54A8-E843-419C-8158-5462E2D4EB03}" =
    "{90140000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2010
    "{90140000-00BA-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90B45DFA-5DD9-47F0-BCC7-F25B9562A738}" = Citrix Receiver(USB)
    "{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{AAE587E4-E661-4DB5-96DF-6E31C548F186}_is1" = Password Depot 6 - Panda Secure Vault Edition
    "{AC76BA86-7AD7-1043-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Nederlands
    "{AD6E2415-407E-40D3-A550-126E67509D84}" = Citrix Receiver(DV)
    "{AE2E0F4A-E08F-4A15-B4DC-D8FC9CEFF9C7}" = Online Plug-in
    "{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials
    "{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
    "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
    "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1D603C4-8C68-40F3-85AE-6DBEF3B712B5}" = Citrix Receiver (HDX Flash Redirection)
    "{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E55FB276-73C9-4776-AB53-BC028C0509ED}" = Panda Antivirus Pro 2013
    "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
    "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
    "{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery
    "{FA75723A-BF4A-40A2-BFCB-BBC320C27DC9}" = Windows Live Mail
    "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
    "{FEFD91C5-A25D-48D9-89DA-0FB7BB8B3EF7}" = Windows Live Writer Resources
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Audacity_is1" = Audacity 2.0.2
    "CitrixOnlinePluginPackWeb" = Citrix Receiver
    "com.prezi.PreziDesktop" = Prezi Desktop
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "DivX Setup" = DivX Setup
    "Free YouTube Download_is1" = Free YouTube Download version 3.1.41.1201
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
    "Genographer 2.1" = Genographer 2.1
    "LAME_is1" = LAME v3.99.3 (for Windows)
    "LeechFTP" = LeechFTP
    "Mafia II_is1" = Mafia II
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.65.1.1000
    "Mozilla Firefox 18.0.1 (x86 nl)" = Mozilla Firefox 18.0.1 (x86 nl)
    "Mozilla Thunderbird 13.0 (x86 nl)" = Mozilla Thunderbird 13.0 (x86 nl)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Picasa 3" = Picasa 3
    "PS3 Media Server" = PS3 Media Server
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 2.0.5
    "WampServer 2_is1" = WampServer 2.2
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Spotify" = Spotify

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 20-12-2012 9:15:43 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Microsoft-Windows-EapHost | ID = 2002
    Description = Overgeslagen: de validatie van Eap method DLL path is mislukt. Fout:
    id van type=21, id van auteur=0, id van leverancier=0, type leverancier=0

    Error - 20-12-2012 9:15:43 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Microsoft-Windows-EapHost | ID = 2002
    Description = Overgeslagen: de validatie van Eap method DLL path is mislukt. Fout:
    id van type=21, id van auteur=0, id van leverancier=0, type leverancier=0

    Error - 20-12-2012 10:20:03 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Microsoft-Windows-EapHost | ID = 2002
    Description = Overgeslagen: de validatie van Eap method DLL path is mislukt. Fout:
    id van type=21, id van auteur=0, id van leverancier=0, type leverancier=0

    Error - 20-12-2012 18:02:55 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Microsoft-Windows-EapHost | ID = 2002
    Description = Overgeslagen: de validatie van Eap method DLL path is mislukt. Fout:
    id van type=21, id van auteur=0, id van leverancier=0, type leverancier=0

    Error - 21-12-2012 1:08:28 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Microsoft-Windows-EapHost | ID = 2002
    Description = Overgeslagen: de validatie van Eap method DLL path is mislukt. Fout:
    id van type=21, id van auteur=0, id van leverancier=0, type leverancier=0

    Error - 21-12-2012 3:26:16 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Microsoft-Windows-EapHost | ID = 2002
    Description = Overgeslagen: de validatie van Eap method DLL path is mislukt. Fout:
    id van type=21, id van auteur=0, id van leverancier=0, type leverancier=0

    Error - 21-12-2012 3:26:17 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Microsoft-Windows-EapHost | ID = 2002
    Description = Overgeslagen: de validatie van Eap method DLL path is mislukt. Fout:
    id van type=21, id van auteur=0, id van leverancier=0, type leverancier=0

    Error - 21-12-2012 3:26:17 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Microsoft-Windows-EapHost | ID = 2002
    Description = Overgeslagen: de validatie van Eap method DLL path is mislukt. Fout:
    id van type=21, id van auteur=0, id van leverancier=0, type leverancier=0

    Error - 21-12-2012 3:34:31 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Microsoft-Windows-EapHost | ID = 2002
    Description = Overgeslagen: de validatie van Eap method DLL path is mislukt. Fout:
    id van type=21, id van auteur=0, id van leverancier=0, type leverancier=0

    Error - 21-12-2012 3:34:31 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Microsoft-Windows-EapHost | ID = 2002
    Description = Overgeslagen: de validatie van Eap method DLL path is mislukt. Fout:
    id van type=21, id van auteur=0, id van leverancier=0, type leverancier=0

    Error - 21-12-2012 17:37:58 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Microsoft-Windows-EapHost | ID = 2002
    Description = Overgeslagen: de validatie van Eap method DLL path is mislukt. Fout:
    id van type=21, id van auteur=0, id van leverancier=0, type leverancier=0

    [ System Events ]
    Error - 2-2-2013 16:59:58 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Service Control Manager | ID = 7030
    Description = De PEVSystemStart-service staat aangeduid als een interactieve service.
    Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn
    toegestaan. Deze service werkt mogelijk niet juist.

    Error - 2-2-2013 17:01:04 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Service Control Manager | ID = 7001
    Description = De HomeGroup Provider-service is afhankelijk van de Function Discovery
    Provider Host-service, die vanwege de volgende fout niet kan worden gestart: %%1068

    Error - 2-2-2013 17:01:04 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Service Control Manager | ID = 7001
    Description = De Computer Browser-service is afhankelijk van de Server-service,
    die vanwege de volgende fout niet kan worden gestart: %%1068

    Error - 2-2-2013 17:01:04 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Service Control Manager | ID = 7001
    Description = De Computer Browser-service is afhankelijk van de Server-service,
    die vanwege de volgende fout niet kan worden gestart: %%1068

    Error - 2-2-2013 17:01:06 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Service Control Manager | ID = 7001
    Description = De Computer Browser-service is afhankelijk van de Server-service,
    die vanwege de volgende fout niet kan worden gestart: %%1068

    Error - 2-2-2013 17:01:06 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Service Control Manager | ID = 7001
    Description = De Computer Browser-service is afhankelijk van de Server-service,
    die vanwege de volgende fout niet kan worden gestart: %%1068

    Error - 2-2-2013 17:04:55 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Disk | ID = 262155
    Description = Het stuurprogramma heeft een controllerfout gevonden in \Device\Harddisk1\DR3.

    Error - 2-2-2013 17:04:55 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Disk | ID = 262155
    Description = Het stuurprogramma heeft een controllerfout gevonden in \Device\Harddisk1\DR3.

    Error - 2-2-2013 17:04:56 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Disk | ID = 262155
    Description = Het stuurprogramma heeft een controllerfout gevonden in \Device\Harddisk1\DR3.

    Error - 2-2-2013 17:04:56 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Disk | ID = 262155
    Description = Het stuurprogramma heeft een controllerfout gevonden in \Device\Harddisk1\DR3.


    < End of report >
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death

    Note: Absence of issues does not mean that you're protected in the future.
  10. Adriaan V

    Adriaan V Newcomer, in training Topic Starter Posts: 18

    This is the log file. 11 infected files and 9 cleaned. (and here I was thinking there were no infected files on my system):

    C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
    C:\Users\All Users\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
    C:\Program Files (x86)\Mozilla Firefox\ctfmon.lnk Win32/Reveton.J trojan cleaned by deleting - quarantined
    C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar-4_4_0_setup.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
    C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
    C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
    C:\Users\aheu529\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\2b88ddbb-4867c07b Win32/Reveton.N trojan cleaned by deleting - quarantined
    C:\Users\aheu529\Downloads\cbsidlm-tr1_5-Leech_FTP-10122207.exe multiple threats cleaned by deleting - quarantined
    C:\Users\aheu529\Downloads\cbsidlm-tr1_8-Free_Video_Converter_by_Extensoft-BP2-10905366.exe Win32/DownloadAdmin.E application cleaned by deleting - quarantined
    C:\Users\aheu529\Downloads\cnet2_lftp13_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

    I am continuously operating in safe mode, where I've had none of the problems that you listed. One small thing though: when I'm typing in a textbox, sometimes my cursor will move backwards on its own to where my pointer is located at that moment.
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Ah, all that was adware. Let's do some diagnostics in any mode you can operate:

    We need to check out your devices. Please download DevDiag, and save it to your Desktop:
    Direct Download
    • If you are using Vista or Windows 7, please right-click DevDiag.exe and select Run As Administrator. Otherwise, simply double-click the program to run it.
    • At the options screen, please type 2 and hit Enter.
    • The tool will take a few moments to scan. When finished, a report should pop-up, also available on your Desktop (DevDiag.txt).
    • Please do not copy/paste the report into your next reply. Instead, Attach it by clicking Add Reply, and scrolling down to the Attachments section.
  12. Adriaan V

    Adriaan V Newcomer, in training Topic Starter Posts: 18

    Log in attachment. There are other modes I can enter besides safe mode, such as "Return to most recent correct settings (advanced)", "Error detection mode" etcetera, but I have no experience with those.

    The Extras log file from OTL also made mention of several "\Device\Harddisk1\DR3" errors, but obviously I have no idea whether that's related to this or not..

    Attached Files:

  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Your graphics drivers seem to be missing the "Security Processor Loader Driver", which will need to be restored. But, the only way to do that is to reinstall the graphics drivers entirely.

    Check Partitions

    Please download Listparts64
    Run the tool,
    check the "list BCD" box
    click "Scan" and post the log (Result.txt) it makes.


    Download and run this tool: http://support.microsoft.com/mats/hardware_device_problems

    Let me know if things are beginning to resolve. :)
     
  14. Adriaan V

    Adriaan V Newcomer, in training Topic Starter Posts: 18

    This is the Result.txt log:

    ListParts by Farbar Version: 16-01-2013
    Ran by aheu529 (administrator) on 04-02-2013 at 21:58:43
    Windows 7 (X64)
    Running From: C:\Users\aheu529\Downloads
    Language: 0413
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 24%
    Total physical RAM: 3976.93 MB
    Available physical RAM: 3006.09 MB
    Total Pagefile: 7952.06 MB
    Available Pagefile: 7037.93 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: (System) (Fixed) (Total:120 GB) (Free:28.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (DATA) (Fixed) (Total:112.88 GB) (Free:36.32 GB) NTFS

    Schfnr. Status Grootte Vrij Dyn GPT
    -------- ------------- ------- ------- --- ---
    Schf 0 Online 232 GB 0 B


    Partitions of Disk 0:
    ===============

    Schijf-id: DA291E52

    Partitie ### Type Grootte Offset
    ------------- ---------------- ------- -------
    Partitie 1 Primair 120 GB 1024 KB
    Partitie 2 Primair 112 GB 120 GB

    ======================================================================================================

    Disk: 0
    Partitie 1
    Type : 07
    Verborgen: Nee
    Actief : Ja

    Volume ### Ltr Label FS Type Grootte Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * volume 2 C System NTFS partitie 120 GB In orde Systeem

    ======================================================================================================

    Disk: 0
    Partitie 2
    Type : 07
    Verborgen: Nee
    Actief : Nee

    Volume ### Ltr Label FS Type Grootte Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * volume 3 D DATA NTFS partitie 112 GB In orde

    ======================================================================================================

    Windows-opstartbeheer
    ---------------------
    id {bootmgr}
    device partition=C:
    description Windows Boot Manager
    locale nl-NL
    inherit {globalsettings}
    default {current}
    resumeobject {dc51cac8-d949-11e0-a491-5c260a77d5e9}
    displayorder {current}
    toolsdisplayorder {memdiag}
    timeout 30

    Windows-opstartlaadprogramma
    ----------------------------
    id {current}
    device partition=C:
    path \Windows\system32\winload.exe
    description Windows 7
    locale nl-NL
    inherit {bootloadersettings}
    recoverysequence {dc51caca-d949-11e0-a491-5c260a77d5e9}
    recoveryenabled Yes
    osdevice partition=C:
    systemroot \Windows
    resumeobject {dc51cac8-d949-11e0-a491-5c260a77d5e9}
    nx OptIn

    Windows-opstartlaadprogramma
    ----------------------------
    id {dc51caca-d949-11e0-a491-5c260a77d5e9}
    device ramdisk=[C:]\Recovery\dc51caca-d949-11e0-a491-5c260a77d5e9\Winre.wim,{dc51cacb-d949-11e0-a491-5c260a77d5e9}
    path \windows\system32\winload.exe
    description Windows Recovery Environment
    inherit {bootloadersettings}
    osdevice ramdisk=[C:]\Recovery\dc51caca-d949-11e0-a491-5c260a77d5e9\Winre.wim,{dc51cacb-d949-11e0-a491-5c260a77d5e9}
    systemroot \windows
    nx OptIn
    winpe Yes

    Hervatten uit sluimerstand
    --------------------------
    id {dc51cac8-d949-11e0-a491-5c260a77d5e9}
    device partition=C:
    path \Windows\system32\winresume.exe
    description Windows Resume Application
    locale nl-NL
    inherit {resumeloadersettings}
    filedevice partition=C:
    filepath \hiberfil.sys
    debugoptionenabled No

    Windows-geheugentest
    --------------------
    id {memdiag}
    device partition=C:
    path \boot\memtest.exe
    description Windows Geheugencontrole
    locale nl-NL
    inherit {globalsettings}
    badmemoryaccess Yes

    EMS-instellingen
    ----------------
    id {emssettings}
    bootems Yes

    Debugger-instellingen
    ---------------------
    id {dbgsettings}
    debugtype Serial
    debugport 1
    baudrate 115200

    RAM-defecten
    ------------
    id {badmemory}

    Globale instellingen
    --------------------
    id {globalsettings}
    inherit {dbgsettings}
    {emssettings}
    {badmemory}

    Instellingen voor opstartlaadprogramma
    --------------------------------------
    id {bootloadersettings}
    inherit {globalsettings}
    {hypervisorsettings}

    Hypervisor-instellingen
    -------------------
    id {hypervisorsettings}
    hypervisordebugtype Serial
    hypervisordebugport 1
    hypervisorbaudrate 115200

    Instellingen voor hervattingslaadprogramma
    ------------------------------------------
    id {resumeloadersettings}
    inherit {globalsettings}

    Apparaatopties
    --------------
    id {dc51cacb-d949-11e0-a491-5c260a77d5e9}
    description Ramdisk Options
    ramdisksdidevice partition=C:
    ramdisksdipath \Recovery\dc51caca-d949-11e0-a491-5c260a77d5e9\boot.sdi


    ****** End Of Log ******

    I ran the second tool, which resolved two things in my safe mode: it activated my VPN client, and turned on my "High Definition Audio". However, in the "checked problems" section (and I'm hoping I'm translating this to English correctly), there's also a mention of the Security Processor Loader Driver not functioning correctly. I attached the report but it's in Dutch so probably not very helpful. It also says "Hardware changes are possibly not detected" as one of the 3 problems it found (aside from the VPN and Audio).

    I'll check whether I can access my normal mode.
    Edit: no luck yet...

    Attached Files:

  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay...

    See if the black screen problem goes away...it seems to be commonly caused by this Security Process Loader....
  16. Adriaan V

    Adriaan V Newcomer, in training Topic Starter Posts: 18

    Still black screen with just the cursor... But I'm not sure the Security Process Loader has been fixed? Since it was under 'Checked problems' and not 'Resolved problems' in the second tool...
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay. Let's get that graphic driver reinstalled here, and see what happens next...
  18. Adriaan V

    Adriaan V Newcomer, in training Topic Starter Posts: 18

    I think my mind maybe skipped a step. How do I reinstall the graphics driver? Sorry if it's a redundant question! :)
  19. Adriaan V

    Adriaan V Newcomer, in training Topic Starter Posts: 18

  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You may want to print this/write it down:

    Right click on the entry in Device Manager (Nvidia NVS 4200M graphics card)...then, it will be really funky (usually), because Windows will use the default Windows Display Driver.

    Restart the computer, and when it recognized the display driver (sometimes it will, other times it won't), let it install via Windows Update.

    If that doesn't occur, then go to Windows Update (click Start, type Windows Update and hit Enter). Search for updates. It should list the graphics driver under either Important or Optional. Install that, let it restart, and let me know if the problem resolved. :)
  21. Adriaan V

    Adriaan V Newcomer, in training Topic Starter Posts: 18

    Alright I'll go do that in a minute, but first I should probably mention this: the microsoft fix it tool also gave this in its result log under "checked problems": Windows Update is not configured for installing drivers & Updates for drivers are not automatically installed when they are detected by Windows Update.

    I'll go and try it now.
  22. Adriaan V

    Adriaan V Newcomer, in training Topic Starter Posts: 18

    Okay, so upon right clicking the NVIDIA card, I switched it off and restarted the computer. Nothing happened on the Windows Update front. Also, when trying to manually open Windows Update as you explained, nothing happened either. The update module (if there is supposed to be one popping up) did not open or run as far as I could tell. When in device manager, after right-clicking, I ask to "Update drivers", I get a message that there are no better or newer versions of my drivers available, and that the best drivers are already installed.

    There was also no funkiness :). However, there's also a Intel (HD) Graphics Family under the Display tab in Device Manager. Should I also switch this one off?

    And just one more thing I should mention: in the right bottom corner of the screen, next to the clock, I get a mention that the driver for PCI Simple Communications controller is not installed and cannot be installed. I don't know if that's relevant to my problem though.
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    I don't know about the PCI issue there...

    Let me know if there are anymore blank screen problems. What we can do is find the nVidia update for your display driver.
  24. Adriaan V

    Adriaan V Newcomer, in training Topic Starter Posts: 18

    Yes, nothing has changed onfortunately. I have not been able to use Windows Update, nor does it open when I click on the link directly. Device manager says I have the correct driver for the Nvidia card. Same for the Intel (HD) Graphics Family. So no progress yet.
  25. Adriaan V

    Adriaan V Newcomer, in training Topic Starter Posts: 18

    Ah, and to be sure that I did it correctly. You told me to rightclick the driver in Device Manager. But there are several options there. I figured you meant Deactivate, but was I perhaps supposed to Undo the installation or select another option?
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.