Solved [W7] Black screen+cursor after login, no key combinations work and no OS disk available

Status
Not open for further replies.

Adriaan V

TS Rookie
Hi guys,

I've extensively searched these forums and the interwebs, but to no avail. I've had a virus infection my laptop this evening, which I think I've removed but now I'm stuck with the after-effect: after login to the normal mode (so I do manage to login), the Windows loading icons appear but then I just get a black screen with the white cursor. Ctrl+alt+del does not result in anything, neither does tapping shift 5 times. In safe mode everything is fine (as far as I can tell). This is my latest Malwarebytes log:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Databaseversie: v2012.11.23.08

Windows 7 Service Pack 1 x64 NTFS (Veilige modus)
Internet Explorer 9.0.8112.16421
aheu529 :: NB8800043 [administrator]

2-2-2013 19:27:08
mbam-log-2013-02-02 (19-27-08).txt

Scantype: Volledige scan (C:\|D:\|)
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 467874
Verstreken tijd: 53 minuut/minuten, 43 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 1
C:\wamp\bin\apache\Apache2.2.14\bin\ab.exe (Trojan.Swrort) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

--------------------------------------------
The viruses that I Had were Trojan Swrort and Exploit.Drop.GS. I do think they're gone but yeah.

One thing I should mention: I don't have the original installation disk. Also, to complicate matters further, system repair has never been turned on for this laptop so I can't do that either.

I'd be very very thankful to anyone that can point me in the right direction. 'Cause I'm not seeing it...

Adriaan
 

Jay Pfoutz

Malware Helper
Hello, and welcome to TechSpot.


Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


ComboFix scan

Please download ComboFix
by sUBs
From TechSpot

Direct Link (alternative)

Please save the file to your Desktop.

[SIZE=7]Important information about ComboFix[/SIZE]


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
[SIZE=7]Troubleshooting ComboFix[/SIZE]

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 

Adriaan V

TS Rookie
Hello, thank you for the quick reply. First thing's first, I have Panda Cloud Cleaner which I disabled fine, and I also have Panda Antivirus Pro, which apparently I did not manage to disable. However I checked the processes running in the task manager, and no Panda related ones were running so I went ahead with the Combofix program... I ran this in safe mode since I can't access my normal mode. This is the log:

ComboFix 13-02-02.05 - aheu529 02-02-2013 21:52:02.1.8 - x64 NETWORK
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.31.1043.18.3977.3308 [GMT 1:00]
Gestart vanuit: c:\users\aheu529\Desktop\ComboFix.exe
AV: Panda Antivirus Pro 2013 *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\aheu529\AppData\Local\TempDIR
c:\users\aheu529\AppData\Local\TempDIR\AddTrust_External_CA_Root.der
c:\users\aheu529\AppData\Local\TempDIR\SecureW2.inf
c:\users\aheu529\AppData\Local\TempDIR\SecureW2_TTLS_333.exe
c:\users\aheu529\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-01-02 to 2013-02-02 ))))))))))))))))))))))))))))))
.
.
2013-02-02 20:58 . 2013-02-02 20:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-02 20:58 . 2013-02-02 20:58 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-01-29 11:22 . 2013-02-02 20:52 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC5BF95C-3C3A-48C9-AAB3-0536C87A32D3}\offreg.dll
2013-01-29 11:18 . 2013-01-15 01:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC5BF95C-3C3A-48C9-AAB3-0536C87A32D3}\mpengine.dll
2013-01-28 21:36 . 2012-05-31 10:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2013-01-28 21:18 . 2013-01-28 21:20 -------- d-----w- c:\windows\system32\appmgmt
2013-01-28 21:17 . 2013-01-28 21:17 -------- d-----w- c:\users\aheu529\AppData\Local\Panda Security
2013-01-28 21:12 . 2010-06-22 16:20 30792 ----a-w- c:\windows\system32\drivers\pavboot64.sys
2013-01-28 21:12 . 2007-03-15 17:38 46640 ----a-w- c:\windows\system32\pavcpl64.cpl
2013-01-28 21:12 . 2003-10-22 16:23 446464 ----a-w- c:\windows\SysWow64\HHActiveX.dll
2013-01-09 08:23 . 2013-01-09 08:23 16369160 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 08:23 . 2012-12-19 11:58 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 08:23 . 2011-09-07 12:55 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-12-09 01:11 194848 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\aheu529\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\aheu529\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\aheu529\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\aheu529\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Spotify Web Helper"="c:\users\aheu529\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-28 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"beid"="c:\program files (x86)\Belgium Identity Card\beid35gui.exe" [2011-07-06 2068480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-08-11 358336]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2012-08-21 333416]
"APVXDWIN"="c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\APVXDWIN.EXE" [2012-11-27 1037600]
"SCANINICIO"="c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\Inicio.exe" [2012-11-08 70432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-09-29 1089608]
.
c:\users\aheu529\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\aheu529\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-11 29425864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot64.sys [2010-06-22 30792]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-08-10 91864]
R1 ShldFlt;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShldFlt.sys [2009-10-27 48136]
R2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm6460.sys [2012-03-26 71432]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 PskSvcRetail;Panda PSK service;c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\PskSvc.exe [2010-08-16 28992]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2011-09-07 38440]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-19 71168]
R3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2011-09-07 56344]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-09-07 158976]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [2011-09-07 72808]
R3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-05 1255736]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-09-07 25960]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-29 270912]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2011-09-07 27760]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [2011-09-07 74984]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-09-07 83560]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2013-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-19 08:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\aheu529\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\aheu529\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\aheu529\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\aheu529\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-07 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-07 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-07 419096]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-09-07 608112]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-06-05 312936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.hogent.be
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\aheu529\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\aheu529\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 195.130.130.5 192.168.0.1
FF - ProfilePath - c:\users\aheu529\AppData\Roaming\Mozilla\Firefox\Profiles\xxhyjy7t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ncr
FF - ExtSQL: 2012-12-12 21:22; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF - user.js: extentions.y2layers.installId - baa47182-4fbb-48b1-a309-d6f8f378e992
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
------- Bestandsassociaties -------
.
JSEFile=c:\progra~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
Toolbar-Locked - (no file)
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-796845957-688789844-839522115-114486\Software\SecuROM\License information*]
"datasecu"=hex:7c,09,24,99,f9,c2,7f,ef,6d,bb,4b,9c,32,bb,f6,85,5d,04,19,d8,4d,
bb,bb,42,cb,d2,3e,d7,f5,fb,62,40,da,c9,22,6e,78,1b,23,cc,27,77,77,16,2c,b9,\
"rkeysecu"=hex:0c,a3,47,51,c6,5b,ae,b3,1c,24,32,c9,2f,2c,9a,52
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2013-02-02 22:02:21
ComboFix-quarantined-files.txt 2013-02-02 21:02
.
Pre-Run: 26.276.401.152 bytes beschikbaar
Post-Run: 31.093.448.704 bytes beschikbaar
.
- - End Of File - - F94CB929C48921248299F34B5A0F9AD5

Thank you very very much for your help!
 

Jay Pfoutz

Malware Helper
You're welcome! :D Next steps:

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.



-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue




----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.





--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.



RogueKiller Scan

  • Download RogueKiller from the following link and save it on your desktop:
    TechSpot
    Official Site (alternative)
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan


  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.


  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.
 

Adriaan V

TS Rookie
Alright, I did all this in Safe Mode. In attachment is the log file from TDSSKiller (there was only one suspicious file which I suppose is from my virtual server that I've had installed for ages), and here are the 3 log files that RogueKiller created on my desktop:

1:

RogueKiller V8.4.4 [Feb 1 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestart vanuit : Veilige modus met netwerk ondersteuning
Gebruiker : aheu529 [Administrator rechten]
Modus : Scan -- Datum : 02/02/2013 23:53:03
| ARK || MBR |

¤¤¤ Kwaadaardige processen : 0 ¤¤¤

¤¤¤ Register verwijzingen : 8 ¤¤¤
[RUN][BLACKLISTDLL] HKLM\[...]\Run : NVHotkey (rundll32.exe C:\Windows\system32\nvHotkey.dll,Start) -> gevonden
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> gevonden
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> gevonden
[HJ] HKLM\[...]\System : EnableLUA (0) -> gevonden
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> gevonden
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> gevonden
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> gevonden
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> gevonden

¤¤¤ Speciale Files / Folders: ¤¤¤

¤¤¤ Driver : [Niet geladen] ¤¤¤

¤¤¤ HOSTS Bestand: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Controle: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEKT-75PVMT0 +++++
--- User ---
[MBR] 1a66b5f505f2696f25508c416c01e12b
[BSP] f24548a1571b28063fa107a5b9022d6a : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 122880 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 251660288 | Size: 115593 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Gereed : << RKreport[1]_S_02022013_02d2353.txt >>
RKreport[1]_S_02022013_02d2353.txt


------------------------
--------------------------
2:

RogueKiller V8.4.4 [Feb 1 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestart vanuit : Veilige modus met netwerk ondersteuning
Gebruiker : aheu529 [Administrator rechten]
Modus : Verwijder -- Datum : 02/02/2013 23:53:24
| ARK || MBR |

¤¤¤ Kwaadaardige processen : 0 ¤¤¤

¤¤¤ Register verwijzingen : 6 ¤¤¤
[RUN][BLACKLISTDLL] HKLM\[...]\Run : NVHotkey (rundll32.exe C:\Windows\system32\nvHotkey.dll,Start) -> Verwijderd
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> Verwijderd
[HJ] HKLM\[...]\System : EnableLUA (0) -> VERVANGEN (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> VERVANGEN (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> VERVANGEN (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> VERVANGEN (0)

¤¤¤ Speciale Files / Folders: ¤¤¤

¤¤¤ Driver : [Niet geladen] ¤¤¤

¤¤¤ HOSTS Bestand: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Controle: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEKT-75PVMT0 +++++
--- User ---
[MBR] 1a66b5f505f2696f25508c416c01e12b
[BSP] f24548a1571b28063fa107a5b9022d6a : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 122880 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 251660288 | Size: 115593 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Gereed : << RKreport[2]_D_02022013_02d2353.txt >>
RKreport[1]_S_02022013_02d2353.txt ; RKreport[2]_D_02022013_02d2353.txt


---------------
----------------------
3:

RogueKiller V8.4.4 [Feb 1 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestart vanuit : Veilige modus met netwerk ondersteuning
Gebruiker : aheu529 [Administrator rechten]
Modus : Snelkoppelingen HJfix -- Datum : 02/02/2013 23:53:47
| ARK || MBR |

¤¤¤ Kwaadaardige processen : 0 ¤¤¤

¤¤¤ Driver : [Niet geladen] ¤¤¤

¤¤¤ Bestandattributen hersteld: ¤¤¤
Bureaublad: Success 1 / Fail 0
Snelstarten: Success 1 / Fail 0
Programma's: Success 12 / Fail 0
menu Start: Success 1 / Fail 0
Gebruikersmap: Success 260 / Fail 0
Mijn documenten: Success 7 / Fail 7
Mijn favorieten: Success 0 / Fail 0
Mijn afbeeldingen: Success 1 / Fail 0
Mijn muziek: Success 212 / Fail 0
Mijn videos: Success 0 / Fail 0
Lokale harde schijven: Success 225 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[G:] \Device\CdRom1 -- 0x5 --> Skipped

Gereed : << RKreport[3]_SC_02022013_02d2353.txt >>
RKreport[1]_S_02022013_02d2353.txt ; RKreport[2]_D_02022013_02d2353.txt ; RKreport[3]_SC_02022013_02d2353.txt



------------------------------------
--------------------------------------------

Hope you see some "light at the end of the tunnel" ! :)
 

Attachments

Jay Pfoutz

Malware Helper
OTL Quick Scan

Please download OTL by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Quick Scan button and let the program run uninterrupted.
  • It will produce a log for you called OTL.txt, please post it in your next reply.
  • You may need to use two posts to get it all.
 

Adriaan V

TS Rookie
This is the log, run from Safe Mode:

OTL logfile created on: 3-2-2013 1:33:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\aheu529\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3,88 Gb Total Physical Memory | 2,89 Gb Available Physical Memory | 74,34% Memory free
7,77 Gb Paging File | 7,06 Gb Available in Paging File | 90,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 120,00 Gb Total Space | 29,02 Gb Free Space | 24,19% Space Free | Partition Type: NTFS
Drive D: | 112,88 Gb Total Space | 36,32 Gb Free Space | 32,18% Space Free | Partition Type: NTFS

Computer Name: NB8800043 | User Name: aheu529 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-02-03 01:32:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\aheu529\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2011-09-07 13:08:04 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013-01-18 22:06:51 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-01-09 09:24:00 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-11-19 17:11:38 | 000,177,440 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsCtrlS.exe -- (Panda Software Controller)
SRV - [2012-11-16 12:52:52 | 000,173,344 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\TPSrvWow.exe -- (TPSrv)
SRV - [2012-11-09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-10-02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-09-21 07:25:02 | 000,202,016 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2012-08-21 15:06:00 | 000,132,712 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2011-09-26 11:17:16 | 009,665,536 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe -- (wampmysqld)
SRV - [2011-04-13 11:44:10 | 000,313,664 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\pavsrvx86.exe -- (PAVSRV)
SRV - [2011-03-04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010-11-05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010-08-16 13:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\psksvc.exe -- (PskSvcRetail)
SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-09-28 21:41:12 | 000,024,645 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- c:\wamp\bin\apache\Apache2.2.14\bin\httpd.exe -- (wampapache)
SRV - [2009-09-18 03:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009-09-18 03:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-06-19 11:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Stopped] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsImSvc.exe -- (PSIMSVC)
SRV - [2008-02-04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe -- (PavPrSrv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-09-29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012-03-26 17:57:36 | 000,071,432 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\amm6460.sys -- (AmFSM)
DRV:64bit: - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-10-29 11:04:06 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011-09-07 13:25:19 | 000,355,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011-09-07 13:08:05 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2011-09-07 13:08:05 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
DRV:64bit: - [2011-09-07 13:08:05 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)
DRV:64bit: - [2011-09-07 13:07:49 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011-09-07 13:07:48 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011-09-07 13:07:36 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011-09-07 13:07:33 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2011-09-07 13:07:32 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011-09-07 13:07:31 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011-09-07 13:07:30 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2011-09-07 13:07:30 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011-09-07 13:07:30 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2011-09-07 13:07:30 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2011-08-10 23:20:26 | 000,091,864 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-03-04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010-11-20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010-11-20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010-11-20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010-11-20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010-11-20 04:33:58 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010-11-20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 02:07:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010-11-20 02:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 02:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-11-20 02:03:44 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010-11-20 02:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-11-20 00:57:44 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010-11-05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010-08-20 10:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010-06-22 17:20:18 | 000,030,792 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2010-02-08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009-10-27 11:07:42 | 000,048,136 | ---- | M] (Panda Security, S.L.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\ShldFlt.sys -- (ShldFlt)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009-07-14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008-11-16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2009-09-18 03:00:00 | 000,026,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.hogent.be
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{ACB28D5E-5887-499E-9D51-488AD98C86DC}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ncr"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\belgiumeid@eid.belgium.be: C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-05-18 22:44:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012-12-12 21:22:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-01-18 22:06:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-01-18 22:06:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012-06-11 16:57:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011-09-12 09:43:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aheu529\AppData\Roaming\mozilla\Extensions
[2012-12-19 17:36:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aheu529\AppData\Roaming\mozilla\Firefox\Profiles\xxhyjy7t.default\extensions
[2012-05-18 22:44:54 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\aheu529\AppData\Roaming\mozilla\firefox\profiles\xxhyjy7t.default\extensions\DivXWebPlayer@divx.com.xpi
[2012-12-13 22:03:42 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\aheu529\AppData\Roaming\mozilla\firefox\profiles\xxhyjy7t.default\extensions\firebug@software.joehewitt.com.xpi
[2013-01-18 22:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013-01-18 22:06:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013-01-18 22:06:39 | 000,000,000 | ---D | M] (eID België) -- C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
[2012-05-18 22:44:28 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013-01-18 22:06:52 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011-08-11 12:18:12 | 000,128,960 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2011-08-10 23:16:34 | 000,096,192 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2011-08-11 12:18:30 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2011-08-11 12:18:08 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2012-02-09 11:00:28 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011-08-11 12:19:38 | 000,436,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2011-08-10 23:16:34 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012-08-25 03:37:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012-12-05 18:49:08 | 000,002,616 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml
[2012-12-05 18:49:08 | 000,004,771 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml
[2012-12-05 18:49:08 | 000,001,262 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-nl.xml

O1 HOSTS File: ([2013-02-02 21:59:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [beid] C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe (Belgian Government)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\Inicio.exe (Panda Security, S.L.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\aheu529\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\aheu529\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\aheu529\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\aheu529\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\aheu529\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\aheu529\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\aheu529\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.5 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = edu.ads.hogent.be
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89966CBF-AAB8-47F1-AD6E-352A24F31BD3}: DhcpNameServer = 195.130.130.5 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\avldr: DllName - (avldr64.dll) - C:\Windows\SysNative\avldr64.dll (On-Access Anti-Malware Scanner Sync)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-02-03 01:32:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\aheu529\Desktop\OTL.exe
[2013-02-02 23:52:47 | 000,000,000 | ---D | C] -- C:\Users\aheu529\Desktop\RK_Quarantine
[2013-02-02 22:02:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013-02-02 21:50:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013-02-02 21:50:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013-02-02 21:50:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013-02-02 21:45:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013-02-02 21:45:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013-02-02 21:41:53 | 005,029,149 | R--- | C] (Swearware) -- C:\Users\aheu529\Desktop\ComboFix.exe
[2013-01-28 22:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013-01-28 22:20:05 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013-01-28 22:18:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013-01-28 22:17:29 | 000,000,000 | ---D | C] -- C:\Users\aheu529\AppData\Local\Panda Security
[2013-01-28 22:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013-01-28 22:12:36 | 000,030,792 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2013-01-28 22:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Antivirus Pro 2013
[2013-01-28 22:12:20 | 000,046,640 | ---- | C] (Panda Software) -- C:\Windows\SysNative\pavcpl64.cpl
[2013-01-28 22:12:02 | 000,446,464 | ---- | C] (eHelp Corporation.) -- C:\Windows\SysWow64\HHActiveX.dll
[2013-01-28 22:11:58 | 000,323,392 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\TpUtil64.dll
[2013-01-28 22:11:58 | 000,202,048 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysWow64\TpUtilWow.dll
[2013-01-28 22:11:58 | 000,117,024 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\PavLspHook64.dll
[2013-01-28 22:11:58 | 000,090,944 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\PavIpc64.dll
[2013-01-28 22:11:58 | 000,087,328 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysWow64\PavLspHookWow.dll
[2013-01-28 22:11:58 | 000,066,880 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysWow64\PavIpcWow.dll
[2013-01-28 22:11:58 | 000,025,344 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysWow64\sysHelper32.dll
[2013-01-28 22:11:58 | 000,024,064 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\sysHelper64.dll
[2013-01-28 22:11:57 | 000,837,920 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\PavSHook64.dll
[2013-01-28 22:11:57 | 000,545,056 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysWow64\PavSHookWow.dll
[2013-01-28 22:11:53 | 000,071,432 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\amm6460.sys
[2013-01-28 22:11:53 | 000,064,768 | ---- | C] (On-Access Anti-Malware Scanner Sync) -- C:\Windows\SysNative\avldr64.dll
[2013-01-28 22:11:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\PAV
[2013-01-28 22:11:52 | 000,000,000 | ---D | C] -- C:\Users\aheu529\AppData\Roaming\Panda Security
[2013-01-28 22:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013-01-28 22:11:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2013-01-28 22:11:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013-01-28 22:11:28 | 000,048,136 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\ShldFlt.sys
[2013-01-28 22:11:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panda Security
[2013-01-18 22:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013-02-03 01:32:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\aheu529\Desktop\OTL.exe
[2013-02-02 23:52:08 | 000,771,072 | ---- | M] () -- C:\Users\aheu529\Desktop\RogueKiller.exe
[2013-02-02 21:59:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013-02-02 21:42:14 | 005,029,149 | R--- | M] (Swearware) -- C:\Users\aheu529\Desktop\ComboFix.exe
[2013-02-02 20:35:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-02-02 20:35:16 | 3127,586,816 | -HS- | M] () -- C:\hiberfil.sys
[2013-02-02 18:52:54 | 000,001,273 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2013-02-02 17:58:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-02-01 09:45:30 | 000,008,627 | ---- | M] () -- C:\Windows\SysWow64\PAV_FOG.OPC
[2013-01-30 19:19:59 | 000,034,361 | ---- | M] () -- C:\Users\aheu529\Documents\580793_10151275059282995_2011087146_n.jpg
[2013-01-29 11:30:01 | 000,012,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-01-29 11:30:01 | 000,012,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-01-28 22:58:03 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013-01-28 22:12:45 | 000,002,115 | ---- | M] () -- C:\Users\aheu529\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2013.lnk
[2013-01-28 22:12:45 | 000,000,262 | ---- | M] () -- C:\Windows\SysNative\PavCPL64.dat
[2013-01-28 22:12:37 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Panda Antivirus Pro 2013.lnk
[2013-01-23 18:22:57 | 000,032,049 | ---- | M] () -- C:\Users\aheu529\Desktop\DIABOLO-TOESLAG_NAAR_BRU-NAT-L_ADRIAAN_VANHEULE_1.pdf
[2013-01-07 08:28:03 | 000,005,470 | R-S- | M] () -- C:\ProgramData\ntuser.pol

========== Files Created - No Company Name ==========

[2013-02-02 23:52:09 | 000,771,072 | ---- | C] () -- C:\Users\aheu529\Desktop\RogueKiller.exe
[2013-02-02 21:50:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013-02-02 21:50:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013-02-02 21:50:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013-02-02 21:50:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013-02-02 21:50:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013-02-02 18:52:54 | 000,001,273 | ---- | C] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2013-01-30 19:17:40 | 000,034,361 | ---- | C] () -- C:\Users\aheu529\Documents\580793_10151275059282995_2011087146_n.jpg
[2013-01-28 22:58:03 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013-01-28 22:40:35 | 000,008,627 | ---- | C] () -- C:\Windows\SysWow64\PAV_FOG.OPC
[2013-01-28 22:12:45 | 000,002,115 | ---- | C] () -- C:\Users\aheu529\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2013.lnk
[2013-01-28 22:12:45 | 000,000,262 | ---- | C] () -- C:\Windows\SysNative\PavCPL64.dat
[2013-01-28 22:12:37 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\Panda Antivirus Pro 2013.lnk
[2013-01-23 18:22:57 | 000,032,049 | ---- | C] () -- C:\Users\aheu529\Desktop\DIABOLO-TOESLAG_NAAR_BRU-NAT-L_ADRIAAN_VANHEULE_1.pdf
[2012-12-02 15:23:54 | 000,003,584 | ---- | C] () -- C:\Users\aheu529\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-08-07 21:28:25 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011-12-26 18:05:49 | 000,018,944 | ---- | C] () -- C:\Windows\eraser.exe
[2011-09-12 08:22:13 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011-09-12 08:22:13 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011-09-12 08:03:58 | 000,001,410 | R-S- | C] () -- C:\Users\aheu529\ntuser.pol
[2011-09-07 13:21:40 | 000,004,764 | ---- | C] () -- C:\Windows\SysWow64\CcmFramework.ini
[2011-09-07 13:07:37 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011-09-07 13:07:36 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011-09-07 13:07:35 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011-07-05 08:58:00 | 000,005,470 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2011-07-05 08:57:11 | 001,687,606 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-07-05 08:55:58 | 000,000,392 | ---- | C] () -- C:\Windows\SMSCFG.INI

========== ZeroAccess Check ==========

[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012-12-28 19:17:44 | 000,000,000 | ---D | M] -- C:\Users\aheu529\AppData\Roaming\Audacity
[2012-07-01 18:25:50 | 000,000,000 | ---D | M] -- C:\Users\aheu529\AppData\Roaming\com.prezi.PreziDesktop
[2011-10-29 11:04:46 | 000,000,000 | ---D | M] -- C:\Users\aheu529\AppData\Roaming\DAEMON Tools Lite
[2013-01-02 23:28:42 | 000,000,000 | ---D | M] -- C:\Users\aheu529\AppData\Roaming\Dropbox
[2012-12-12 21:38:13 | 000,000,000 | ---D | M] -- C:\Users\aheu529\AppData\Roaming\DVDVideoSoft
[2012-12-12 21:22:19 | 000,000,000 | ---D | M] -- C:\Users\aheu529\AppData\Roaming\DVDVideoSoftIEHelpers
[2012-01-30 15:16:36 | 000,000,000 | ---D | M] -- C:\Users\aheu529\AppData\Roaming\ICAClient
[2013-01-28 22:11:52 | 000,000,000 | ---D | M] -- C:\Users\aheu529\AppData\Roaming\Panda Security
[2013-02-02 18:03:14 | 000,000,000 | ---D | M] -- C:\Users\aheu529\AppData\Roaming\Spotify
[2012-06-11 16:57:53 | 000,000,000 | ---D | M] -- C:\Users\aheu529\AppData\Roaming\Thunderbird
[2013-01-29 21:42:54 | 000,000,000 | ---D | M] -- C:\Users\aheu529\AppData\Roaming\uTorrent
[2011-09-14 18:32:48 | 000,000,000 | ---D | M] -- C:\Users\aheu529\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6CC69D3C

< End of report >
 

Adriaan V

TS Rookie
And the Extras file from OTL

OTL Extras logfile created on: 3-2-2013 1:33:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\aheu529\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3,88 Gb Total Physical Memory | 2,89 Gb Available Physical Memory | 74,34% Memory free
7,77 Gb Paging File | 7,06 Gb Available in Paging File | 90,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 120,00 Gb Total Space | 29,02 Gb Free Space | 24,19% Space Free | Partition Type: NTFS
Drive D: | 112,88 Gb Total Space | 36,32 Gb Free Space | 32,18% Space Free | Partition Type: NTFS

Computer Name: NB8800043 | User Name: aheu529 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PAVSCRIP.EXE (Panda Security, S.L.)
.wsf[@ = WSFFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PAVSCRIP.EXE (Panda Security, S.L.)
.wsh[@ = WSHFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PAVSCRIP.EXE (Panda Security, S.L.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PAVSCRIP.EXE (Panda Security, S.L.)
.wsf [@ = WSFFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PAVSCRIP.EXE (Panda Security, S.L.)
.wsh [@ = WSHFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PAVSCRIP.EXE (Panda Security, S.L.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
wshfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
wshfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{052A9C93-EDBA-466C-AB00-628B8901C8AA}" = lport=445 | protocol=6 | dir=in | name=mmc |
"{05D9286C-23A1-4C28-A816-9F3066DA67D8}" = lport=3389 | protocol=6 | dir=in | name=rdp |
"{0FAC01B4-B1C8-4964-B942-E0B0F77761EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{22F87840-0E53-45BA-AC9E-3FF2B113DBC7}" = lport=2702 | protocol=6 | dir=in | name=remote tools |
"{2F6D75E5-15BE-4058-AB83-F5AD7AB713E2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{33082ED3-FC8A-4BE0-ACF9-D3099576C5EB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{37501BFF-2725-4F11-BBF1-383D412A8A1C}" = lport=135 | protocol=6 | dir=in | name=remote tools |
"{42833DE7-FD0C-431F-8E83-E4DB31297309}" = lport=445 | protocol=6 | dir=in | name=mmc |
"{494D7EA8-E8B9-4784-8726-5A90C5E13E3A}" = lport=135 | protocol=6 | dir=in | name=remote tools |
"{4FFD4382-7661-47AD-B294-07CE71FE65D3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7EF7BA60-97F4-4156-B4EE-D35D6ADE9B5A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{94FE9ED8-B5A9-47AA-9979-366D2E8F38D8}" = lport=135 | protocol=6 | dir=in | name=wmi |
"{957ADA20-3235-41E5-8D42-6824C787BF69}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{95C3D0D5-8826-45A5-A90D-5506C905F1FB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AA15681B-0BA9-476D-9B0B-51A3A1029C0F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{B0F527D4-A28C-435F-A697-F412DD09B976}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B7201DAC-E042-4D75-BFB1-BB4B24CA32FC}" = lport=2701 | protocol=6 | dir=in | name=remote tools |
"{B7F55B29-6D72-41CD-A002-643F61F8A4F6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CD566EA1-57BA-45FA-96E0-5E914CE17294}" = lport=2701 | protocol=6 | dir=in | name=remote tools |
"{D7426ED5-C532-4A1D-A4D7-F294894FD5FA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DF66A2B4-AEED-4BAF-B317-BD8A6AD98A44}" = lport=2702 | protocol=6 | dir=in | name=remote tools |
"{EC33BADA-B89B-4DAE-BA79-DCE419393CD4}" = lport=135 | protocol=6 | dir=in | name=wmi |
"{F0977948-E447-4B14-AE18-CDAE760F3102}" = lport=3389 | protocol=6 | dir=in | name=rdp |
"{F0DD064B-8607-4B3C-868D-72AD98BB7345}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE4F9E0C-1896-4BB5-94B6-272EF7FFF4D8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B88A1BE-BB01-42C2-BC22-1D207D74E3B3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{0C2E3D11-3374-45E8-A082-BDF6D4E28AA1}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{0D50DC14-7783-4BBB-88D4-8D3AC087492A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{11E2A54C-7E31-4242-B30A-E9788595B6D1}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{1483A0EB-EEC7-48D0-9FFC-F6DCF15FFA09}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1843FE84-A0FC-479D-8E9C-9F197D1DCFE6}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{1BBB05F9-6CF9-45D0-8046-3FA86DC0EA2D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{1DDC2270-82C9-4C55-B87B-CEDB9CABCBD9}" = protocol=1 | dir=in | name=icmp |
"{1F4DB700-597A-4B7C-A1A0-214631121E6A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{28FFF494-AB6C-430F-B92E-3CEA50C14D10}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{2ADD8E03-7D1C-4503-9C31-D71E449BAC17}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2B0EF239-E4FD-4EB0-B8F3-E4DF1B16C762}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2BEC5A16-80C1-405E-BBE1-73818B179B75}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2C288F26-2D35-4545-BA23-EDF05E2095FF}" = protocol=6 | dir=out | app=system |
"{2E6F466F-F397-491A-87A7-9D6F57480022}" = protocol=6 | dir=in | app=c:\users\aheu529\appdata\roaming\spotify\spotify.exe |
"{3536C1CD-AE55-491A-9C19-989CFF5354EE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3DF7F5A5-7A25-46B3-890B-30702DD34DBC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{43AFC10A-CDD8-4563-83F8-FD4B9A6BC535}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{51FDC1A5-1610-4917-AA21-8CEB4B105834}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{52359E78-A144-4B39-BBE3-FE6C6D8D54EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{55151905-E716-440D-A886-5178A215E920}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FF36FA0-E7A2-4241-83DD-2E6A336D8B81}" = protocol=6 | dir=in | name=windows management instrumentation (async-in) |
"{7556A0C2-B4E0-43E5-8BE5-E83785E22EDA}" = protocol=6 | dir=in | name=windows management instrumentation (wmi-in) |
"{785857CF-AAB8-4E05-8C32-DA777A1AD77D}" = protocol=1 | dir=in | name=icmp |
"{797EAD04-2ABF-49FB-839A-9BB8FBCF8F29}" = protocol=17 | dir=in | app=c:\users\aheu529\appdata\roaming\spotify\spotify.exe |
"{7E5301DD-91B2-44F1-B52D-3585DF8B0596}" = protocol=6 | dir=in | name=windows management instrumentation (dcom-in) |
"{86C1AD6C-6BE2-45B6-9286-3534876E9423}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{87880EFF-64EA-49E1-8F70-DB2A5FE39960}" = protocol=6 | dir=in | name=windows management instrumentation (wmi-in) |
"{8BF0A4B2-DB81-4869-B597-2CE5229E93BE}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{8E6FF6A0-DA5C-42C1-9789-DEE413F5593B}" = protocol=17 | dir=in | app=c:\users\aheu529\appdata\roaming\spotify\spotify.exe |
"{95810FAB-E998-49FF-9192-52D4802C83AC}" = protocol=6 | dir=in | name=windows management instrumentation (async-in) |
"{9F141639-B83C-4969-A98F-43A578169F30}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A068974C-ABDC-4424-AAF2-FF249044B0B3}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{A2F9937F-BF45-4A80-82EE-FE45DAD7D2A1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AAC2D00F-80D7-4B64-AB3B-D35170D86513}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{B9F21120-1CD9-47B1-BA75-E110C876F189}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C1FC4CC1-1875-4114-B61E-EBF0D3A61856}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C3F8CB27-2189-40E0-A1AB-93C00970A896}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{D04D66AB-1F08-4897-876D-D7C92B8B9C5B}" = protocol=17 | dir=in | app=c:\users\aheu529\appdata\roaming\dropbox\bin\dropbox.exe |
"{D3BFFFFB-B652-4B84-B13F-35573320834B}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{DB719BE8-001D-47E0-A81C-F2406F009F1A}" = protocol=6 | dir=in | app=c:\users\aheu529\appdata\roaming\spotify\spotify.exe |
"{E07AF60A-888B-4A04-8E54-108C9ECE1836}" = protocol=17 | dir=in | app=c:\users\aheu529\appdata\roaming\spotify\spotify.exe |
"{E0C0D7BC-7DD0-4981-91D6-6C1B586AFDF7}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{E2CBBFB1-868A-47B6-B6E8-F378610A308D}" = protocol=6 | dir=in | name=windows management instrumentation (dcom-in) |
"{E2F3E6F3-40FA-41CE-8C26-D80E22419ED7}" = protocol=6 | dir=in | app=c:\users\aheu529\appdata\roaming\spotify\spotify.exe |
"{EBA1DD61-A9B1-4CB1-8598-1E6A1FD4CD5E}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{EC5BE1A1-3775-4D0A-A3ED-4E6681C6F679}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{F06F0994-2BBA-427D-9263-450F8B4753CF}" = protocol=6 | dir=in | app=c:\users\aheu529\appdata\roaming\dropbox\bin\dropbox.exe |
"{FF4A9771-C658-4B28-B96E-FAE82008FB3D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{29A26672-E9FB-43B4-AA5E-C1B88C92656B}C:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" = protocol=6 | dir=in | app=c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe |
"TCP Query User{5DE40522-E062-4513-B96C-C0DB2B115EDE}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{60573DD4-9205-4D2A-8798-B07DEE3C9137}C:\wamp\bin\apache\apache2.2.14\bin\httpd.exe" = protocol=6 | dir=in | app=c:\wamp\bin\apache\apache2.2.14\bin\httpd.exe |
"TCP Query User{6B303833-35C0-4418-B540-D4484E91C7C5}C:\program files (x86)\panda security\panda antivirus pro 2013\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\panda security\panda antivirus pro 2013\apvxdwin.exe |
"TCP Query User{72567A04-4B76-43C3-8905-C403A31AD4A2}C:\program files (x86)\leechftp\leechftp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe |
"TCP Query User{A51B82E1-93E7-43E9-8868-79B0D8C0A929}C:\program files (x86)\leechftp\leechftp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe |
"TCP Query User{C2D9589D-0BE8-4F39-A902-27F8C359FEBF}C:\test\wamp\bin\apache\apache2.2.21\bin\httpd.exe" = protocol=6 | dir=in | app=c:\test\wamp\bin\apache\apache2.2.21\bin\httpd.exe |
"TCP Query User{F271A10A-071C-44D9-A2DE-C73D23B2E576}C:\users\aheu529\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\aheu529\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{0C426A43-C26C-4007-857E-0D40D8E96D85}C:\test\wamp\bin\apache\apache2.2.21\bin\httpd.exe" = protocol=17 | dir=in | app=c:\test\wamp\bin\apache\apache2.2.21\bin\httpd.exe |
"UDP Query User{0E997F1A-E378-4BCE-A4AD-C1565276987B}C:\program files (x86)\leechftp\leechftp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe |
"UDP Query User{7C017134-B4C3-4A94-ABAC-720AFFC30BB2}C:\wamp\bin\apache\apache2.2.14\bin\httpd.exe" = protocol=17 | dir=in | app=c:\wamp\bin\apache\apache2.2.14\bin\httpd.exe |
"UDP Query User{D1D10756-2080-464C-B2C3-7A07B0BADE79}C:\users\aheu529\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\aheu529\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{D1E72819-7A12-4380-9AA1-D38EE6F59D24}C:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" = protocol=17 | dir=in | app=c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe |
"UDP Query User{E3BBD52F-5C6C-453F-8262-13E7DEE5F307}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{E8A2FFDB-1C84-41BD-9854-1C04AE93A936}C:\program files (x86)\leechftp\leechftp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe |
"UDP Query User{FDC86599-A669-4631-8199-E9ACBD569663}C:\program files (x86)\panda security\panda antivirus pro 2013\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\panda security\panda antivirus pro 2013\apvxdwin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{824563DE-75AD-4166-9DC0-B6482F206968}" = Belgium e-ID middleware 3.5.6 (build 6968)
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{B03912CE-DF97-4CAB-8568-A2506C6CB992}" = Basissoftware voor HP Officejet 6500 E710a-f
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"0E9F0DFCEB7739D0CA4C8BB64F515A3C48435170" = Stuurprogrammapakket voor Windows - Fedict SmartCard (06/30/2011 4.0.0.4)
"EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Haelp
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0B74F57C-4636-4D70-A7A9-95074DF21802}" = Citrix Receiver(Aero)
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{164B26C5-9BC9-48E8-8FB5-C3C0AC0FE1C8}" = Citrix Receiver Inside
"{1995804A-B1A2-4826-99DD-CEA1352D090B}" = McAfee Agent
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2CCC6CF7-2F2B-4D72-831C-59D964D01783}" = Panda Antivirus Pro 2013
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{50DD347D-AE3C-78A6-168D-E836D5333BED}" = Prezi Desktop
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5D61A009-4B5D-4A2B-8B3F-A00148AC3FCE}" = Panda Antivirus Pro 2013
"{66E3BA00-6B3D-466B-96FA-6309A7F42BB0}" = Adobe Flash Player 10 ActiveX
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C9377F-5ED1-4AD8-B113-7C876AEAF3AB}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B35E54A8-E843-419C-8158-5462E2D4EB03}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2010
"{90140000-0015-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2010
"{90140000-0016-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2010
"{90140000-0018-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2010
"{90140000-0019-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2010
"{90140000-001A-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2010
"{90140000-001B-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0413-0000-0000000FF1CE}_Office14.PROPLUS_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0413-1000-0000000FF1CE}_Office14.PROPLUS_{B9427E36-0B0A-48F4-8A51-1C178708A28E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2010
"{90140000-002C-0413-0000-0000000FF1CE}_Office14.PROPLUS_{D3B92058-CF96-445F-A297-F7ED19C4E841}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{B35E54A8-E843-419C-8158-5462E2D4EB03}" =
"{90140000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2010
"{90140000-0044-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2010
"{90140000-006E-0413-0000-0000000FF1CE}_Office14.PROPLUS_{260407D0-98A1-4D9A-A956-3D1DEDDDF3B9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{B35E54A8-E843-419C-8158-5462E2D4EB03}" =
"{90140000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2010
"{90140000-00A1-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{B35E54A8-E843-419C-8158-5462E2D4EB03}" =
"{90140000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2010
"{90140000-00BA-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90B45DFA-5DD9-47F0-BCC7-F25B9562A738}" = Citrix Receiver(USB)
"{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{AAE587E4-E661-4DB5-96DF-6E31C548F186}_is1" = Password Depot 6 - Panda Secure Vault Edition
"{AC76BA86-7AD7-1043-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Nederlands
"{AD6E2415-407E-40D3-A550-126E67509D84}" = Citrix Receiver(DV)
"{AE2E0F4A-E08F-4A15-B4DC-D8FC9CEFF9C7}" = Online Plug-in
"{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1D603C4-8C68-40F3-85AE-6DBEF3B712B5}" = Citrix Receiver (HDX Flash Redirection)
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E55FB276-73C9-4776-AB53-BC028C0509ED}" = Panda Antivirus Pro 2013
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery
"{FA75723A-BF4A-40A2-BFCB-BBC320C27DC9}" = Windows Live Mail
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FEFD91C5-A25D-48D9-89DA-0FB7BB8B3EF7}" = Windows Live Writer Resources
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0.2
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"com.prezi.PreziDesktop" = Prezi Desktop
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX Setup
"Free YouTube Download_is1" = Free YouTube Download version 3.1.41.1201
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"Genographer 2.1" = Genographer 2.1
"LAME_is1" = LAME v3.99.3 (for Windows)
"LeechFTP" = LeechFTP
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.65.1.1000
"Mozilla Firefox 18.0.1 (x86 nl)" = Mozilla Firefox 18.0.1 (x86 nl)
"Mozilla Thunderbird 13.0 (x86 nl)" = Mozilla Thunderbird 13.0 (x86 nl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"PS3 Media Server" = PS3 Media Server
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.5
"WampServer 2_is1" = WampServer 2.2
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20-12-2012 9:15:43 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Overgeslagen: de validatie van Eap method DLL path is mislukt. Fout:
id van type=21, id van auteur=0, id van leverancier=0, type leverancier=0

Error - 20-12-2012 9:15:43 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Overgeslagen: de validatie van Eap method DLL path is mislukt. Fout:
id van type=21, id van auteur=0, id van leverancier=0, type leverancier=0

Error - 20-12-2012 10:20:03 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Overgeslagen: de validatie van Eap method DLL path is mislukt. Fout:
id van type=21, id van auteur=0, id van leverancier=0, type leverancier=0

Error - 20-12-2012 18:02:55 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Overgeslagen: de validatie van Eap method DLL path is mislukt. Fout:
id van type=21, id van auteur=0, id van leverancier=0, type leverancier=0

Error - 21-12-2012 1:08:28 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Overgeslagen: de validatie van Eap method DLL path is mislukt. Fout:
id van type=21, id van auteur=0, id van leverancier=0, type leverancier=0

Error - 21-12-2012 3:26:16 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Overgeslagen: de validatie van Eap method DLL path is mislukt. Fout:
id van type=21, id van auteur=0, id van leverancier=0, type leverancier=0

Error - 21-12-2012 3:26:17 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Overgeslagen: de validatie van Eap method DLL path is mislukt. Fout:
id van type=21, id van auteur=0, id van leverancier=0, type leverancier=0

Error - 21-12-2012 3:26:17 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Overgeslagen: de validatie van Eap method DLL path is mislukt. Fout:
id van type=21, id van auteur=0, id van leverancier=0, type leverancier=0

Error - 21-12-2012 3:34:31 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Overgeslagen: de validatie van Eap method DLL path is mislukt. Fout:
id van type=21, id van auteur=0, id van leverancier=0, type leverancier=0

Error - 21-12-2012 3:34:31 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Overgeslagen: de validatie van Eap method DLL path is mislukt. Fout:
id van type=21, id van auteur=0, id van leverancier=0, type leverancier=0

Error - 21-12-2012 17:37:58 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Overgeslagen: de validatie van Eap method DLL path is mislukt. Fout:
id van type=21, id van auteur=0, id van leverancier=0, type leverancier=0

[ System Events ]
Error - 2-2-2013 16:59:58 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Service Control Manager | ID = 7030
Description = De PEVSystemStart-service staat aangeduid als een interactieve service.
Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn
toegestaan. Deze service werkt mogelijk niet juist.

Error - 2-2-2013 17:01:04 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Service Control Manager | ID = 7001
Description = De HomeGroup Provider-service is afhankelijk van de Function Discovery
Provider Host-service, die vanwege de volgende fout niet kan worden gestart: %%1068

Error - 2-2-2013 17:01:04 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Service Control Manager | ID = 7001
Description = De Computer Browser-service is afhankelijk van de Server-service,
die vanwege de volgende fout niet kan worden gestart: %%1068

Error - 2-2-2013 17:01:04 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Service Control Manager | ID = 7001
Description = De Computer Browser-service is afhankelijk van de Server-service,
die vanwege de volgende fout niet kan worden gestart: %%1068

Error - 2-2-2013 17:01:06 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Service Control Manager | ID = 7001
Description = De Computer Browser-service is afhankelijk van de Server-service,
die vanwege de volgende fout niet kan worden gestart: %%1068

Error - 2-2-2013 17:01:06 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Service Control Manager | ID = 7001
Description = De Computer Browser-service is afhankelijk van de Server-service,
die vanwege de volgende fout niet kan worden gestart: %%1068

Error - 2-2-2013 17:04:55 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Disk | ID = 262155
Description = Het stuurprogramma heeft een controllerfout gevonden in \Device\Harddisk1\DR3.

Error - 2-2-2013 17:04:55 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Disk | ID = 262155
Description = Het stuurprogramma heeft een controllerfout gevonden in \Device\Harddisk1\DR3.

Error - 2-2-2013 17:04:56 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Disk | ID = 262155
Description = Het stuurprogramma heeft een controllerfout gevonden in \Device\Harddisk1\DR3.

Error - 2-2-2013 17:04:56 | Computer Name = NB8800043.edu.ads.hogent.be | Source = Disk | ID = 262155
Description = Het stuurprogramma heeft een controllerfout gevonden in \Device\Harddisk1\DR3.


< End of report >
 

Jay Pfoutz

Malware Helper
ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.


Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death

Note: Absence of issues does not mean that you're protected in the future.
 

Adriaan V

TS Rookie
This is the log file. 11 infected files and 9 cleaned. (and here I was thinking there were no infected files on my system):

C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Program Files (x86)\Mozilla Firefox\ctfmon.lnk Win32/Reveton.J trojan cleaned by deleting - quarantined
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar-4_4_0_setup.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\aheu529\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\2b88ddbb-4867c07b Win32/Reveton.N trojan cleaned by deleting - quarantined
C:\Users\aheu529\Downloads\cbsidlm-tr1_5-Leech_FTP-10122207.exe multiple threats cleaned by deleting - quarantined
C:\Users\aheu529\Downloads\cbsidlm-tr1_8-Free_Video_Converter_by_Extensoft-BP2-10905366.exe Win32/DownloadAdmin.E application cleaned by deleting - quarantined
C:\Users\aheu529\Downloads\cnet2_lftp13_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

I am continuously operating in safe mode, where I've had none of the problems that you listed. One small thing though: when I'm typing in a textbox, sometimes my cursor will move backwards on its own to where my pointer is located at that moment.
 

Jay Pfoutz

Malware Helper
Ah, all that was adware. Let's do some diagnostics in any mode you can operate:

We need to check out your devices. Please download DevDiag, and save it to your Desktop:
Direct Download
  • If you are using Vista or Windows 7, please right-click DevDiag.exe and select Run As Administrator. Otherwise, simply double-click the program to run it.
  • At the options screen, please type 2 and hit Enter.
  • The tool will take a few moments to scan. When finished, a report should pop-up, also available on your Desktop (DevDiag.txt).
  • Please do not copy/paste the report into your next reply. Instead, Attach it by clicking Add Reply, and scrolling down to the Attachments section.
 

Adriaan V

TS Rookie
Log in attachment. There are other modes I can enter besides safe mode, such as "Return to most recent correct settings (advanced)", "Error detection mode" etcetera, but I have no experience with those.

The Extras log file from OTL also made mention of several "\Device\Harddisk1\DR3" errors, but obviously I have no idea whether that's related to this or not..
 

Attachments

Jay Pfoutz

Malware Helper
Your graphics drivers seem to be missing the "Security Processor Loader Driver", which will need to be restored. But, the only way to do that is to reinstall the graphics drivers entirely.

Check Partitions

Please download Listparts64
Run the tool,
check the "list BCD" box
click "Scan" and post the log (Result.txt) it makes.


Download and run this tool: http://support.microsoft.com/mats/hardware_device_problems

Let me know if things are beginning to resolve. :)
 

Adriaan V

TS Rookie
This is the Result.txt log:

ListParts by Farbar Version: 16-01-2013
Ran by aheu529 (administrator) on 04-02-2013 at 21:58:43
Windows 7 (X64)
Running From: C:\Users\aheu529\Downloads
Language: 0413
************************************************************

========================= Memory info ======================

Percentage of memory in use: 24%
Total physical RAM: 3976.93 MB
Available physical RAM: 3006.09 MB
Total Pagefile: 7952.06 MB
Available Pagefile: 7037.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (System) (Fixed) (Total:120 GB) (Free:28.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:112.88 GB) (Free:36.32 GB) NTFS

Schfnr. Status Grootte Vrij Dyn GPT
-------- ------------- ------- ------- --- ---
Schf 0 Online 232 GB 0 B


Partitions of Disk 0:
===============

Schijf-id: DA291E52

Partitie ### Type Grootte Offset
------------- ---------------- ------- -------
Partitie 1 Primair 120 GB 1024 KB
Partitie 2 Primair 112 GB 120 GB

======================================================================================================

Disk: 0
Partitie 1
Type : 07
Verborgen: Nee
Actief : Ja

Volume ### Ltr Label FS Type Grootte Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* volume 2 C System NTFS partitie 120 GB In orde Systeem

======================================================================================================

Disk: 0
Partitie 2
Type : 07
Verborgen: Nee
Actief : Nee

Volume ### Ltr Label FS Type Grootte Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* volume 3 D DATA NTFS partitie 112 GB In orde

======================================================================================================

Windows-opstartbeheer
---------------------
id {bootmgr}
device partition=C:
description Windows Boot Manager
locale nl-NL
inherit {globalsettings}
default {current}
resumeobject {dc51cac8-d949-11e0-a491-5c260a77d5e9}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows-opstartlaadprogramma
----------------------------
id {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale nl-NL
inherit {bootloadersettings}
recoverysequence {dc51caca-d949-11e0-a491-5c260a77d5e9}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {dc51cac8-d949-11e0-a491-5c260a77d5e9}
nx OptIn

Windows-opstartlaadprogramma
----------------------------
id {dc51caca-d949-11e0-a491-5c260a77d5e9}
device ramdisk=[C:]\Recovery\dc51caca-d949-11e0-a491-5c260a77d5e9\Winre.wim,{dc51cacb-d949-11e0-a491-5c260a77d5e9}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\dc51caca-d949-11e0-a491-5c260a77d5e9\Winre.wim,{dc51cacb-d949-11e0-a491-5c260a77d5e9}
systemroot \windows
nx OptIn
winpe Yes

Hervatten uit sluimerstand
--------------------------
id {dc51cac8-d949-11e0-a491-5c260a77d5e9}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale nl-NL
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows-geheugentest
--------------------
id {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Geheugencontrole
locale nl-NL
inherit {globalsettings}
badmemoryaccess Yes

EMS-instellingen
----------------
id {emssettings}
bootems Yes

Debugger-instellingen
---------------------
id {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM-defecten
------------
id {badmemory}

Globale instellingen
--------------------
id {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Instellingen voor opstartlaadprogramma
--------------------------------------
id {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor-instellingen
-------------------
id {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Instellingen voor hervattingslaadprogramma
------------------------------------------
id {resumeloadersettings}
inherit {globalsettings}

Apparaatopties
--------------
id {dc51cacb-d949-11e0-a491-5c260a77d5e9}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\dc51caca-d949-11e0-a491-5c260a77d5e9\boot.sdi


****** End Of Log ******

I ran the second tool, which resolved two things in my safe mode: it activated my VPN client, and turned on my "High Definition Audio". However, in the "checked problems" section (and I'm hoping I'm translating this to English correctly), there's also a mention of the Security Processor Loader Driver not functioning correctly. I attached the report but it's in Dutch so probably not very helpful. It also says "Hardware changes are possibly not detected" as one of the 3 problems it found (aside from the VPN and Audio).

I'll check whether I can access my normal mode.
Edit: no luck yet...
 

Attachments

Jay Pfoutz

Malware Helper
Okay...

See if the black screen problem goes away...it seems to be commonly caused by this Security Process Loader....
 

Adriaan V

TS Rookie
Still black screen with just the cursor... But I'm not sure the Security Process Loader has been fixed? Since it was under 'Checked problems' and not 'Resolved problems' in the second tool...
 

Adriaan V

TS Rookie
I think my mind maybe skipped a step. How do I reinstall the graphics driver? Sorry if it's a redundant question! :)
 

Jay Pfoutz

Malware Helper
You may want to print this/write it down:

Right click on the entry in Device Manager (Nvidia NVS 4200M graphics card)...then, it will be really funky (usually), because Windows will use the default Windows Display Driver.

Restart the computer, and when it recognized the display driver (sometimes it will, other times it won't), let it install via Windows Update.

If that doesn't occur, then go to Windows Update (click Start, type Windows Update and hit Enter). Search for updates. It should list the graphics driver under either Important or Optional. Install that, let it restart, and let me know if the problem resolved. :)
 

Adriaan V

TS Rookie
Alright I'll go do that in a minute, but first I should probably mention this: the microsoft fix it tool also gave this in its result log under "checked problems": Windows Update is not configured for installing drivers & Updates for drivers are not automatically installed when they are detected by Windows Update.

I'll go and try it now.
 

Adriaan V

TS Rookie
Okay, so upon right clicking the NVIDIA card, I switched it off and restarted the computer. Nothing happened on the Windows Update front. Also, when trying to manually open Windows Update as you explained, nothing happened either. The update module (if there is supposed to be one popping up) did not open or run as far as I could tell. When in device manager, after right-clicking, I ask to "Update drivers", I get a message that there are no better or newer versions of my drivers available, and that the best drivers are already installed.

There was also no funkiness :). However, there's also a Intel (HD) Graphics Family under the Display tab in Device Manager. Should I also switch this one off?

And just one more thing I should mention: in the right bottom corner of the screen, next to the clock, I get a mention that the driver for PCI Simple Communications controller is not installed and cannot be installed. I don't know if that's relevant to my problem though.
 

Jay Pfoutz

Malware Helper
I don't know about the PCI issue there...

Let me know if there are anymore blank screen problems. What we can do is find the nVidia update for your display driver.
 

Adriaan V

TS Rookie
Yes, nothing has changed onfortunately. I have not been able to use Windows Update, nor does it open when I click on the link directly. Device manager says I have the correct driver for the Nvidia card. Same for the Intel (HD) Graphics Family. So no progress yet.
 

Adriaan V

TS Rookie
Ah, and to be sure that I did it correctly. You told me to rightclick the driver in Device Manager. But there are several options there. I figured you meant Deactivate, but was I perhaps supposed to Undo the installation or select another option?
 
Status
Not open for further replies.