Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do to know how to remove it !!


  • This topic is locked This topic is locked
20 replies to this topic

#1 gamla7

gamla7

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Same universe
  • Local time:12:59 PM

Posted 16 June 2013 - 12:18 PM

Hello

Intruders hacked my PC and posted many stuff in many places.  Part of them have been removed.

They also blocked my access to download settings (download window with options to run or indiquate where to save file does not appear) - and blocked the update possibilities for browsers.

 

I was adviced to run DDS.  I managed to install DDS in c: and could place the icon upon my desktop - I started the program - and all went quiet - (waited at least 1/2 hour) - no reports - did reboot, tried many times same steps - each time had to reboot.  So no DDS reports I can offer you.

 

BUT luckely I have an other report after run RSIT.EXE (also simular to HJT) copied and pasted. I am also able to post a HJT report but is already included in the pasted txt.  This report is genuine.

I also attache a png image of the start-up list (1 program I blocked to see if it was a real or fake file).

 

With kind regards - Gamla.

 

 

 

Logfile of random's system information tool 1.09 (written by random/random)
Run by JP at 2013-06-16 19:09:21
Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (21%) free of 34 GB
Total RAM: 2047 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:09:46, on 16-6-2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21335)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\PuXpMan2.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Windows NT\Bureau-accessoires\WORDPAD.EXE
C:\RSIT.exe
C:\Program Files\trend micro\JP.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=meg&from=meg&uid=FUJITSUXMHT2040AH_NP0JT4A2C6BNT4A2C6BNX&ts=1370776439
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.minituner.org/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.minituner.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.minituner.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.minituner.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.minituner.org/q/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Gamla
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan2.exe
O4 - HKLM\..\Run: [PwrUpTweakMe] C:\WINDOWS\system32\PuXpTwks.exe /TWEAK
O4 - HKLM\..\Run: [NPDTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - http://picasaweb.google.com/s/v/28.35/uploader2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1363152835367
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5926/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 11237 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
C:\WINDOWS\tasks\ROC_REG_JAN_DELETE.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\JP\Application Data\Mozilla\Firefox\Profiles\qtklwi3q.default

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.224 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.13.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1]
"Description"=Yahoo! activeX Plug-in Bridge
"Path"=C:\Program Files\Yahoo!\Common\npyaxmpb.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
bing.xml
bolcom-nl.xml
google.xml
marktplaats-nl.xml
portaldosites.xml
wikipedia-nl.xml

C:\Documents and Settings\JP\Application Data\Mozilla\Firefox\Profiles\qtklwi3q.default\extensions\
en-gb@flyingtophat.co.uk
{ba14329e-9550-4989-b3f2-9732e92d17cc}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"=C:\WINDOWS\system32\S3Tray2.exe [2001-10-12 69632]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-06-16 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-06-16 512000]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2004-02-05 897024]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2008-06-06 181536]
"TPHOTKEY"=C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe [2006-10-02 94208]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2007-04-27 243248]
"BMMLREF"=C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE [2004-07-29 20480]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-03-10 118837]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2007-02-06 344064]
"mspwr"=C:\WINDOWS\system32\PuXpMan2.exe [2008-06-02 110592]
"PwrUpTweakMe"=C:\WINDOWS\system32\PuXpTwks.exe [2008-06-02 45056]
"NPDTRAY"=C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe [2007-03-09 221184]
"AVG_UI"=C:\Program Files\AVG\AVG2013\avgui.exe [2013-04-29 4408368]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
""=C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2013-04-23 844144]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-10-16 4762496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IBMPRC]
C:\IBMTOOLS\UTILS\ibmprc.exe [2004-03-19 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Message Center Plus]
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microtek Scanner Finder.lnk]
C:\PROGRA~1\Microtek\SCANWI~1\SCANNE~1.EXE [2007-01-12 339968]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe

C:\Documents and Settings\JP\Menu Start\Programma's\Opstarten
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-02-06 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\WINDOWS\system32\notifyf2.dll [2005-07-06 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2005-11-30 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
pwdmon
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"tyqlbfgezjhranyudhywTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoSMBalloonTip"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=i420vfw.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"msacm.voxacm160"=vct3216.acm
"MSVideo"=vfwwdm32.dll
"MSVideo8"=VfWWDM32.dll
"vidc.iv50"=ir50_32.dll
"vidc.mp42"=MPG4C32.dll
"vidc.iv41"=ir41_32.ax
"vidc.VP70"=vp7vfw.dll
"vidc.X264"=x264vfw.dll
"vidc.VP60"=vp6vfw.dll
"vidc.VP61"=vp6vfw.dll
"vidc.VP62"=vp6vfw.dll
"vidc.DIVX"=DivX.dll
"VIDC.WMV3"=wmv9vcm.dll
"VIDC.VP40"=vp4vfw.dll
"VIDC.FPS1"=frapsvid.dll
"VIDC.DRAW"=DVIDEO.DLL
"VIDC.YV12"=yv12vfw.dll
"VIDC.MSUD"=msulvc05.dll
"aux"=wdmaud.drv
"aux1"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux2"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux3"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"msacm.iac2"=C:\\WINDOWS\\system32\\iac25_32.ax

======File associations======

.js - edit -
.js - open -
.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2013-06-16 03:21:53 ----D---- C:\rsit
2013-06-16 03:20:45 ----A---- C:\RSIT.exe
2013-06-15 06:26:20 ----D---- C:\Program Files\SUPERAntiSpyware
2013-06-15 04:51:49 ----D---- C:\Documents and Settings\JP\Application Data\SUPERAntiSpyware.com
2013-06-15 04:51:31 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2013-06-15 04:45:28 ----A---- C:\SUPERAntiSpyware.exe
2013-06-11 22:37:55 ----D---- C:\Program Files\ESET
2013-06-11 22:36:24 ----A---- C:\esetsmartinstaller_enu.exe
2013-06-11 20:27:42 ----D---- C:\HiJackThis
2013-06-11 20:14:59 ----D---- C:\Trend Micro
2013-06-11 19:01:27 ----D---- C:\Mijn Downloads
2013-06-11 18:58:16 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-06-11 18:51:59 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2013-06-11 17:10:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-06-11 17:10:44 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2013-06-11 05:41:18 ----D---- C:\command-line
2013-06-10 10:50:52 ----D---- C:\Documents and Settings\JP\Application Data\Malwarebytes
2013-06-09 07:11:33 ----D---- C:\Documents and Settings\All Users\Application Data\eSafe
2013-06-09 07:10:06 ----D---- C:\Documents and Settings\JP\Application Data\eIntaller
2013-06-02 18:24:04 ----D---- C:\Documents and Settings\All Users\Application Data\StarApp
2013-06-02 18:24:03 ----D---- C:\Documents and Settings\All Users\Application Data\SoeaRch-NNewwTabi
2013-06-02 18:23:54 ----D---- C:\Documents and Settings\All Users\Application Data\continuetosave
2013-06-02 18:23:18 ----D---- C:\Documents and Settings\All Users\Application Data\InstallMate
2013-05-29 12:49:33 ----D---- C:\Documents and Settings\JP\Application Data\Samsung
2013-05-29 12:39:49 ----A---- C:\WINDOWS\system32\drivers\ssudmdm.sys
2013-05-29 12:39:48 ----A---- C:\WINDOWS\system32\drivers\ssudbus.sys
2013-05-29 12:34:57 ----D---- C:\Program Files\MyFree Codec
2013-05-29 12:32:54 ----A---- C:\WINDOWS\system32\Redemption.dll
2013-05-29 12:32:33 ----A---- C:\WINDOWS\system32\drivers\dgderdrv.sys
2013-05-29 12:32:32 ----A---- C:\WINDOWS\system32\DIFxAPI.dll
2013-05-29 12:32:32 ----A---- C:\WINDOWS\system32\dgderapi.dll

======List of files/folders modified in the last 1 month======

2013-06-16 19:09:31 ----D---- C:\Program Files\Trend Micro
2013-06-16 18:48:26 ----D---- C:\WINDOWS\system32\CatRoot2
2013-06-16 18:47:34 ----D---- C:\WINDOWS\Temp
2013-06-16 18:44:59 ----SHD---- C:\WINDOWS\CSC
2013-06-16 17:58:58 ----D---- C:\WINDOWS\Prefetch
2013-06-16 16:33:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-06-16 15:28:09 ----AD---- C:\WINDOWS
2013-06-16 09:10:36 ----D---- C:\Documents and Settings\All Users\Application Data\MFAData
2013-06-16 04:30:50 ----SH---- C:\BOOT.INI
2013-06-16 01:00:02 ----D---- C:\WINDOWS\system32\drivers
2013-06-15 06:41:11 ----D---- C:\Program Files\Google
2013-06-15 06:41:05 ----SHD---- C:\WINDOWS\Installer
2013-06-15 06:41:05 ----SD---- C:\WINDOWS\Tasks
2013-06-15 06:26:20 ----D---- C:\Program Files
2013-06-15 06:24:43 ----D---- C:\WINDOWS\Debug
2013-06-15 03:37:49 ----SD---- C:\Documents and Settings\JP\Application Data\Microsoft
2013-06-14 21:55:16 ----D---- C:\Documents and Settings\JP\Application Data\TuneUp Software
2013-06-13 01:56:25 ----D---- C:\WINDOWS\Registration
2013-06-13 00:17:22 ----A---- C:\WINDOWS\WORDPAD.INI
2013-06-12 18:38:27 ----AD---- C:\WINDOWS\system32
2013-06-12 18:38:26 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-06-11 23:17:55 ----D---- C:\Program Files\Brownie
2013-06-11 17:37:33 ----D---- C:\WINDOWS\SxsCaPendDel
2013-06-11 17:35:31 ----D---- C:\WINDOWS\Connection Wizard
2013-06-11 05:00:15 ----D---- C:\Documents and Settings\JP\Application Data\Macromedia
2013-06-11 04:59:46 ----D---- C:\Program Files\Common Files
2013-06-11 04:59:44 ----D---- C:\WINDOWS\Downloaded Installations
2013-06-11 04:47:01 ----D---- C:\Program Files\Common Files\Apple
2013-06-11 04:47:01 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2013-06-11 04:46:18 ----DC---- C:\WINDOWS\system32\DRVSTORE
2013-06-11 04:40:56 ----HD---- C:\WINDOWS\inf
2013-06-10 19:11:50 ----D---- C:\Program Files\PCDR5
2013-06-10 11:43:26 ----D---- C:\WINDOWS\system32\config
2013-06-10 08:20:38 ----D---- C:\Program Files\Mozilla Firefox
2013-06-09 07:15:02 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-06-09 07:10:56 ----RSD---- C:\WINDOWS\Fonts
2013-06-09 05:52:25 ----D---- C:\Documents and Settings\JP\Application Data\vlc
2013-06-08 21:22:16 ----N---- C:\WINDOWS\win.ini
2013-06-04 19:25:20 ----D---- C:\Program Files\Mozilla Thunderbird
2013-06-02 17:13:17 ----D---- C:\Documents and Settings\JP\Application Data\Help
2013-06-02 11:33:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-05-31 02:16:02 ----A---- C:\WINDOWS\Ulead32.ini
2013-05-29 12:46:28 ----RSD---- C:\WINDOWS\assembly
2013-05-29 12:46:28 ----D---- C:\WINDOWS\Microsoft.NET
2013-05-29 12:32:27 ----HD---- C:\Program Files\InstallShield Installation Information
2013-05-29 12:31:19 ----D---- C:\Documents and Settings\All Users\Application Data\Samsung
2013-05-29 12:31:09 ----D---- C:\Program Files\SAMSUNG
2013-05-29 10:55:56 ----D---- C:\IBMTOOLS
2013-05-29 10:44:50 ----D---- C:\WINDOWS\WinSxS
2013-05-29 10:44:49 ----D---- C:\Program Files\IBM
2013-05-29 10:44:49 ----D---- C:\Documents and Settings\All Users\Application Data\IBM
2013-05-29 10:44:46 ----D---- C:\WINDOWS\Help
2013-05-29 08:34:24 ----D---- C:\WINDOWS\Cache
2013-05-25 10:02:35 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2013-05-24 06:18:56 ----A---- C:\WINDOWS\system32\prsgrc.dll
2013-05-23 18:40:19 ----D---- C:\Program Files\BonkEnc
2013-05-17 15:03:57 ----RSHD---- C:\WINDOWS\system32\dllcache
2013-05-17 15:03:54 ----D---- C:\WINDOWS\system32\nl-nl
2013-05-17 15:03:38 ----D---- C:\Program Files\Internet Explorer
2013-05-17 15:03:08 ----D---- C:\WINDOWS\ie7updates
2013-05-17 14:50:39 ----HD---- C:\WINDOWS\$hf_mig$
2013-05-17 14:39:56 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 AVGIDSHX;AVGIDSHX; C:\WINDOWS\system32\DRIVERS\avgidshx.sys [2013-02-08 60216]
R0 Avglogx;AVG Logging Driver; C:\WINDOWS\system32\DRIVERS\avglogx.sys [2013-02-08 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2013-02-08 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2013-02-08 39224]
R0 BTKRNL;Bluetooth Protocol Stack; C:\WINDOWS\system32\drivers\btkrnl.sys [2011-04-05 933416]
R0 drvmcdb;drvmcdb; C:\WINDOWS\system32\drivers\drvmcdb.sys [2004-02-19 86064]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 Shockprf;Shockprf; C:\WINDOWS\System32\DRIVERS\Apsx86.sys [2008-05-14 114728]
R0 TPDIGIMN;TPDIGIMN; C:\WINDOWS\System32\DRIVERS\ApsHM86.sys [2008-05-14 19496]
R1 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys [2013-03-29 208184]
R1 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys [2013-03-01 22328]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2013-02-08 170808]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2013-03-21 182072]
R1 intelppm;Intel GV3-processorstuurprogramma; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-05-20 30588]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2006-10-02 14848]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2003-11-13 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2003-11-13 23219]
R1 Tcpip6;Microsoft IPv6-protocolstuurprogramma; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006-10-02 9343]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2005-07-05 17699]
R1 TPPWR;TPPWR; C:\WINDOWS\System32\drivers\Tppwr.sys [2004-07-29 16384]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2007-03-09 7168]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-04-11 21361]
R2 BrPar;BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [2000-07-24 19537]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2003-11-13 40448]
R2 EGATHDRV;IBM Access Support; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 ibmfilter;ibmfilter; \??\C:\WINDOWS\system32\drivers\ibmfilter.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-10 11043]
R2 PMEM;PMEM; \??\C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS []
R2 s24trans;WLAN-transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-11-20 12288]
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-10 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-10 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-10 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-10 2265]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-10 85204]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-10 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-10 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-10 98580]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-10 100597]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-04-07 116176]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-02-06 1133568]
R3 AtmelTpm;AtmelTpm; C:\WINDOWS\system32\DRIVERS\AtmelTpm.sys [2008-01-14 40704]
R3 E1000;Intel® PRO/1000 Network Connection Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2006-10-24 170392]
R3 HidUsb;Microsoft HID Class-stuurprogramma; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-07-23 1041152]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-07-23 197888]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys [2009-11-18 26608]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Stuurprogramma voor muis-HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-09-06 12288]
R3 NSCIRDA;Stuurprogramma voor NSC-infraroodapparaat; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2010-03-21 30144]
R3 Rasirda;WAN-minipoort (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-18 19584]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-06-23 266880]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2004-06-16 270928]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2009-12-08 52112]
R3 tunmp;Stuurprogramma voor Microsoft Tun Minipoort-adapter; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 USBSTOR;Stuurprogramma voor USB-massaopslag; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-07-23 676096]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
S1 kbdhid;Stuurprogramma voor toetsenbord-HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S1 P3;Stuurprogramma voor Intel PentiumIII-processor; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46848]
S3 BthEnum;Stuurprogramma voor Bluetooth-aanvraagblok; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth-stuurprogramma voor seriële communicatie; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth-apparaat (PAN - Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Poortstuurprogramma voor Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272640]
S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio's; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CoachUsb;Coach Digital Camera on USB; C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-03-17 46944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2013-04-03 83864]
S3 E100B;Intel® PRO Adapter-stuurprogramma; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-09-07 117760]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 irsir;Microsoft-stuurprogramma voor serieel infraroodapparaat; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 LucentSoftModem;Lucent Technologies Soft Modem; C:\WINDOWS\System32\DRIVERS\LTSM.sys [2001-08-18 802683]
S3 mbamchameleon;mbamchameleon; \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys []
S3 MHIKEY10;MHIKEY10; C:\WINDOWS\System32\Drivers\MHIKEY10.sys []
S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 S3SSavage;S3SSavage; C:\WINDOWS\System32\DRIVERS\s3ssavm.sys [2001-11-01 95104]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2013-04-03 181912]
S3 TwoTrack;Stuurprogramma voor IBM PS/2 TrackPoint Filter; C:\WINDOWS\System32\DRIVERS\TwoTrack.sys [2001-08-18 11520]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Stuurprogramma voor USB-scanner; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 w22n51;Stuurprogramma Intel® PRO/Wireless 2200-adapter voor Windows XP; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2004-08-30 3151232]
S3 w29n51;Stuurprogramma voor Intel® PRO/Wireless 2200BG-netwerkverbinding onder Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2007-07-25 2210048]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608]
R2 6to4;IPv6-hulpservice; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-02-06 364544]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [2013-05-14 4937264]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [2013-04-18 283136]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2003-08-27 57344]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2011-04-05 365912]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-11-19 794624]
R2 IBM Rapid Restore Ultra Service;IBM Rapid Restore Ultra Service; C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe [2004-03-19 339968]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2009-11-18 38248]
R2 Irmon;Infraroodmonitor; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-11-19 483328]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-11-19 1183744]
R2 SNMP;SNMP-service; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2011-07-25 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2008-05-14 37416]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2003-07-12 32768]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-01-14 72704]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12 256904]
S3 aspnet_state;ASP.NET-statusservice; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2013-02-21 77944]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2001-09-07 19456]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-04-16 115608]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 PsaSrv;IBM PSA Access Driver Control; C:\WINDOWS\system32\PsaSrv.exe []
S3 RkPavProc;RkPavProc; C:\WINDOWS\system32\drivers\RkPavProc.sys [2007-06-08 8576]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-12-19 732648]
S3 SNMPTRAP;SNMP Trap-service; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------


============================================================================================================

Addicted to my portable T42 [xp] and a Desk PC with mobo Asus P5WD2 E PREMIUM [vista] - both operational in older OS but want to add both onto Linux.  All my application software works perfect in the XP environment. 


BC AdBot (Login to Remove)

 


#2 gamla7

gamla7
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Same universe
  • Local time:12:59 PM

Posted 16 June 2013 - 12:30 PM

Additional explanation = I do not - did not and have no intention to post at another site asking help for the same help for the same PC - I used to be working together with CastleCops and now I decided (after reflection time) to work together for a long long term exclusive with Bleeping Computers (because I know you and follow you for a very long period) - This explanation, because I just read your before-last-paragraph in the Guide and because I used a different analysis program only because DDS did block.

As I explained I am 72 years old - 100% invalid and my only connection to the world is my PC wich is now infected - which get my in a desparate state (sorry).

 

With kind regards Gamla.


============================================================================================================

Addicted to my portable T42 [xp] and a Desk PC with mobo Asus P5WD2 E PREMIUM [vista] - both operational in older OS but want to add both onto Linux.  All my application software works perfect in the XP environment. 


#3 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:09:59 PM

Posted 19 June 2013 - 04:41 PM

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :welcome:

 

You may need to download this following tool onto another computer and transfer it via USB.

 

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.
 


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#4 gamla7

gamla7
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Same universe
  • Local time:12:59 PM

Posted 20 June 2013 - 07:42 PM

Hello Dear The Dark Knight

Quote = help for any assistance if .....

 

Well after long reading and following each step very closely, with perfect check list, I finaly could run the ComboFix.exe and all went well BUT after the screen Scanning for infected files .... This typically doesnt .... etc.. it did not come to the point of taking over my clock (after 1/2 hour) all went quiet and my screen is now black ???  DID NOT TOUCH ANYTHING  what do I have to do now ??

Would be kind iff you told me what to do/ new instruction.

Thanks - Gamla


============================================================================================================

Addicted to my portable T42 [xp] and a Desk PC with mobo Asus P5WD2 E PREMIUM [vista] - both operational in older OS but want to add both onto Linux.  All my application software works perfect in the XP environment. 


#5 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:09:59 PM

Posted 21 June 2013 - 05:27 PM

Hello gamla7,

 

Please restart your computer. Does it load? Is there a log from ComboFix?


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#6 gamla7

gamla7
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Same universe
  • Local time:12:59 PM

Posted 22 June 2013 - 06:23 AM

Hello dear The Dark Knight -  I had to reboot the PC (only option available) with the use of combo all was blocked - first try to start up did not go very good - so I rebooted again towards the Microsoft rescue and started the last know working version of the system configuration which worked 100 %.

All my applications (especially CAD and Photoshop) are fine.

 

I did a search for a the txt file (log file) but no log/report/txt  to find  -  DDS did not run (blocked itself and the PC) same is happening to Combo.  Asap it starts with the search for software all activity is over.  All other programs (malware, antivirus, HJT, etc..) they all run very well like all other application software I use - no problems.  I rechecked my check-list for install and run combo and actions were done according to the tutors.  I desactivated AVG2013 completely - the same with Windows Firewall.  And I have no knowledge of other safety programs running on my PC (normal Thinkpad T42 with xp professionel setup with no changes or fixes). 

But I am working now on my PC.  After I rebooted I run a complete scan with AVG only some cookies on the report nothing else.

Is there another way to obtain a full report ?  There is no hurry and no panic, please take your time and maybe we find another angle to obtain what you need.

 

With kind regards, Gamla.


============================================================================================================

Addicted to my portable T42 [xp] and a Desk PC with mobo Asus P5WD2 E PREMIUM [vista] - both operational in older OS but want to add both onto Linux.  All my application software works perfect in the XP environment. 


#7 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:09:59 PM

Posted 22 June 2013 - 05:49 PM

Hello gamla7,

 

Please try this tool instead.

 

Please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#8 gamla7

gamla7
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Same universe
  • Local time:12:59 PM

Posted 22 June 2013 - 10:30 PM

Hello Dear Knight

Finaly we produced some text - (happy about it)  but I still have that Combofix.exe on my PC - its impossible to use a restorepoint (unsuccessfull attempts) How do I uninstall the Combofix.exe from my HD ?  I am scared of Combofix use (I love my T42 HD and hidden partition as last resource for clean re-instal - still intact)l

I also have now problems in running MS internet explorer (get memory failure warnings and the explorer shuts down) - weird stuff.

First 1 will copy the OTL.TXT and in next post the Extras.txt (both reports came perfectly on the screen after a smooth run of this last tool.  Thanks for that.

 

OTL logfile created on: 23-6-2013 5:02:17 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\JP\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

2,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 73,98% Memory free
2,85 Gb Paging File | 2,41 Gb Available in Paging File | 84,57% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024E:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32,82 Gb Total Space | 6,49 Gb Free Space | 19,76% Space Free | Partition Type: NTFS
Drive E: | 232,83 Gb Total Space | 55,58 Gb Free Space | 23,87% Space Free | Partition Type: FAT32
Drive F: | 7,45 Gb Total Space | 7,19 Gb Free Space | 96,53% Space Free | Partition Type: FAT32

Computer Name: T42 | User Name: JP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-06-23 04:57:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JP\Bureaublad\OTL.exe
PRC - [2013-05-14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013-04-29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013-04-23 13:48:20 | 000,844,144 | ---- | M] (Samsung) -- C:\Program Files\SAMSUNG\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013-04-18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013-04-04 03:15:08 | 001,117,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013-03-28 02:48:36 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013-02-19 05:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2011-07-25 23:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2011-04-05 12:43:50 | 000,365,912 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2008-06-02 14:22:32 | 000,110,592 | ---- | M] (ashampoo GmbH & Co. KG) -- C:\WINDOWS\system32\puxpman2.exe
PRC - [2008-04-23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
PRC - [2008-04-14 19:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-09-26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007-03-09 03:57:02 | 000,221,184 | ---- | M] (LENOVO) -- C:\Program Files\ThinkPad\Utilities\NPDTRAY.EXE
PRC - [2006-10-02 11:19:48 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2006-05-30 16:05:42 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2005-07-05 15:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2004-06-16 20:53:34 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004-03-19 23:21:10 | 000,339,968 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
PRC - [2004-03-19 22:12:10 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe
PRC - [2003-08-22 12:01:00 | 000,229,376 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\UltraNav-wizard\UNavTray.exe
PRC - [2003-07-12 04:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013-02-21 04:55:19 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013-01-11 14:34:40 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll
MOD - [2013-01-11 13:16:49 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013-01-11 13:14:26 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013-01-11 13:14:03 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2011-04-05 12:44:02 | 002,860,384 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2009-02-25 11:43:14 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_nl_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2007-11-19 14:37:04 | 000,245,760 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006-10-02 11:19:48 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
MOD - [2005-11-30 21:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll
MOD - [2005-10-28 21:29:52 | 000,208,896 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\tpfnf7.dll
MOD - [2005-07-05 15:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
MOD - [2004-03-19 23:21:10 | 000,339,968 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
MOD - [2004-03-19 22:12:10 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\pwdmon.dll
MOD - [2003-07-12 04:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
MOD - [2003-07-04 09:49:30 | 000,024,576 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\PsaSrv.exe -- (PsaSrv)
SRV - [2013-06-12 18:38:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-05-14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013-04-18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013-04-16 12:53:52 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-02-21 09:18:18 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2012-12-19 09:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011-07-25 23:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011-06-26 08:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2011-04-05 12:43:50 | 000,365,912 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007-09-26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2004-03-19 23:21:10 | 000,339,968 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
SRV - [2003-07-12 04:19:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2003-03-09 07:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\MHIKEY10.sys -- (MHIKEY10)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013-04-03 09:58:16 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013-04-03 09:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013-03-29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013-03-21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013-03-01 11:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013-02-08 05:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013-02-08 05:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013-02-08 05:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013-02-08 05:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013-02-08 05:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011-04-05 14:01:40 | 000,933,416 | ---- | M] (Broadcom Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010-03-21 13:20:02 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2010-02-11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009-03-13 13:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2008-05-14 17:21:16 | 000,114,728 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2008-05-14 17:21:16 | 000,019,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007-11-20 16:39:56 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007-07-25 16:44:28 | 002,210,048 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2007-06-08 10:44:36 | 000,008,576 | ---- | M] (Panda Software International) [Unknown (3) | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\RkPavProc.sys -- (RkPavProc)
DRV - [2007-03-09 03:57:02 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007-02-06 23:38:32 | 001,133,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006-10-02 02:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006-10-02 02:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006-05-20 12:15:25 | 000,030,588 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2004-09-24 03:39:58 | 000,064,256 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2004-08-30 03:26:58 | 003,151,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51)
DRV - [2004-07-29 11:37:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2004-07-23 01:25:58 | 000,197,888 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004-07-23 01:24:52 | 000,676,096 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004-07-23 01:24:20 | 001,041,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001-11-01 12:57:14 | 000,095,104 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage)
DRV - [2001-08-18 07:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
DRV - [2001-08-18 07:28:10 | 000,802,683 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LTSM.sys -- (LucentSoftModem)
DRV - [2001-08-17 21:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [2000-07-24 02:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BRPAR.SYS -- (BrPar)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://search.minituner.org/
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{28FDE1CD-96F1-4D5F-BD65-E04B283E336D}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.portaldosites.com/web/?utm_source=b&utm_medium=meg&from=meg&uid=FUJITSUXMHT2040AH_NP0JT4A2C6BNT4A2C6BNX&ts=0
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKCU\..\SearchScopes\{EFA27348-E879-4907-9783-B1D0956D3E33}: "URL" = http://search.minituner.org/q/{searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&ilc=12&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-06-09 06:53:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-04-18 03:46:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013-02-21 16:52:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008-08-29 01:09:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JP\Application Data\Mozilla\Extensions
[2013-04-25 16:47:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JP\Application Data\Mozilla\Firefox\Profiles\1fsnsd7k.default\extensions
[2013-04-25 16:47:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JP\Application Data\Mozilla\Firefox\Profiles\Profiles\extensions
[2008-01-14 13:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JP\Application Data\Mozilla\Firefox\Profiles\Profiles\1fsnsd7k.default\extensions
[2008-01-14 13:02:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JP\Application Data\Mozilla\Firefox\Profiles\Profiles\qtklwi3q.default\extensions
[2008-01-14 13:02:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\JP\Application Data\Mozilla\Firefox\Profiles\Profiles\qtklwi3q.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013-06-14 17:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JP\Application Data\Mozilla\Firefox\Profiles\qtklwi3q.default\extensions
[2013-02-14 07:27:10 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Documents and Settings\JP\Application Data\Mozilla\Firefox\Profiles\qtklwi3q.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2013-06-14 17:52:20 | 000,000,000 | ---D | M] (British English Dictionary (Updated)) -- C:\Documents and Settings\JP\Application Data\Mozilla\Firefox\Profiles\qtklwi3q.default\extensions\en-gb@flyingtophat.co.uk
[2013-04-25 16:47:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JP\Application Data\Mozilla\Firefox\Profiles\wjlndtuz.default\extensions
[2011-11-09 13:23:59 | 000,042,737 | ---- | M] () (No name found) -- C:\Documents and Settings\JP\Application Data\Mozilla\Firefox\Profiles\qtklwi3q.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi
[2013-06-09 06:49:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2013-06-09 06:53:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013-06-09 06:52:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013-06-09 06:52:53 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2013-06-09 06:52:53 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2013-06-09 07:10:21 | 000,000,793 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\portaldosites.xml
[2013-06-09 06:52:53 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml

========== Chrome  ==========

CHR - homepage: http://www.google.com

O1 HOSTS File: ([2001-09-07 17:00:00 | 000,000,776 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start File not found
O4 - HKLM..\Run: [mspwr] C:\WINDOWS\system32\puxpman2.exe (ashampoo GmbH & Co. KG)
O4 - HKLM..\Run: [NPDTRAY] C:\Program Files\ThinkPad\Utilities\NPDTRAY.EXE (LENOVO)
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.)
O4 - HKCU..\Run: [] C:\Program Files\SAMSUNG\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe ()
O4 - Startup: C:\Documents and Settings\JP\Menu Start\Programma's\Opstarten\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: tyqlbfgezjhranyudhywTaskMgr = 0
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} http://support.f-secure.com/ols/fscax.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/28.35/uploader2.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1363152835367 (WUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{046D4F79-4673-44C9-930D-F8991297BE60}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-01-14 03:51:47 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: Ias -  File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found

Drivers32: msacm.iac2 - C:\\WINDOWS\\system32\\iac25_32.ax ()
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - vct3216.acm File not found
Drivers32: MSVideo - vfwwdm32.dll File not found
Drivers32: MSVideo8 - VfWWDM32.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll File not found
Drivers32: VIDC.DRAW - DVIDEO.DLL File not found
Drivers32: VIDC.FPS1 - frapsvid.dll File not found
Drivers32: vidc.I420 - i420vfw.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp42 - MPG4C32.dll File not found
Drivers32: VIDC.MSUD - msulvc05.dll File not found
Drivers32: VIDC.VP40 - vp4vfw.dll File not found
Drivers32: vidc.VP60 - vp6vfw.dll File not found
Drivers32: vidc.VP61 - vp6vfw.dll File not found
Drivers32: vidc.VP62 - vp6vfw.dll File not found
Drivers32: vidc.VP70 - vp7vfw.dll File not found
Drivers32: VIDC.WMV3 - wmv9vcm.dll File not found
Drivers32: vidc.X264 - x264vfw.dll File not found
Drivers32: VIDC.YV12 - yv12vfw.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013-06-23 04:57:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JP\Bureaublad\OTL.exe
[2013-06-23 04:08:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013-06-21 21:00:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013-06-21 21:00:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013-06-21 21:00:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013-06-21 21:00:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013-06-21 21:00:40 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013-06-21 21:00:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013-06-21 20:12:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\JP\Onlangs geopend
[2013-06-21 01:19:42 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013-06-21 01:14:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013-06-15 04:45:28 | 026,151,800 | ---- | C] (SUPERAntiSpyware.com) -- C:\SUPERAntiSpyware.exe
[2013-06-14 21:14:57 | 000,000,000 | ---D | C] -- F:\C backup defrag\Mijn documenten\CAD
[2013-06-14 21:14:40 | 000,000,000 | ---D | C] -- F:\C backup defrag\Mijn documenten\DOWNLOADS
[2013-06-14 21:14:38 | 000,000,000 | ---D | C] -- F:\C backup defrag\Mijn documenten\Genealogy
[2013-06-14 21:14:38 | 000,000,000 | ---D | C] -- F:\C backup defrag\Mijn documenten\GEES
[2013-06-14 21:14:28 | 000,000,000 | ---D | C] -- F:\C backup defrag\Mijn documenten\Hardware Xref
[2013-06-14 21:14:27 | 000,000,000 | ---D | C] -- F:\C backup defrag\Mijn documenten\HOSTING HELP
[2013-06-14 21:14:26 | 000,000,000 | ---D | C] -- F:\C backup defrag\Mijn documenten\INFO
[2013-06-14 21:14:25 | 000,000,000 | ---D | C] -- F:\C backup defrag\Mijn documenten\iTunes iPod Synchr
[2013-06-14 21:14:24 | 000,000,000 | ---D | C] -- F:\C backup defrag\Mijn documenten\Jos Steens
[2013-06-14 21:14:14 | 000,000,000 | ---D | C] -- F:\C backup defrag\Mijn documenten\JP
[2013-06-14 21:14:09 | 000,000,000 | R--D | C] -- F:\C backup defrag\Mijn documenten\Mijn muziek
[2013-06-14 21:14:09 | 000,000,000 | ---D | C] -- F:\C backup defrag\Mijn documenten\JUR
[2013-06-14 21:14:04 | 000,000,000 | R--D | C] -- F:\C backup defrag\Mijn documenten\Mijn video's
[2013-06-14 21:14:02 | 000,000,000 | ---D | C] -- F:\C backup defrag\Mijn documenten\NOTES
[2013-06-14 21:14:02 | 000,000,000 | ---D | C] -- F:\C backup defrag\Mijn documenten\Nokia Suite
[2013-06-14 21:13:59 | 000,000,000 | ---D | C] -- F:\C backup defrag\Mijn documenten\Platinum PowerUpXP
[2013-06-14 21:13:58 | 000,000,000 | ---D | C] -- F:\C backup defrag\Mijn documenten\STAMPBOARD
[2013-06-14 21:13:58 | 000,000,000 | ---D | C] -- F:\C backup defrag\Mijn documenten\samsung
[2013-06-14 21:13:57 | 000,000,000 | ---D | C] -- F:\C backup defrag\Mijn documenten\Updater
[2013-06-14 21:13:57 | 000,000,000 | ---D | C] -- F:\C backup defrag\Mijn documenten\TEMPLATES
[2013-06-14 21:13:56 | 000,000,000 | ---D | C] -- F:\C backup defrag\Mijn documenten\WERKMAP
[2013-06-14 21:13:55 | 000,000,000 | ---D | C] -- F:\C backup defrag\Mijn documenten\WIM
[2013-06-11 22:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013-06-11 22:36:24 | 002,347,384 | ---- | C] (ESET) -- C:\esetsmartinstaller_enu.exe
[2013-06-11 20:29:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JP\Menu Start\Programma's\HiJackThis
[2013-06-11 20:27:42 | 000,000,000 | ---D | C] -- C:\HiJackThis
[2013-06-11 20:14:59 | 000,000,000 | ---D | C] -- C:\Trend Micro
[2013-06-11 19:01:27 | 000,000,000 | ---D | C] -- C:\Mijn Downloads
[2013-06-11 18:58:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013-06-11 09:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\AVG
[2013-06-11 05:41:18 | 000,000,000 | ---D | C] -- C:\command-line
[2013-06-09 07:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\eSafe
[2013-06-09 07:10:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JP\Application Data\eIntaller
[2013-06-02 18:24:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\StarApp
[2013-06-02 18:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SoeaRch-NNewwTabi
[2013-06-02 18:23:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\continuetosave
[2013-06-02 18:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013-05-29 12:50:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenten\NativeFus_Log
[2013-05-29 12:50:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenten\CrashDump
[2013-05-29 12:49:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JP\Local Settings\Application Data\Samsung
[2013-05-29 12:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JP\Application Data\Samsung
[2013-05-29 12:39:49 | 000,181,912 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudmdm.sys
[2013-05-29 12:39:48 | 000,083,864 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudbus.sys
[2013-05-29 12:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\MyFree Codec
[2013-05-29 12:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\MyFree Codec
[2013-05-29 12:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Samsung
[2013-05-29 12:32:54 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll
[2013-05-29 12:32:33 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\WINDOWS\System32\drivers\dgderdrv.sys
[2013-05-29 12:32:32 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgderapi.dll
[2013-05-29 12:32:32 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DIFxAPI.dll
[2013-05-29 04:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JP\Local Settings\Application Data\Downloaded Installations
[2009-01-23 19:09:16 | 000,089,680 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\JP\MSSSerif120.fon

========== Files - Modified Within 30 Days ==========

[2013-06-23 04:57:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JP\Bureaublad\OTL.exe
[2013-06-23 04:39:27 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Acrobat Speed Launcher.lnk
[2013-06-23 04:38:22 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013-06-23 04:38:21 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013-06-23 04:36:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013-06-23 04:36:16 | 2146,357,248 | -HS- | M] () -- C:\hiberfil.sys
[2013-06-23 04:17:17 | 000,000,310 | -HS- | M] () -- C:\BOOT.INI
[2013-06-22 13:50:32 | 000,411,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-06-21 20:30:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013-06-21 20:24:51 | 000,000,451 | ---- | M] () -- C:\Documents and Settings\JP\Bureaublad\Snelkoppeling naar ComboFix.exe.lnk
[2013-06-21 03:44:01 | 000,002,423 | ---- | M] () -- C:\Documents and Settings\JP\Bureaublad\HiJackThis.lnk
[2013-06-19 10:41:17 | 000,002,048 | ---- | M] () -- C:\WINDOWS\MKDEWE.TRN
[2013-06-16 04:30:50 | 000,000,194 | ---- | M] () -- C:\Boot.bak
[2013-06-15 04:27:02 | 026,151,800 | ---- | M] (SUPERAntiSpyware.com) -- C:\SUPERAntiSpyware.exe
[2013-06-15 03:37:48 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\JP\Application Data\Microsoft\Internet Explorer\Quick Launch\Adresboek.lnk
[2013-06-15 03:36:17 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\JP\Bureaublad\Adresboek.lnk
[2013-06-13 00:17:22 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2013-06-13 00:14:34 | 000,041,092 | ---- | M] () -- C:\WINDOWS\System32\acdb.err
[2013-06-12 18:38:26 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013-06-12 18:38:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013-06-11 22:36:25 | 002,347,384 | ---- | M] (ESET) -- C:\esetsmartinstaller_enu.exe
[2013-06-11 09:16:38 | 000,000,723 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\AVG 2013.lnk
[2013-06-10 13:46:10 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\JP\Bureaublad\Microsoft Fix it.url
[2013-06-09 07:10:26 | 000,000,985 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Mozilla Firefox.lnk
[2013-06-09 07:10:21 | 000,001,076 | ---- | M] () -- C:\Documents and Settings\JP\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk
[2013-06-09 07:10:21 | 000,001,003 | ---- | M] () -- C:\Documents and Settings\JP\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013-06-02 11:33:26 | 000,617,344 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2013-06-02 11:33:26 | 000,538,060 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013-06-02 11:33:26 | 000,130,376 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2013-06-02 11:33:26 | 000,103,032 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013-05-31 02:16:02 | 000,000,186 | ---- | M] () -- C:\WINDOWS\Ulead32.ini
[2013-05-29 12:50:46 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2013-05-29 12:44:32 | 000,001,654 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Samsung Kies (Lite).lnk
[2013-05-29 12:44:32 | 000,001,644 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Samsung Kies.lnk
[2013-05-27 16:50:19 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\JP\Bureaublad\InternetLink Huisarts Wijngaard.URL
[2013-05-27 16:50:05 | 000,000,267 | ---- | M] () -- C:\Documents and Settings\JP\Bureaublad\Win XP - Microsoft Dwnloadsite.URL
[2013-05-25 14:32:23 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\JP\Bureaublad\MS Clip Org.lnk
[2013-05-24 06:18:57 | 000,000,353 | ---- | M] () -- C:\WINDOWS\System32\cd21em8.tgz
[2013-05-24 06:18:57 | 000,000,114 | ---- | M] () -- C:\WINDOWS\System32\prsgrc.tgz
[2013-05-24 06:18:56 | 000,000,100 | ---- | M] () -- C:\WINDOWS\System32\prsgrc.dll
[2013-05-24 06:18:56 | 000,000,086 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz

========== Files Created - No Company Name ==========

[2013-06-23 04:17:18 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microtek Scanner Finder.lnk
[2013-06-21 21:00:56 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013-06-21 21:00:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013-06-21 21:00:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013-06-21 21:00:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013-06-21 21:00:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013-06-21 20:30:54 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013-06-21 20:24:51 | 000,000,451 | ---- | C] () -- C:\Documents and Settings\JP\Bureaublad\Snelkoppeling naar ComboFix.exe.lnk
[2013-06-21 01:19:58 | 000,000,194 | ---- | C] () -- C:\Boot.bak
[2013-06-21 01:19:54 | 000,261,936 | RHS- | C] () -- C:\cmldr
[2013-06-15 03:37:48 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\JP\Application Data\Microsoft\Internet Explorer\Quick Launch\Adresboek.lnk
[2013-06-15 03:36:17 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\JP\Bureaublad\Adresboek.lnk
[2013-06-14 20:49:45 | 000,002,423 | ---- | C] () -- C:\Documents and Settings\JP\Bureaublad\HiJackThis.lnk
[2013-06-10 13:46:09 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\JP\Bureaublad\Microsoft Fix it.url
[2013-06-09 06:47:32 | 000,000,985 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Mozilla Firefox.lnk
[2013-05-30 16:46:51 | 000,355,710 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013-05-29 12:50:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2013-05-29 12:44:32 | 000,001,654 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Samsung Kies (Lite).lnk
[2013-05-29 12:44:32 | 000,001,644 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Samsung Kies.lnk
[2013-04-26 23:47:56 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\w32mkde.exe
[2013-04-26 23:47:56 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\w32mkrc.dll
[2013-04-18 19:07:00 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2013-04-18 19:06:46 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2013-04-18 19:06:46 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2013-04-18 19:06:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2013-04-18 19:06:46 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2013-02-21 03:35:34 | 000,026,900 | ---- | C] () -- C:\Documents and Settings\JP\Local Settings\Application Data\dt.dat
[2012-07-12 00:35:12 | 000,000,165 | ---- | C] () -- C:\Documents and Settings\JP\Application Data\mru.ini
[2012-04-05 14:09:18 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012-02-15 00:17:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-02-13 14:47:11 | 000,001,293 | ---- | C] () -- C:\WINDOWS\MultiTimer.ini
[2012-01-28 01:45:57 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\PwrUpCid.dll
[2011-06-28 04:00:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\afasrv32.exe
[2010-04-02 10:00:36 | 000,001,110 | ---- | C] () -- C:\Documents and Settings\JP\Diagram1.dia.autosave
[2009-08-08 14:38:03 | 000,000,097 | ---- | C] () -- C:\Documents and Settings\JP\default.pls
[2008-10-30 15:40:05 | 000,000,436 | RHS- | C] () -- C:\Documents and Settings\JP\ntuser.pol
[2008-04-11 05:35:09 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\JP\PC-Doctor systeeminformatie Profiler.html
[2008-03-05 16:24:53 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\JP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-01-19 02:00:20 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\JP\.plugin141.trace
[2008-01-14 02:02:24 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\JP\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2008-01-14 03:21:44 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-14 19:02:39 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-02-09 12:56:06 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008-04-14 19:02:44 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008-01-14 03:51:47 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2011-09-15 16:51:51 | 000,000,192 | ---- | M] () -- C:\BcBtRmv.log
[2010-05-24 17:00:54 | 021,168,058 | ---- | M] () -- C:\blanc01.wav
[2013-06-16 04:30:50 | 000,000,194 | ---- | M] () -- C:\Boot.bak
[2013-06-23 04:17:17 | 000,000,310 | -HS- | M] () -- C:\BOOT.INI
[2001-09-07 17:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2008-01-14 03:28:50 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.PRV
[2008-01-14 03:43:38 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.TXT
[2003-03-17 20:47:40 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2008-01-14 03:41:58 | 000,000,355 | ---- | M] () -- C:\ccrrec.ver
[2004-08-03 23:00:14 | 000,261,936 | RHS- | M] () -- C:\cmldr
[2008-01-14 03:51:47 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2010-03-26 17:29:35 | 000,040,960 | ---- | M] () -- C:\DOCUMENTS
[2008-01-14 03:33:12 | 000,000,754 | ---- | M] () -- C:\drivez.log
[2013-06-11 22:36:25 | 002,347,384 | ---- | M] (ESET) -- C:\esetsmartinstaller_enu.exe
[2007-05-06 16:30:46 | 000,001,320 | ---- | M] () -- C:\FlagName.BK
[2013-06-23 04:36:16 | 2146,357,248 | -HS- | M] () -- C:\hiberfil.sys
[2011-10-29 11:29:20 | 000,171,559 | ---- | M] () -- C:\IbmEgath.XML
[2008-01-14 03:51:48 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009-06-06 06:15:57 | 000,000,025 | ---- | M] () -- C:\log.txt
[2008-01-14 03:31:32 | 000,000,164 | ---- | M] () -- C:\LOGFILE.txt
[2008-01-14 14:05:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008-01-14 03:10:24 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-12-20 06:23:22 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2013-06-23 04:35:57 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys
[2008-01-13 20:11:36 | 000,000,206 | ---- | M] () -- C:\Snelkoppeling naar Cd-rom-station.lnk
[2013-06-15 04:27:02 | 026,151,800 | ---- | M] (SUPERAntiSpyware.com) -- C:\SUPERAntiSpyware.exe
[2008-01-14 03:05:38 | 000,001,545 | ---- | M] () -- C:\SYSLEVEL.IBM
[2008-01-14 03:03:56 | 000,000,043 | ---- | M] () -- C:\TCPACHIP.LOG
[2012-08-13 18:44:11 | 000,000,180 | ---- | M] () -- C:\temp.log

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-05-17 13:03:50

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >


============================================================================================================

Addicted to my portable T42 [xp] and a Desk PC with mobo Asus P5WD2 E PREMIUM [vista] - both operational in older OS but want to add both onto Linux.  All my application software works perfect in the XP environment. 


#9 gamla7

gamla7
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Same universe
  • Local time:12:59 PM

Posted 22 June 2013 - 10:35 PM

2nd report (copy/paste)

 

OTL Extras logfile created on: 23-6-2013 5:02:17 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\JP\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

2,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 73,98% Memory free
2,85 Gb Paging File | 2,41 Gb Available in Paging File | 84,57% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024E:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32,82 Gb Total Space | 6,49 Gb Free Space | 19,76% Space Free | Partition Type: NTFS
Drive E: | 232,83 Gb Total Space | 55,58 Gb Free Space | 23,87% Space Free | Partition Type: FAT32
Drive F: | 7,45 Gb Total Space | 7,19 Gb Free Space | 96,53% Space Free | Partition Type: FAT32

Computer Name: T42 | User Name: JP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Print_Directory_Listing] -- Printdir.bat "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = IBM ThinkVantage Technologies Welcome Message
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{11783F13-C3A9-44A8-929B-21A476F65272}" = IBM Rescue and Recovery with Rapid Restore
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject
"{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}" = Microsoft .NET Framework 1.1 Dutch Language Pack
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = IBM ThinkPad Toetsenbord aanpassen
"{236BB7C4-4419-42FD-0413-1E257A25E34D}" = Adobe Photoshop CS2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
"{2AE79B77-E3FA-4F9C-93D7-4FC643516D6A}" = AVG 2013
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = ABBYY FineReader OCR Engine for Microtek
"{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4F2D3995-1EC5-3C05-B7E5-3449F802E6DE}" = Microsoft .NET Framework 4 Extended NLD Language Pack
"{5248DF85-F55D-4F84-A08F-3B323DB036B8}" = ThinkVantage Fingerprint Software
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution
"{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}" = Nokia Connectivity Cable Driver
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{7AD4D6E7-CF00-4299-A8BF-EED77E37770E}" = Atmel Tpm Install 2.1.1.01
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad UltraNav-wizard
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8745DEAB-1126-42F5-9585-C66D5497B47B}" = EMEA Wallpaper
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Deluxe
"{9A1027CE-83F6-3CB2-B9BA-9DA38D0907D0}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B5688129-7595-4E5B-9990-CEF981A31264}" = SyncToy
"{B72BF443-ABD6-4EDC-ACD5-CCB72DBEC33D}" = AVG PC TuneUp Language Pack (nl-NL)
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D774186B-031F-4186-BC4D-B256B9831B85}" = AVG 2013
"{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}" = Nokia Suite
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E9787678-551D-4478-9682-DBB587257110}" = Adobe Help Center 1.0
"{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Toegankelijkheid
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F48BE301-EC78-4686-B580-EE4934558798}" = IBM Integrated Bluetooth II Software
"{F73EA8BF-81F5-32AF-8D8A-24F12FD23B79}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuratie
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"7-Zip" = 7-Zip 4.57
"Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software-verwijderprogramma
"Ashampoo PowerUP XP Platinum 2_is1" = Ashampoo PowerUP XP Platinum 2.20
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2013
"Brother HL-6050" = Brother HL-6050
"Brother's Keeper 6.5" = Brother's Keeper 6.5
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = IBM Integrated 56K Modem
"Digital Camera Driver" = Digital Camera Driver
"Gadwin PrintScreen" = Gadwin PrintScreen
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Extended - NLD
"Mozilla Firefox 12.0 (x86 nl)" = Mozilla Firefox 12.0 (x86 nl)
"Mozilla Thunderbird 17.0.3 (x86 nl)" = Mozilla Thunderbird 17.0.3 (x86 nl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Suite" = Nokia Suite
"NTREGOPT_is1" = NTREGOPT 1.1j
"PC-Doctor 5 for Windows" = PC-Doctor 5 voor Windows
"Picasa 3" = Picasa 3
"Power Features" = IBM ThinkPad Batterijwizard en Energiebeheer
"Power Management Driver" = ThinkPad Power Management Driver
"PowerISO" = PowerISO
"Presentation Director" = ThinkPad Presentation Director
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"Revo Uninstaller" = Revo Uninstaller 1.94
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"VertusFluidMask3" = Vertus Fluid Mask 3 2.100.2-RC2
"VLC media player" = VLC media player 2.0.6
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 28-5-2013 23:45:49 | Computer Name = T42 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32)
- 1>Failed to compile: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe
. Error code = 0x80131f06 

Error - 28-5-2013 23:45:49 | Computer Name = T42 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32)
- 1>Failed to compile: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe
. Error code = 0x80131f06 

Error - 28-5-2013 23:46:03 | Computer Name = T42 | Source = .NET Runtime | ID = 1023
Description = Toepassing: mscorsvw.exe Framework-versie: v4.0.30319 Beschrijving:
het proces is beëindigd als gevolg van een interne fout in de .NET-runtime op IP
792C722A (79140000) met afsluitcode 80131506.

Error - 28-5-2013 23:46:03 | Computer Name = T42 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32)
- 1>Failed to compile: mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
. Error code = 0x800706be 

Error - 28-5-2013 23:46:15 | Computer Name = T42 | Source = .NET Runtime | ID = 1023
Description = Toepassing: mscorsvw.exe Framework-versie: v4.0.30319 Beschrijving:
het proces is beëindigd als gevolg van een interne fout in de .NET-runtime op IP
792C722A (79140000) met afsluitcode 80131506.

Error - 28-5-2013 23:46:15 | Computer Name = T42 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32)
- 1>Failed to compile: mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
. Error code = 0x800706be 

Error - 28-5-2013 23:46:15 | Computer Name = T42 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32)
- 1>Failed to compile: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
. Error code = 0x80131f06 

Error - 28-5-2013 23:46:16 | Computer Name = T42 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32)
- 1>Failed to compile: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
. Error code = 0x80131f06 

Error - 29-5-2013 4:43:23 | Computer Name = T42 | Source = MsiInstaller | ID = 11704
Description = Product: Access IBM -- Fout 1704. De installatie van Microsoft .NET
Framework 4 Client Profile NLD Language Pack is momenteel onderbroken. Als u door
wilt gaan, moet u de wijzigingen die door de installatie zijn aangebracht, ongedaan
maken. Wilt u de wijzigingen ongedaan maken?

Error - 22-6-2013 21:22:38 | Computer Name = T42 | Source = crypt32 | ID = 131080
Description = Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
opvragen van de automatische update van het basislijstvolgordenummer van derden
is mislukt met de fout: Deze bewerking is geretourneerd omdat de time-outperiode
verlopen is. 

[ System Events ]
Error - 21-6-2013 15:03:05 | Computer Name = T42 | Source = Service Control Manager | ID = 7034
Description = De IBM KCU Service-service is onverwacht beëindigd. Dit is nu 1 keer
gebeurd.

Error - 21-6-2013 22:46:43 | Computer Name = T42 | Source = Service Control Manager | ID = 7022
Description = De Windows Image Acquisition (WIA)-service is bij het starten vastgelopen.

Error - 21-6-2013 22:53:05 | Computer Name = T42 | Source = Service Control Manager | ID = 7022
Description = De Windows Image Acquisition (WIA)-service is bij het starten vastgelopen.

Error - 22-6-2013 7:52:38 | Computer Name = T42 | Source = Service Control Manager | ID = 7022
Description = De Windows Image Acquisition (WIA)-service is bij het starten vastgelopen.

Error - 22-6-2013 16:50:43 | Computer Name = T42 | Source = Dhcp | ID = 1002
Description = De IP-adreslease 192.168.1.2 voor de netwerkkaart met netwerkadres
00112542A13A is geweigerd  door de DHCP-server 0.0.0.0. De DHCP-server heeft een
DHCPNACK-bericht gezonden.

Error - 22-6-2013 21:34:08 | Computer Name = T42 | Source = Service Control Manager | ID = 7022
Description = De Windows Image Acquisition (WIA)-service is bij het starten vastgelopen.

Error - 22-6-2013 22:16:21 | Computer Name = T42 | Source = Service Control Manager | ID = 7022
Description = De Windows Image Acquisition (WIA)-service is bij het starten vastgelopen.

Error - 22-6-2013 22:23:29 | Computer Name = T42 | Source = Service Control Manager | ID = 7022
Description = De Windows Image Acquisition (WIA)-service is bij het starten vastgelopen.

Error - 22-6-2013 22:32:51 | Computer Name = T42 | Source = Service Control Manager | ID = 7022
Description = De Windows Image Acquisition (WIA)-service is bij het starten vastgelopen.

Error - 22-6-2013 22:38:20 | Computer Name = T42 | Source = Service Control Manager | ID = 7022
Description = De Windows Image Acquisition (WIA)-service is bij het starten vastgelopen.


< End of report >

 

Oy I see many dutch language lines - hope you find a solution to read those ?!

 

Happy reading - hope to see you soon again - with kind regards = Gamla.


============================================================================================================

Addicted to my portable T42 [xp] and a Desk PC with mobo Asus P5WD2 E PREMIUM [vista] - both operational in older OS but want to add both onto Linux.  All my application software works perfect in the XP environment. 


#10 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:09:59 PM

Posted 24 June 2013 - 06:11 AM

Good evening gamla7,

 

Please click Start>Run and copy/paste the following text, including the space between "ComboFix and "/uninstall", into the Run box and click OK:

ComboFix /uninstall

 

=====

 

I see you have the Vuze Remote Community Toolbar installed. It has been known to act suspiciously (please see here for more information). I recommend removing this toolbar.

 

Please go to Start>Control Panel>Programs and uninstall the following program (if present):

  • Vuze Remote Community Toolbar

 

Please restart your computer after this program removal.

=====

 

Next, please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTL

    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: tyqlbfgezjhranyudhywTaskMgr = 0

    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

    :Commands
    [EmptyTemp]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

 

=====

 

I would like to see the OTL fix log in your reply. What issues remain?
 

 


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#11 gamla7

gamla7
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Same universe
  • Local time:12:59 PM

Posted 24 June 2013 - 01:52 PM

Hello Dear The Dark Knight

 

Marvellous cleaning job you did.

 

 QUOTE = I would like to see the OTL fix log in your reply. What issues remain?

 

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\tyqlbfgezjhranyudhywTaskMgr deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 795390 bytes
->Temporary Internet Files folder emptied: 19778909 bytes
->FireFox cache emptied: 13684490 bytes
->Flash cache emptied: 492 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: JP
->Temp folder emptied: 124702847 bytes
->Temporary Internet Files folder emptied: 53168922 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 100381861 bytes
->Google Chrome cache emptied: 6589168 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1147 bytes

User: LocalService
->Temp folder emptied: 82513 bytes
->Temporary Internet Files folder emptied: 5965567 bytes

User: NetworkService
->Temp folder emptied: 13892 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: TEMP.IBM-58AF0749AF9.000
->Temporary Internet Files folder emptied: 32768 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 271319 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 58748958 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 367,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06242013_204212

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\BtwEventTrace_5_6_0_6900.etl scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_8e0.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


============================================================================================================

Addicted to my portable T42 [xp] and a Desk PC with mobo Asus P5WD2 E PREMIUM [vista] - both operational in older OS but want to add both onto Linux.  All my application software works perfect in the XP environment. 


#12 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:09:59 PM

Posted 25 June 2013 - 04:39 PM

Hey gamla7,

 

Please run a free online scan with the ESET Online Scanner.
Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is checked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#13 gamla7

gamla7
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Same universe
  • Local time:12:59 PM

Posted 27 June 2013 - 05:43 AM

Hello Dear The Dark Knight

 

Please find here my latest and complete log.txt by eset online scan =

 

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0296c14f4b7c3a4b9c9fc81aba6bf5fd
# engine=14165
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-27 08:24:20
# local_time=2013-06-27 10:24:20 (+0100, West-Europa (zomertijd))
# country="Netherlands"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1039 16777213 100 91 7662 59455444 0 0
# scanned=232261
# found=5
# cleaned=5
# scan_time=7119
sh=89BF4599AB0B3B65DB52651283667A8AB40D1072 ft=1 fh=0ae3be3e45f4abbb vn="probably a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\Installer\MSIA1.tmp"
sh=C939AC19D83602C4D5B3E7B59446F47392D14B0D ft=1 fh=a77cb90dc745b3e7 vn="Win32/SpeedUpMyPC application (cleaned by deleting - quarantined)" ac=C fn="E:\DOWNLOADS TRANFERT\speedupmypc.exe"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G application (cleaned by deleting - quarantined)" ac=C fn="E:\JP_BESTANDEN\SOFTWARE\cbsidlm-tr1_13-Free_Desktop_Timer-ORG-75415517.exe"
sh=754B2A40805DA006A75632F63BE4F44453B75A0C ft=1 fh=10645e4aa1fd931f vn="a variant of Win32/InstallIQ.A application (cleaned by deleting - quarantined)" ac=C fn="E:\JP_BESTANDEN\SOFTWARE\Bleeping Computer\freefileviewer_730.exe"
sh=21ECE50E242CD2014C3A73262BFAD894267BE7E3 ft=1 fh=745906623ff06dd1 vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="E:\JP_BESTANDEN\SOFTWARE\YouTube downloader\YouTubeDownloaderSetup34.exe"

 

 

With best regards - Gamla.


============================================================================================================

Addicted to my portable T42 [xp] and a Desk PC with mobo Asus P5WD2 E PREMIUM [vista] - both operational in older OS but want to add both onto Linux.  All my application software works perfect in the XP environment. 


#14 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:09:59 PM

Posted 27 June 2013 - 04:34 PM

Hey gamla7,

 

Any remaining issues on your computer?


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#15 gamla7

gamla7
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Same universe
  • Local time:12:59 PM

Posted 28 June 2013 - 02:25 AM

Hello Dear The Dark Knight

 

I manualy restored all bookmarks to the screen icons for the internet-browsers and all  is accepted and  seems to be stable.  Guess its time now to make the necessary steps to upgrade the browsers for XP.  Great with help of bleepings computer managed to get true this adventure.  Many thanks.  Guess I will find all in forum and tutors now.

 

Kind regards - Gamla


============================================================================================================

Addicted to my portable T42 [xp] and a Desk PC with mobo Asus P5WD2 E PREMIUM [vista] - both operational in older OS but want to add both onto Linux.  All my application software works perfect in the XP environment. 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users