Solved logs of dds,mbrcheck as requested

janwin7 · 2011/04/03

[Resolved] logs of dds,mbrcheck as requested

As requested from Wildfire, WindowsBBS team member, These are my logs to be checked. Thank you very much. I can't make any gmer log because i can't run it. It will start but it stops before ending the run.

1: MBRcheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Starter Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: MEDION
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: MEDION
System Product Name: E122X
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 193):
0x81C3E000 \SystemRoot\system32\ntkrnlpa.exe
0x81C07000 \SystemRoot\system32\halmacpi.dll
0x81A8F000 \SystemRoot\system32\kdcom.dll
0x82212000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8228A000 \SystemRoot\system32\PSHED.dll
0x8229B000 \SystemRoot\system32\BOOTVID.dll
0x822A3000 \SystemRoot\system32\CLFS.SYS
0x822E5000 \SystemRoot\system32\CI.dll
0x86215000 \SystemRoot\system32\drivers\Wdf01000.sys
0x86286000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x86294000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x862DC000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x862E5000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x862ED000 \SystemRoot\system32\DRIVERS\pci.sys
0x86317000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x86322000 \SystemRoot\System32\drivers\partmgr.sys
0x86333000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8633B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x86346000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x86356000 \SystemRoot\System32\drivers\volmgrx.sys
0x863A1000 \SystemRoot\system32\DRIVERS\intelide.sys
0x863A8000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x863B6000 \SystemRoot\System32\drivers\mountmgr.sys
0x863CC000 \SystemRoot\system32\DRIVERS\atapi.sys
0x863D5000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x86200000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x82390000 \SystemRoot\system32\drivers\fltmgr.sys
0x823C4000 \SystemRoot\system32\drivers\fileinfo.sys
0x86411000 \SystemRoot\System32\Drivers\Ntfs.sys
0x86540000 \SystemRoot\System32\Drivers\msrpc.sys
0x8656B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8657E000 \SystemRoot\System32\Drivers\cng.sys
0x865DB000 \SystemRoot\System32\drivers\pcw.sys
0x865E9000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8660C000 \SystemRoot\system32\drivers\ndis.sys
0x866C3000 \SystemRoot\system32\drivers\NETIO.SYS
0x86701000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x86814000 \SystemRoot\System32\drivers\tcpip.sys
0x8695D000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8698E000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x869CD000 \SystemRoot\System32\Drivers\spldr.sys
0x86726000 \SystemRoot\System32\drivers\rdyboost.sys
0x869D5000 \SystemRoot\System32\Drivers\mup.sys
0x869E5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x86753000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x869ED000 \SystemRoot\system32\DRIVERS\disk.sys
0x86785000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x87820000 \??\C:\Windows\system32\drivers\ale_nf.sys
0x87881000 \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys
0x87892000 \SystemRoot\System32\Drivers\Null.SYS
0x87899000 \SystemRoot\System32\Drivers\Beep.SYS
0x878A0000 \SystemRoot\System32\drivers\vga.sys
0x878AC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x878CD000 \SystemRoot\System32\drivers\watchdog.sys
0x878DA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x878E2000 \SystemRoot\system32\drivers\rdpencdd.sys
0x878EA000 \SystemRoot\system32\drivers\rdprefmp.sys
0x878F2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x878FD000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8790B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x87922000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8792D000 \SystemRoot\system32\drivers\afd.sys
0x87987000 \SystemRoot\System32\DRIVERS\netbt.sys
0x879B9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x879C0000 \SystemRoot\system32\DRIVERS\pacer.sys
0x879DF000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x879F0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x87800000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x867EE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8AA30000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8AA71000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8AA7B000 \??\c:\program files\norman\ngs\bin\ngs.sys
0x8AA80000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8AA8A000 \SystemRoot\System32\drivers\discache.sys
0x8AA96000 \SystemRoot\System32\Drivers\dfsc.sys
0x8AAAE000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8AABC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8AADD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B013000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8B51B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8AAEF000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8B5D2000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B000000 \SystemRoot\system32\DRIVERS\L1C62x86.sys
0x8F031000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
0x8F144000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x8F14E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8F159000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F1A4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F1B3000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F1CB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F1D8000 \SystemRoot\system32\DRIVERS\fspad_wlh32.sys
0x8F1E8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F1F5000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F000000 \SystemRoot\system32\DRIVERS\ATKACPI.SYS
0x8F008000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8F015000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8AB28000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B5F1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8AB40000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AB62000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AB7A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AB91000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F027000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8ABA8000 \SystemRoot\system32\DRIVERS\ks.sys
0x8ABDC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8BA0C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8BA50000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C01D000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8C2CB000 \SystemRoot\system32\drivers\portcls.sys
0x8C2FA000 \SystemRoot\system32\drivers\drmk.sys
0x8CF30000 \SystemRoot\System32\win32k.sys
0x8C313000 \SystemRoot\System32\drivers\Dxapi.sys
0x8C31D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8C32A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8C335000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8C33E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x8C34F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x8C35A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8C365000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8C378000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8C37F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C381000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8C398000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8D190000 \SystemRoot\System32\TSDDD.dll
0x8D1C0000 \SystemRoot\System32\cdd.dll
0x8C3A3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8C3BA000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8C3DE000 \SystemRoot\system32\drivers\luafv.sys
0x8C3F9000 \??\C:\Program Files\Norman\Nse\Bin\NDISKIO.SYS
0x8BA61000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8C000000 \SystemRoot\system32\drivers\WudfPf.sys
0x8BA8B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8BA9B000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8BAE1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8BAF1000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8BB04000 \SystemRoot\system32\drivers\HTTP.sys
0x8BB89000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x8BB92000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8BBAB000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8BBBD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x867AA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8BBE0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8AA18000 \??\C:\Program Files\Norman\Ngs\Bin\nregsec.sys
0xA823C000 \SystemRoot\system32\drivers\peauth.sys
0xA82D3000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA82DD000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA82FE000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA830B000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA835A000 \SystemRoot\System32\DRIVERS\srv.sys
0xA83AB000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x8CE00000 \SystemRoot\System32\ATMFD.DLL
0xA83CC000 \??\C:\Program Files\Norman\Npm\Bin\NmchInjDrv.sys
0xA83CF000 \??\C:\Users\Annie\AppData\Local\Temp\uwdorpod.sys
0xAD218000 \SystemRoot\system32\drivers\spsys.sys
0x77A30000 \Windows\System32\ntdll.dll
0x483C0000 \Windows\System32\smss.exe
0x77C70000 \Windows\System32\apisetschema.dll
0x004C0000 \Windows\System32\autochk.exe
0x77C00000 \Windows\System32\difxapi.dll
0x77960000 \Windows\System32\user32.dll
0x77820000 \Windows\System32\urlmon.dll
0x77B70000 \Windows\System32\clbcatq.dll
0x777A0000 \Windows\System32\comdlg32.dll
0x77710000 \Windows\System32\oleaut32.dll
0x77660000 \Windows\System32\msvcrt.dll
0x77580000 \Windows\System32\kernel32.dll
0x77570000 \Windows\System32\lpk.dll
0x774D0000 \Windows\System32\usp10.dll
0x774C0000 \Windows\System32\normaliz.dll
0x774A0000 \Windows\System32\imm32.dll
0x77400000 \Windows\System32\advapi32.dll
0x77350000 \Windows\System32\rpcrt4.dll
0x77340000 \Windows\System32\nsi.dll
0x77140000 \Windows\System32\iertutil.dll
0x76FA0000 \Windows\System32\setupapi.dll
0x76F50000 \Windows\System32\Wldap32.dll
0x76F10000 \Windows\System32\ws2_32.dll
0x76EE0000 \Windows\System32\imagehlp.dll
0x76E10000 \Windows\System32\msctf.dll
0x76E00000 \Windows\System32\psapi.dll
0x76D00000 \Windows\System32\wininet.dll
0x76CE0000 \Windows\System32\sechost.dll
0x76C90000 \Windows\System32\gdi32.dll
0x76C30000 \Windows\System32\shlwapi.dll
0x76AD0000 \Windows\System32\ole32.dll
0x75E80000 \Windows\System32\shell32.dll
0x75E60000 \Windows\System32\devobj.dll
0x75E30000 \Windows\System32\cfgmgr32.dll
0x75DA0000 \Windows\System32\comctl32.dll
0x75C80000 \Windows\System32\crypt32.dll
0x75C50000 \Windows\System32\wintrust.dll
0x75C00000 \Windows\System32\KernelBase.dll
0x75BF0000 \Windows\System32\msasn1.dll

Processes (total 62):
0 System Idle Process
4 System
272 C:\Windows\System32\smss.exe
412 C:\Windows\System32\csrss.exe
472 C:\Windows\System32\csrss.exe
480 C:\Windows\System32\wininit.exe
516 C:\Windows\System32\winlogon.exe
576 C:\Windows\System32\services.exe
592 C:\Windows\System32\lsass.exe
604 C:\Windows\System32\lsm.exe
704 C:\Windows\System32\svchost.exe
764 C:\Program Files\Norman\Npm\Bin\elogsvc.exe
784 C:\Program Files\Norman\Ngs\Bin\nnf.exe
812 C:\Program Files\Norman\Ngs\Bin\nprosec.exe
856 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1024 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\audiodg.exe
1152 C:\Windows\System32\svchost.exe
1288 C:\Program Files\Norman\Npm\Bin\Zanda.exe
1328 C:\Program Files\Norman\Npm\Bin\nvoy.exe
1404 C:\Program Files\Norman\Npf\Bin\npfsvc32.exe
1512 C:\Windows\System32\svchost.exe
1660 C:\Windows\System32\spoolsv.exe
1716 C:\Windows\System32\svchost.exe
1884 C:\Windows\System32\taskhost.exe
1972 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1992 C:\Windows\System32\dwm.exe
2044 C:\Windows\explorer.exe
476 C:\Program Files\Microsoft\BingBar\SeaPort.EXE
1232 C:\Windows\System32\svchost.exe
1504 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2092 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2276 C:\Windows\System32\svchost.exe
2400 C:\Windows\System32\WUDFHost.exe
2624 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
2632 C:\Program Files\Norman\Npm\Bin\Zlh.exe
2640 C:\Program Files\Norman\Npm\Bin\scheduler.exe
2668 C:\Program Files\Norman\Npm\Bin\Njeeves.exe
2712 C:\Program Files\Norman\Nse\Bin\Nsesvc.exe
2932 C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
3024 C:\Windows\System32\hkcmd.exe
3040 C:\Windows\System32\igfxpers.exe
3064 C:\Program Files\Windows Sidebar\sidebar.exe
3100 C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
3144 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3208 C:\Windows\System32\igfxsrvc.exe
3636 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
3784 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
3844 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
3908 C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
2460 C:\Program Files\Norman\Nvc\Bin\Nip.exe
3232 C:\Windows\System32\SearchIndexer.exe
3736 C:\Windows\System32\svchost.exe
3408 C:\Windows\System32\sppsvc.exe
1828 C:\Windows\System32\svchost.exe
740 C:\Windows\System32\wbem\WmiPrvSE.exe
1112 C:\Windows\System32\svchost.exe
1844 C:\Windows\System32\svchost.exe
1876 C:\Users\Annie\Desktop\MBRCheck.exe
3704 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000002f`f8700000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVT-00A23T0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: A1D8436B9D28AE5947F8CFF23FE54B1DC1738268

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): -1

Done!

2 DDS log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Annie at 17:19:32,44 on zo 03/04/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Starter 6.1.7600.0.1252.32.1043.18.1014.272 [GMT 2:00]
.
AV: Norman Security Suite *Disabled/Updated* {D038CA80-26F3-90BF-94AA-03C4D945E661}
SP: Norman Security Suite *Disabled/Updated* {6B592B64-00C9-9F31-AE1A-38B6A2C2ACDC}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norman Security Suite *Enabled* {E8034BA5-6C9C-91E7-BFF5-AAF12796A11A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Norman\Npm\Bin\elogsvc.exe
C:\Program Files\Norman\Ngs\Bin\Nnf.exe
C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\Program Files\Norman\npf\bin\npfsvc32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\Norman\Npm\Bin\scheduler.exe
C:\Program Files\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\Norman\Nse\Bin\NSESVC.EXE
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files\Norman\Nvc\Bin\Nip.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Annie\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.be/
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Norman ZANDA] "c:\program files\norman\npm\bin\ZLH.EXE" /LOAD /SPLASH
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [UpdateYouPaintShortCut] "c:\program files\cyberlink\youpaint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youpaint" updatewithcreateonce "software\cyberlink\youpaint\1.2 "
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\3.0 "
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe "
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ALE_NF;Norman Network Filter ALE driver;c:\windows\system32\drivers\ale_nf.sys [2010-8-4 61472]
R1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [2010-8-4 26744]
R1 NPROSEC;Norman Security driver;c:\program files\norman\ngs\bin\nprosec.sys [2010-8-4 74144]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 Ndiskio;Ndiskio;c:\program files\norman\nse\bin\Ndiskio.sys [2010-8-4 22880]
R2 NNFSVC;Norman Network Filtering service;c:\program files\norman\ngs\bin\nnf.exe [2010-12-16 223000]
R2 Norman ZANDA;Norman ZANDA;c:\program files\norman\npm\bin\Zanda.exe [2011-1-14 308408]
R2 NPFSvc32;Norman Personal Firewall Service;c:\program files\norman\npf\bin\npfsvc32.exe [2010-12-16 290472]
R2 NPROSECSVC;Norman Security service;c:\program files\norman\ngs\bin\nprosec.exe [2010-12-16 90656]
R2 nregsec;Norman Registry Security driver;c:\program files\norman\ngs\bin\nregsec.sys [2010-12-16 40384]
R2 NVOY;Norman Resource Provider;c:\program files\norman\npm\bin\nvoy.exe [2010-12-16 100336]
R3 ACPIService;ATK0100 ACPI SERVICE;c:\windows\system32\drivers\ATKACPI.SYS [2010-3-26 16456]
R3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\drivers\fspad_wlh32.sys [2010-3-26 42496]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-3-26 58368]
R3 nsesvc;Norman Scanner Engine Service;c:\program files\norman\nse\bin\Nsesvc.exe [2011-1-5 288072]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-1 1009184]
R3 Scheduler;Norman Scheduler Service;c:\program files\norman\npm\bin\scheduler.exe [2010-12-16 99312]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-3-26 43944]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-3-26 29472]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-3-9 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-7-26 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-7-26 8576]
S3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcv32mf.sys [2010-12-16 24688]
S3 nvcoas;Norman Virus Control on-access component;c:\program files\norman\nvc\bin\Nvcoas.exe [2010-12-16 198168]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-04-03 08:25:32 -------- d-----w- c:\users\annie\appdata\local\{5A0DB3D2-619F-46E7-BE0E-221643014AAA}
2011-04-02 20:01:18 -------- d-----w- c:\users\annie\appdata\local\{A0FDCBDB-8206-4795-AB39-DCBA59679F88}
2011-04-02 17:47:21 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-02 08:00:50 -------- d-----w- c:\users\annie\appdata\local\{8564BF12-4A96-4B97-AD37-8D39AB058A94}
2011-04-01 17:53:38 -------- d-----w- c:\program files\SequoiaView
2011-04-01 17:52:45 -------- d-----w- c:\program files\ConduitEngine
2011-04-01 17:52:40 -------- d-----w- c:\program files\Softonic-Eng7
2011-04-01 17:50:26 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{37944b87-2f2b-4360-b35c-2c4479c6e765}\mpengine.dll
2011-04-01 17:39:14 -------- d-----w- c:\users\annie\appdata\local\{728FB7AF-AF64-4634-983D-73B8D333A15B}
2011-04-01 05:14:21 -------- d-----w- c:\users\annie\appdata\local\{1FCE5A20-4DEC-4BF5-83B3-C8731E999AE1}
2011-03-31 15:44:33 -------- d-----w- c:\users\annie\appdata\local\{125D21C3-78C5-44DB-A308-A1D52F3319BD}
2011-03-30 19:29:34 -------- d-----w- c:\users\annie\appdata\local\{BA3266B6-7362-499F-9BCD-73EEC5BBB272}
2011-03-30 06:56:17 -------- d-----w- c:\users\annie\appdata\local\{5663014E-3EA5-47B2-8617-2AE1A80AD5BB}
2011-03-29 18:01:41 -------- d-----w- c:\users\annie\appdata\local\{8170F3A5-4ED4-4A28-A1B6-8563DFBE6BFE}
2011-03-28 17:44:06 -------- d-----w- c:\users\annie\appdata\local\{E44950AE-2DED-4956-9447-B1BF6DA7FB32}
2011-03-27 20:23:13 -------- d-----w- c:\users\annie\appdata\local\{2030DA20-80C1-4944-9075-5186B92CC9DE}
2011-03-27 08:22:56 -------- d-----w- c:\users\annie\appdata\local\{EC42ED48-07DC-4E0C-840C-A6C281109F78}
2011-03-26 07:34:03 -------- d-----w- c:\users\annie\appdata\local\{776B9D8C-CF16-47E2-A256-61FA833EF267}
2011-03-25 18:19:54 -------- d-----w- c:\users\annie\appdata\local\{63F8C9D1-4863-4C22-B04E-E75C489B7A8F}
2011-03-25 06:19:28 -------- d-----w- c:\users\annie\appdata\local\{CAB94B08-E967-4C09-BB10-B48FD27636EC}
2011-03-24 06:40:00 -------- d-----w- c:\users\annie\appdata\local\{CD3D7435-837D-4DAD-88DB-E22D54B3EDD2}
2011-03-23 18:39:22 -------- d-----w- c:\users\annie\appdata\local\{C2CA2C43-FFC6-464F-B7A1-56902DD3BED0}
2011-03-22 18:46:18 -------- d-----w- c:\users\annie\appdata\local\{97C363F3-E67D-4044-B2E6-E609D2F0AED7}
2011-03-21 18:46:47 -------- d-----w- c:\users\annie\appdata\local\{BC7A4184-80BB-47D6-94D0-A1F9AB085691}
2011-03-21 06:27:21 -------- d-----w- c:\users\annie\appdata\local\{DA7FC75F-5353-489D-BE81-A33304AD910D}
2011-03-20 15:05:44 -------- d-----w- c:\users\annie\appdata\local\{0481428D-0E8B-443A-BDF1-015D8279BD8A}
2011-03-19 08:43:08 -------- d-----w- c:\users\annie\appdata\local\{01872A81-F85C-43F3-84BE-E556717EE11E}
2011-03-18 16:20:01 -------- d-----w- c:\users\annie\appdata\local\{1EC45EC8-98BB-4035-9298-63C449692AB4}
2011-03-17 18:52:16 -------- d-----w- c:\users\annie\appdata\local\{C0F59F75-E8E7-49B6-B627-4D982EEF0A5A}
2011-03-17 06:42:43 -------- d-----w- c:\windows\system32\x64
2011-03-17 06:41:09 -------- d-----w- c:\windows\system32\SPReview
2011-03-17 06:39:42 -------- d-----w- c:\windows\system32\EventProviders
2011-03-17 06:39:17 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-03-17 06:18:06 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-03-16 19:48:21 -------- d-----w- c:\users\annie\appdata\local\{DC553369-090C-4213-9A40-1217BFC2BEFA}
2011-03-16 18:44:29 -------- d-----w- c:\users\annie\appdata\local\{D08A94E1-E117-476D-B8F0-9DB72E6FAC7F}
2011-03-15 18:59:41 -------- d-----w- c:\users\annie\appdata\local\{46D67B06-7242-4077-903B-7531C922720F}
2011-03-15 06:18:23 -------- d-----w- c:\users\annie\appdata\local\{AD204A72-7E43-4DBF-95A5-15D24CCEA279}
2011-03-14 06:13:45 -------- d-----w- c:\users\annie\appdata\local\{116C8478-31D3-44A3-924D-02121A2A91F4}
2011-03-13 13:29:11 -------- d-----w- c:\users\annie\appdata\local\{3C7392E3-9004-4923-AFD4-89488EECCAA2}
2011-03-12 07:29:59 -------- d-----w- c:\users\annie\appdata\local\{6D58BC61-14B2-4672-9371-8F1D365A2AF3}
2011-03-11 11:32:25 -------- d-----w- c:\users\annie\appdata\local\{D34C8B30-1362-4DC2-84F3-CEF6AC4F1557}
2011-03-10 21:59:01 -------- d-----w- c:\users\annie\appdata\local\{811BA32B-8C0E-4F77-B30C-98CCCA7B529A}
2011-03-09 20:59:01 -------- d-----w- c:\users\annie\appdata\local\{D5694711-64CE-46A9-BD0A-D5C46DCEAA5E}
2011-03-09 20:47:32 -------- d-----w- c:\windows\nl
2011-03-09 20:46:33 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-03-09 20:44:39 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-03-09 06:17:44 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-03-08 22:49:46 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-08 22:49:46 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-08 22:49:45 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-08 22:49:41 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-08 22:49:41 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-08 22:49:41 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-08 22:49:40 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-08 22:49:29 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-08 22:49:28 1034240 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 21:08:58 -------- d-----w- c:\windows\pss
2011-03-08 20:24:12 -------- d-----w- c:\users\annie\appdata\local\{56D74E3D-9705-4EA9-B0A4-665CC4F9EDEC}
2011-03-08 19:05:40 -------- d-----w- c:\users\annie\appdata\local\{F7D7481E-A574-4E9F-BCBF-3F230268FE57}
2011-03-07 19:05:21 -------- d-----w- c:\users\annie\appdata\local\{A06CABF6-3E5D-4356-9CBC-CFE40CBA5DA7}
2011-03-05 20:12:59 -------- d-----w- c:\users\annie\appdata\local\{F2E542D6-C47D-4904-8FB9-66CB80CB1EE8}
2011-03-05 08:12:31 -------- d-----w- c:\users\annie\appdata\local\{00D0EB05-548C-4534-B2F8-BB6EA2B55C90}
2011-03-04 18:57:16 -------- d-----w- c:\users\annie\appdata\local\{13ADEB42-B0BC-4662-BE31-E383EC430FD3}
.
==================== Find3M ====================
.
2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 17:21:08,84 ===============

3 Attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume1
Install Date: 4/08/2010 13:11:48
System Uptime: 3/04/2011 17:07:14 (0 hours ago)
.
Motherboard: MEDION | | E122X
Processor: Intel(R) Atom(TM) CPU N450 @ 1.66GHz | CPU 1 | 1667/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 192 GiB total, 157,32 GiB free.
D: is FIXED (NTFS) - 40 GiB total, 2,656 GiB free.
E: is Removable
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP174: 17/03/2011 7:40:52 - Windows 7 Service Pack 1
RP175: 18/03/2011 17:30:37 - Windows Update
RP176: 20/03/2011 19:57:00 - Windows Back-up
RP177: 20/03/2011 20:05:41 - Windows Back-up
RP178: 22/03/2011 19:56:56 - Windows Update
RP179: 23/03/2011 20:49:14 - Windows Update
RP180: 25/03/2011 18:19:43 - Windows Update
RP181: 27/03/2011 20:30:27 - Windows Back-up
RP182: 29/03/2011 20:12:59 - Windows Update
RP183: 1/04/2011 19:49:46 - Windows Update
RP185: 2/04/2011 19:50:13 - Removed Hotkey
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.3 - Nederlands
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Bing Bar
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibiliteitspakket voor het 2007 Microsoft Office system
Conduit Engine
CorelDRAW Essentials 4
CorelDRAW Essentials 4 - Content
CorelDRAW Essentials 4 - Draw
CorelDRAW Essentials 4 - Filters
CorelDRAW Essentials 4 - ICA
CorelDRAW Essentials 4 - IPM - No VBA
CorelDRAW Essentials 4 - Lang BR
CorelDRAW Essentials 4 - Lang DE
CorelDRAW Essentials 4 - Lang EN
CorelDRAW Essentials 4 - Lang ES
CorelDRAW Essentials 4 - Lang FR
CorelDRAW Essentials 4 - Lang IT
CorelDRAW Essentials 4 - Lang NL
CorelDRAW Essentials 4 - PHOTO-PAINT
CorelDRAW Essentials 4 - Windows Shell Extension
CyberLink PowerDVD 9
CyberLink YouCam
CyberLink YouPaint
D3DX10
Finger Sensing Pad Driver
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 18
Junk Mail filter update
Malwarebytes' Anti-Malware
Medion Home Cinema
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office PowerPoint Viewer 2007 (Dutch)
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (Dutch) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Norman Security Suite
OGA Notifier 2.0.0048.0
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
Realtek High Definition Audio Driver
REALTEK Wireless LAN Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SequoiaView
Softonic-Eng7 Toolbar
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office OneNote 2007 (KB980729)
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
WIDCOMM Bluetooth Software
Windows-stuurprogrammapakket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Driver Package - Broadcom Bluetooth (05/27/2009 6.1.7100.0)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================
If anyone could help me with this i would be gratefull. Thank you!

janwin7 · 2011/04/03

I forgot the log of malwarebytes. Sorry.

This is it:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Databaseversie: 4447

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/04/2011 18:31:04
mbam-log-2011-04-02 (18-31-04).txt

Scantype: Volledige scan (C:\|D:\|)
Objecten gescand: 215529
Verstreken tijd: 3 uur/uren, 20 minuut/minuten, 37 seconde(n)

Geheugenprocessen geÃ¯nfecteerd: 0
Geheugenmodulen geÃ¯nfecteerd: 0
Registersleutels geÃ¯nfecteerd: 0
Registerwaarden geÃ¯nfecteerd: 0
Registerdata geÃ¯nfecteerd: 0
Mappen geÃ¯nfecteerd: 0
Bestanden geÃ¯nfecteerd: 1

Geheugenprocessen geÃ¯nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geÃ¯nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geÃ¯nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geÃ¯nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geÃ¯nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geÃ¯nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geÃ¯nfecteerd:
C:\32788R22FWJFW\Combo-Fix.sys (Trojan.Agent.Gen) -> No action taken.

Thank you!!!

wildfire · 2011/04/03

@janwin7 Thanks, an analyst will look at your logs and respond in due course. Please be patient.

@Analyst,

A follow up from hiren's boot cd 13.1

broni · 2011/04/03

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================

Can you briefly describe your computer issues?

janwin7 · 2011/04/03

spam, spyware?

Thanks for your reply!
Well when i wanna check my e-mail on hotmail, i have to log in. Before i do that i set my status on invisible. I have my reasons. So i log in and when i see that there is mail, i click on my inbox button. From that moment my status will be visible. I have 3 pc's. So on 2pc's my status automaticly turns into visible. On those i am logged in on 2 locations. 1 on the pc and 1 on the web. I've tried different things: combofix, malwarebytes, superantispyware, hijackthis, ccleaner, on 1 pc i uninstalled windows live essentials 2011 and reinstalled it. But nothing seems to be working. My pc was slowing down. I tried all these to accelerate my pc and to get rid of the spam, spyware or whatever it is. After that i 've run sequoiaview. I deleted all of the installer like i was told. That was working. But the prob with live messenger was still there. I downloaded Hiren's bootcd 13.1 from the net and let it run. I have 1 pc with XP, 1 with vista and 1 pc with windows 7. I choosed the mini windows XP for the one with Windows XP, it would start but didn't keep running. I havent tried the bootcd on the other pc's with vista and Windows 7. So i would like to look for the spam, or is it something else, in the first place, to get rid of it on my 3 pc's. After that i will look for the bootcd.
Thank you for your help!!!

broni · 2011/04/03

Well, we can check, if your computer is clean.
So far, I don't see much.

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.

Click the Report tab, then click Scan.

Check Drivers, Stealth, and uncheck the rest.

Click OK.

Wait until it's finished and then go to File > Save Report.

Save the report to your Desktop.

Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay? ".

janwin7 · 2011/04/04

all the logs of vista pc

There seems to be a prob with my windows 7 pc. I can't run RKUnhookerLE. It will start but it won't run. It looks like it's running but after a few hours there's nothing more on the screen then there was at the beginning.

How can i post the logs when i have more then 16000 characters in my text? I can only post a text with 55000 characters! I can't put it in a file either.

I wanted to post all the logs of my vista pc but i can't post them in one text.

Sorry!!

broni · 2011/04/04

One topic, one computer.
If some log doesn't fit into one reply, split it between couple of replies.

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

janwin7 · 2011/04/05

windows 7 PC

This is the combofix log.

ComboFix 11-04-04.02 - Annie 05/04/2011 12:38:38.5.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.32.1043.18.1014.380 [GMT 2:00]
Gestart vanuit: c:\users\Annie\Downloads\software\ComboFixbis.exe
AV: Norman Security Suite *Disabled/Updated* {D038CA80-26F3-90BF-94AA-03C4D945E661}
FW: Norman Security Suite *Enabled* {E8034BA5-6C9C-91E7-BFF5-AAF12796A11A}
SP: Norman Security Suite *Disabled/Updated* {6B592B64-00C9-9F31-AE1A-38B6A2C2ACDC}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-03-05 to 2011-04-05 ))))))))))))))))))))))))))))))
.
.
2011-04-05 10:53 . 2011-04-05 10:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-04-05 10:53 . 2011-04-05 10:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-05 10:19 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20071184-A417-444A-955C-1EC9EE64FBA9}\mpengine.dll
2011-04-05 10:16 . 2011-04-05 10:16 -------- d-----w- c:\users\Annie\AppData\Local\{4AA98AF4-428A-448B-9680-94F73AAA359F}
2011-04-03 20:33 . 2011-04-03 20:34 -------- d-----w- c:\users\Annie\AppData\Local\{306D7215-543A-4D30-A983-F97A8AB7984C}
2011-04-03 08:25 . 2011-04-03 08:25 -------- d-----w- c:\users\Annie\AppData\Local\{5A0DB3D2-619F-46E7-BE0E-221643014AAA}
2011-04-02 20:01 . 2011-04-02 20:01 -------- d-----w- c:\users\Annie\AppData\Local\{A0FDCBDB-8206-4795-AB39-DCBA59679F88}
2011-04-02 08:00 . 2011-04-02 08:01 -------- d-----w- c:\users\Annie\AppData\Local\{8564BF12-4A96-4B97-AD37-8D39AB058A94}
2011-04-01 17:53 . 2011-04-01 17:53 -------- d-----w- c:\program files\SequoiaView
2011-04-01 17:52 . 2011-04-01 17:52 -------- d-----w- c:\program files\ConduitEngine
2011-04-01 17:52 . 2011-04-01 17:52 -------- d-----w- c:\program files\Softonic-Eng7
2011-04-01 17:39 . 2011-04-01 17:39 -------- d-----w- c:\users\Annie\AppData\Local\{728FB7AF-AF64-4634-983D-73B8D333A15B}
2011-04-01 05:14 . 2011-04-01 05:14 -------- d-----w- c:\users\Annie\AppData\Local\{1FCE5A20-4DEC-4BF5-83B3-C8731E999AE1}
2011-03-31 15:44 . 2011-03-31 15:44 -------- d-----w- c:\users\Annie\AppData\Local\{125D21C3-78C5-44DB-A308-A1D52F3319BD}
2011-03-30 19:29 . 2011-03-30 19:29 -------- d-----w- c:\users\Annie\AppData\Local\{BA3266B6-7362-499F-9BCD-73EEC5BBB272}
2011-03-30 06:56 . 2011-03-30 06:56 -------- d-----w- c:\users\Annie\AppData\Local\{5663014E-3EA5-47B2-8617-2AE1A80AD5BB}
2011-03-29 18:01 . 2011-03-29 18:02 -------- d-----w- c:\users\Annie\AppData\Local\{8170F3A5-4ED4-4A28-A1B6-8563DFBE6BFE}
2011-03-28 17:44 . 2011-03-28 17:44 -------- d-----w- c:\users\Annie\AppData\Local\{E44950AE-2DED-4956-9447-B1BF6DA7FB32}
2011-03-27 20:23 . 2011-03-27 20:23 -------- d-----w- c:\users\Annie\AppData\Local\{2030DA20-80C1-4944-9075-5186B92CC9DE}
2011-03-27 08:22 . 2011-03-27 08:23 -------- d-----w- c:\users\Annie\AppData\Local\{EC42ED48-07DC-4E0C-840C-A6C281109F78}
2011-03-26 07:34 . 2011-03-26 07:34 -------- d-----w- c:\users\Annie\AppData\Local\{776B9D8C-CF16-47E2-A256-61FA833EF267}
2011-03-25 18:19 . 2011-03-25 18:20 -------- d-----w- c:\users\Annie\AppData\Local\{63F8C9D1-4863-4C22-B04E-E75C489B7A8F}
2011-03-25 06:19 . 2011-03-25 06:19 -------- d-----w- c:\users\Annie\AppData\Local\{CAB94B08-E967-4C09-BB10-B48FD27636EC}
2011-03-24 06:40 . 2011-03-24 06:40 -------- d-----w- c:\users\Annie\AppData\Local\{CD3D7435-837D-4DAD-88DB-E22D54B3EDD2}
2011-03-23 18:39 . 2011-03-23 18:39 -------- d-----w- c:\users\Annie\AppData\Local\{C2CA2C43-FFC6-464F-B7A1-56902DD3BED0}
2011-03-22 18:46 . 2011-03-22 18:46 -------- d-----w- c:\users\Annie\AppData\Local\{97C363F3-E67D-4044-B2E6-E609D2F0AED7}
2011-03-21 18:46 . 2011-03-21 18:46 -------- d-----w- c:\users\Annie\AppData\Local\{BC7A4184-80BB-47D6-94D0-A1F9AB085691}
2011-03-21 06:27 . 2011-03-21 06:27 -------- d-----w- c:\users\Annie\AppData\Local\{DA7FC75F-5353-489D-BE81-A33304AD910D}
2011-03-20 15:05 . 2011-03-20 15:05 -------- d-----w- c:\users\Annie\AppData\Local\{0481428D-0E8B-443A-BDF1-015D8279BD8A}
2011-03-19 08:43 . 2011-03-19 08:43 -------- d-----w- c:\users\Annie\AppData\Local\{01872A81-F85C-43F3-84BE-E556717EE11E}
2011-03-18 16:20 . 2011-03-18 16:20 -------- d-----w- c:\users\Annie\AppData\Local\{1EC45EC8-98BB-4035-9298-63C449692AB4}
2011-03-17 18:52 . 2011-03-17 18:53 -------- d-----w- c:\users\Annie\AppData\Local\{C0F59F75-E8E7-49B6-B627-4D982EEF0A5A}
2011-03-17 06:42 . 2011-03-17 06:42 -------- d-----w- c:\windows\system32\x64
2011-03-17 06:41 . 2011-03-17 06:41 -------- d-----w- c:\windows\system32\SPReview
2011-03-17 06:39 . 2011-03-17 06:39 -------- d-----w- c:\windows\system32\EventProviders
2011-03-17 06:39 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-03-17 06:18 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-03-16 19:48 . 2011-03-16 19:48 -------- d-----w- c:\users\Annie\AppData\Local\{DC553369-090C-4213-9A40-1217BFC2BEFA}
2011-03-16 18:44 . 2011-03-16 18:44 -------- d-----w- c:\users\Annie\AppData\Local\{D08A94E1-E117-476D-B8F0-9DB72E6FAC7F}
2011-03-15 18:59 . 2011-03-15 18:59 -------- d-----w- c:\users\Annie\AppData\Local\{46D67B06-7242-4077-903B-7531C922720F}
2011-03-15 06:18 . 2011-03-15 06:18 -------- d-----w- c:\users\Annie\AppData\Local\{AD204A72-7E43-4DBF-95A5-15D24CCEA279}
2011-03-14 06:13 . 2011-03-14 06:13 -------- d-----w- c:\users\Annie\AppData\Local\{116C8478-31D3-44A3-924D-02121A2A91F4}
2011-03-13 13:29 . 2011-03-13 13:29 -------- d-----w- c:\users\Annie\AppData\Local\{3C7392E3-9004-4923-AFD4-89488EECCAA2}
2011-03-12 07:29 . 2011-03-12 07:30 -------- d-----w- c:\users\Annie\AppData\Local\{6D58BC61-14B2-4672-9371-8F1D365A2AF3}
2011-03-11 11:32 . 2011-03-11 11:32 -------- d-----w- c:\users\Annie\AppData\Local\{D34C8B30-1362-4DC2-84F3-CEF6AC4F1557}
2011-03-10 21:59 . 2011-03-10 21:59 -------- d-----w- c:\users\Annie\AppData\Local\{811BA32B-8C0E-4F77-B30C-98CCCA7B529A}
2011-03-09 20:59 . 2011-03-09 20:59 -------- d-----w- c:\users\Annie\AppData\Local\{D5694711-64CE-46A9-BD0A-D5C46DCEAA5E}
2011-03-09 20:47 . 2011-03-09 20:47 -------- d-----w- c:\windows\nl
2011-03-09 20:46 . 2010-09-22 23:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-03-09 20:44 . 2011-03-09 20:44 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-03-09 06:17 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-03-08 22:49 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-08 22:49 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-08 22:49 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-08 22:49 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-08 22:49 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-08 22:49 . 2010-12-23 05:28 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-08 22:49 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-08 22:49 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-08 22:49 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 20:24 . 2011-03-08 20:24 -------- d-----w- c:\users\Annie\AppData\Local\{56D74E3D-9705-4EA9-B0A4-665CC4F9EDEC}
2011-03-08 19:05 . 2011-03-08 19:05 -------- d-----w- c:\users\Annie\AppData\Local\{F7D7481E-A574-4E9F-BCBF-3F230268FE57}
2011-03-07 19:05 . 2011-03-07 19:06 -------- d-----w- c:\users\Annie\AppData\Local\{A06CABF6-3E5D-4356-9CBC-CFE40CBA5DA7}
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-12 07:31 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-03 05:45 . 2011-02-10 06:32 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 17:11 . 2010-03-26 13:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-07 07:31 . 2011-02-22 21:05 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:31 . 2011-02-22 21:05 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27 . 2011-02-10 06:33 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33 . 2011-02-10 06:33 294400 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-13 19:58 3913000 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D} "= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"NokiaOviSuite2 "= "c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-01-31 703360]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer "= "c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-25 8120864]
"Norman ZANDA "= "c:\program files\Norman\Npm\Bin\ZLH.EXE" [2011-03-22 189824]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"UpdateYouPaintShortCut "= "c:\program files\CyberLink\YouPaint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UCam_Menu "= "c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"PDVD9LanguageShortcut "= "c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2 "=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-07-26 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-07-26 8576]
R3 Normandy;Normandy SR2; [x]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcv32mf.sys [2010-11-11 24688]
R3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\Nvc\Bin\nvcoas.exe [2010-11-08 198168]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 ALE_NF;Norman Network Filter ALE driver;c:\windows\system32\drivers\ale_nf.sys [2010-11-10 61472]
S1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [2010-01-04 26744]
S1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [2010-11-10 74144]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\NDISKIO.SYS [2009-10-09 22880]
S2 NNFSVC;Norman Network Filtering service;c:\program files\Norman\Ngs\Bin\Nnf.exe [2010-11-10 223000]
S2 NPFSvc32;Norman Personal Firewall Service;c:\program files\Norman\npf\bin\npfsvc32.exe [2010-11-08 290472]
S2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\Nprosec.exe [2010-11-10 90656]
S2 nregsec;Norman Registry Security driver;c:\program files\Norman\Ngs\Bin\nregsec.sys [2010-11-10 40384]
S2 NVOY;Norman Resource Provider;c:\program files\Norman\npm\bin\nvoy.exe [2010-11-08 100336]
S3 ACPIService;ATK0100 ACPI SERVICE;c:\windows\system32\DRIVERS\ATKACPI.SYS [2009-06-09 16456]
S3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [2009-11-10 42496]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
S3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\NSESVC.EXE [2010-12-17 288072]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-01 1009184]
S3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [2010-11-08 99312]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1421142099-3989457265-74788173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "WindowsLiveMail.Email.1 "
.
[HKEY_USERS\S-1-5-21-1421142099-3989457265-74788173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "WindowsLiveMail.VCard.1 "
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(5316)
c:\program files\Norman\nvc\bin\Niphk.dll
.
Voltooingstijd: 2011-04-05 12:59:42
ComboFix-quarantined-files.txt 2011-04-05 10:59
ComboFix2.txt 2011-04-02 17:47
ComboFix3.txt 2011-02-01 23:45
ComboFix4.txt 2010-12-18 12:02
ComboFix5.txt 2011-04-05 10:36
.
Pre-Run: 170.393.485.312 bytes beschikbaar
Post-Run: 170.364.313.600 bytes beschikbaar
.
- - End Of File - - 3E8E16109DEF415188E693BD1B1D23BA

broni · 2011/04/05

Looks clean.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

janwin7 · 2011/04/05

OTL log

OTL logfile created on: 6/04/2011 0:27:03 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Annie\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000813 | Country: BelgiÃ« | Language: NLB | Date Format: d/MM/yyyy

1.014,00 Mb Total Physical Memory | 424,00 Mb Available Physical Memory | 42,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 49,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 191,78 Gb Total Space | 159,90 Gb Free Space | 83,38% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 2,63 Gb Free Space | 6,57% Space Free | Partition Type: NTFS
Drive E: | 7,41 Gb Total Space | 3,42 Gb Free Space | 46,07% Space Free | Partition Type: FAT32

Computer Name: ANNIE-PC | User Name: Annie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/06 00:21:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Annie\Desktop\OTL.exe
PRC - [2011/03/22 16:15:33 | 000,189,824 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\Zlh.exe
PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/31 13:16:40 | 000,703,360 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
PRC - [2011/01/29 01:18:58 | 000,015,688 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Silverlight\4.0.60129.0\agcp.exe
PRC - [2010/12/17 16:22:48 | 000,288,072 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nse\Bin\Nsesvc.exe
PRC - [2010/12/08 15:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/12/02 11:13:55 | 000,308,408 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\Zanda.exe
PRC - [2010/11/23 18:49:24 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/11/16 15:48:32 | 000,152,576 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010/11/15 14:41:18 | 000,367,496 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
PRC - [2010/11/11 13:43:28 | 000,075,104 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe
PRC - [2010/11/10 14:59:37 | 000,090,656 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Ngs\Bin\nprosec.exe
PRC - [2010/11/10 14:48:32 | 000,223,000 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Ngs\Bin\nnf.exe
PRC - [2010/11/08 18:02:27 | 000,111,912 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\Njeeves.exe
PRC - [2010/11/08 18:02:27 | 000,099,312 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\scheduler.exe
PRC - [2010/11/08 17:56:34 | 000,290,472 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npf\Bin\npfsvc32.exe
PRC - [2010/11/08 17:56:34 | 000,198,168 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\Bin\Nvcoas.exe
PRC - [2010/11/08 17:56:34 | 000,182,712 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\Bin\Nip.exe
PRC - [2010/11/08 17:56:34 | 000,100,336 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\nvoy.exe
PRC - [2010/11/08 17:56:34 | 000,074,592 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\Bin\CClaw.exe
PRC - [2010/05/11 11:16:34 | 000,140,288 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/10/02 18:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

========== Modules (SafeList) ==========

MOD - [2011/04/06 00:21:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Annie\Desktop\OTL.exe
MOD - [2010/11/08 17:56:34 | 000,251,240 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\Bin\Niphk.dll
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/17 16:22:48 | 000,288,072 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Nse\Bin\NSESVC.EXE -- (nsesvc)
SRV - [2010/12/08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/12/02 11:13:55 | 000,308,408 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npm\Bin\Zanda.exe -- (Norman ZANDA)
SRV - [2010/11/11 13:43:28 | 000,075,104 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe -- (eLoggerSvc6)
SRV - [2010/11/10 14:59:37 | 000,090,656 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\Nprosec.exe -- (NPROSECSVC)
SRV - [2010/11/10 14:48:32 | 000,223,000 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\Nnf.exe -- (NNFSVC)
SRV - [2010/11/08 18:02:27 | 000,111,912 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Norman\Npm\Bin\Njeeves.exe -- (Norman NJeeves)
SRV - [2010/11/08 18:02:27 | 000,099,312 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Npm\Bin\scheduler.exe -- (Scheduler)
SRV - [2010/11/08 17:56:34 | 000,290,472 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\npf\bin\npfsvc32.exe -- (NPFSvc32)
SRV - [2010/11/08 17:56:34 | 000,198,168 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Nvc\Bin\nvcoas.exe -- (nvcoas)
SRV - [2010/11/08 17:56:34 | 000,100,336 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\npm\bin\nvoy.exe -- (NVOY)
SRV - [2009/10/02 18:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/11/11 14:01:40 | 000,024,688 | ---- | M] (Norman ASA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\nvcv32mf.sys -- (NvcMFlt)
DRV - [2010/11/10 15:48:11 | 000,040,384 | ---- | M] (Norman ASA) [Kernel | Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\nregsec.sys -- (nregsec)
DRV - [2010/11/10 15:48:00 | 000,074,144 | ---- | M] (Norman ASA) [Kernel | System | Running] -- C:\Program Files\Norman\Ngs\Bin\nprosec.sys -- (NPROSEC)
DRV - [2010/11/10 15:47:28 | 000,061,472 | ---- | M] (Norman ASA) [Kernel | System | Running] -- C:\Windows\System32\drivers\ale_nf.sys -- (ALE_NF)
DRV - [2010/07/30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/07/30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/07/30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/07/30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/07/26 13:24:46 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/07/26 13:24:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/04/01 11:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/01/04 14:44:43 | 000,026,744 | ---- | M] (Norman ASA) [Kernel | System | Running] -- c:\Program Files\Norman\Ngs\Bin\ngs.sys -- (NGS)
DRV - [2009/11/13 18:47:48 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/11/10 14:42:46 | 000,042,496 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2009/10/09 13:24:40 | 000,022,880 | ---- | M] (Norman ASA) [Kernel | Auto | Running] -- C:\Program Files\Norman\Nse\Bin\Ndiskio.sys -- (Ndiskio)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/01 13:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009/06/09 21:30:42 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\ATKACPI.SYS -- (ACPIService)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1421142099-3989457265-74788173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com [binary data]
IE - HKU\S-1-5-21-1421142099-3989457265-74788173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1421142099-3989457265-74788173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
IE - HKU\S-1-5-21-1421142099-3989457265-74788173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/02/09 21:52:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/02/09 21:52:08 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/04/02 19:41:54 | 000,000,000 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1421142099-3989457265-74788173-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\Bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateYouPaintShortCut] C:\Program Files\CyberLink\YouPaint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-1421142099-3989457265-74788173-1000..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1421142099-3989457265-74788173-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1421142099-3989457265-74788173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/06 00:20:52 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Annie\Desktop\OTL.exe
[2011/04/06 00:16:51 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{4AD92EF7-B3E3-4FA4-A3F8-264E4C0E93AC}
[2011/04/05 12:58:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/04/05 12:34:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/05 12:16:17 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{4AA98AF4-428A-448B-9680-94F73AAA359F}
[2011/04/03 22:33:54 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{306D7215-543A-4D30-A983-F97A8AB7984C}
[2011/04/03 17:28:27 | 000,000,000 | ---D | C] -- C:\Users\Annie\Desktop\DDSlogs
[2011/04/03 17:24:26 | 000,000,000 | ---D | C] -- C:\Users\Annie\Documents\DDSlogs
[2011/04/03 17:02:44 | 000,000,000 | ---D | C] -- C:\Users\Annie\Desktop\gmer
[2011/04/03 10:25:32 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{5A0DB3D2-619F-46E7-BE0E-221643014AAA}
[2011/04/02 22:01:18 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{A0FDCBDB-8206-4795-AB39-DCBA59679F88}
[2011/04/02 18:31:30 | 000,000,000 | ---D | C] -- C:\Users\Annie\Documents\malwarebyteslog
[2011/04/02 10:00:50 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{8564BF12-4A96-4B97-AD37-8D39AB058A94}
[2011/04/01 19:53:43 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SequoiaView
[2011/04/01 19:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SequoiaView
[2011/04/01 19:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\SequoiaView
[2011/04/01 19:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/04/01 19:52:40 | 000,000,000 | ---D | C] -- C:\Program Files\Softonic-Eng7
[2011/04/01 19:39:14 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{728FB7AF-AF64-4634-983D-73B8D333A15B}
[2011/04/01 07:14:21 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{1FCE5A20-4DEC-4BF5-83B3-C8731E999AE1}
[2011/03/31 17:44:33 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{125D21C3-78C5-44DB-A308-A1D52F3319BD}
[2011/03/30 21:29:34 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{BA3266B6-7362-499F-9BCD-73EEC5BBB272}
[2011/03/30 08:56:17 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{5663014E-3EA5-47B2-8617-2AE1A80AD5BB}
[2011/03/29 20:01:41 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{8170F3A5-4ED4-4A28-A1B6-8563DFBE6BFE}
[2011/03/28 19:44:06 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{E44950AE-2DED-4956-9447-B1BF6DA7FB32}
[2011/03/27 22:23:13 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{2030DA20-80C1-4944-9075-5186B92CC9DE}
[2011/03/27 10:22:56 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{EC42ED48-07DC-4E0C-840C-A6C281109F78}
[2011/03/26 09:34:03 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{776B9D8C-CF16-47E2-A256-61FA833EF267}
[2011/03/25 20:19:54 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{63F8C9D1-4863-4C22-B04E-E75C489B7A8F}
[2011/03/25 08:19:28 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{CAB94B08-E967-4C09-BB10-B48FD27636EC}
[2011/03/24 08:40:00 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{CD3D7435-837D-4DAD-88DB-E22D54B3EDD2}
[2011/03/23 20:39:22 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{C2CA2C43-FFC6-464F-B7A1-56902DD3BED0}
[2011/03/22 20:46:18 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{97C363F3-E67D-4044-B2E6-E609D2F0AED7}
[2011/03/21 20:46:47 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{BC7A4184-80BB-47D6-94D0-A1F9AB085691}
[2011/03/21 08:27:21 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{DA7FC75F-5353-489D-BE81-A33304AD910D}
[2011/03/20 17:05:44 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{0481428D-0E8B-443A-BDF1-015D8279BD8A}
[2011/03/19 19:54:23 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/03/19 10:43:08 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{01872A81-F85C-43F3-84BE-E556717EE11E}
[2011/03/18 18:20:01 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{1EC45EC8-98BB-4035-9298-63C449692AB4}
[2011/03/17 20:52:16 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{C0F59F75-E8E7-49B6-B627-4D982EEF0A5A}
[2011/03/17 08:42:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2011/03/17 08:41:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/03/17 08:39:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/03/16 21:48:21 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{DC553369-090C-4213-9A40-1217BFC2BEFA}
[2011/03/16 20:44:29 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{D08A94E1-E117-476D-B8F0-9DB72E6FAC7F}
[2011/03/15 20:59:41 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{46D67B06-7242-4077-903B-7531C922720F}
[2011/03/15 08:18:23 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{AD204A72-7E43-4DBF-95A5-15D24CCEA279}
[2011/03/14 08:13:45 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{116C8478-31D3-44A3-924D-02121A2A91F4}
[2011/03/13 15:29:11 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{3C7392E3-9004-4923-AFD4-89488EECCAA2}
[2011/03/12 09:29:59 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{6D58BC61-14B2-4672-9371-8F1D365A2AF3}
[2011/03/11 13:32:25 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{D34C8B30-1362-4DC2-84F3-CEF6AC4F1557}
[2011/03/10 23:59:01 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{811BA32B-8C0E-4F77-B30C-98CCCA7B529A}
[2011/03/09 22:59:01 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{D5694711-64CE-46A9-BD0A-D5C46DCEAA5E}
[2011/03/09 22:47:32 | 000,000,000 | ---D | C] -- C:\Windows\nl
[2011/03/09 22:45:53 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/03/09 22:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/03/09 00:05:03 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-apparaten
[2011/03/08 23:08:58 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/03/08 22:24:12 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{56D74E3D-9705-4EA9-B0A4-665CC4F9EDEC}
[2011/03/08 21:05:40 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{F7D7481E-A574-4E9F-BCBF-3F230268FE57}
[2011/03/07 21:05:21 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\{A06CABF6-3E5D-4356-9CBC-CFE40CBA5DA7}

========== Files - Modified Within 30 Days ==========

[2011/04/06 00:21:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Annie\Desktop\OTL.exe
[2011/04/05 23:52:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/05 12:22:14 | 000,009,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/05 12:22:14 | 000,009,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/05 12:14:36 | 797,605,888 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/03 20:29:46 | 000,133,632 | ---- | M] () -- C:\Users\Annie\Desktop\RKUnhookerLE.EXE
[2011/04/03 17:12:26 | 000,696,280 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2011/04/03 17:12:26 | 000,611,332 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/03 17:12:26 | 000,132,554 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2011/04/03 17:12:26 | 000,105,512 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/03 17:07:28 | 215,014,933 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/03 16:59:44 | 000,625,664 | ---- | M] () -- C:\Users\Annie\Desktop\dds.scr
[2011/04/03 16:59:12 | 000,080,384 | ---- | M] () -- C:\Users\Annie\Desktop\MBRCheck.exe
[2011/04/02 19:41:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/04/01 19:53:42 | 000,000,983 | ---- | M] () -- C:\Users\Annie\Desktop\SequoiaView.lnk
[2011/04/01 19:52:13 | 000,567,047 | ---- | M] () -- C:\Users\Annie\Desktop\Sequoia1_3Install.exe
[2011/03/27 20:22:46 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/24 01:28:29 | 000,004,608 | ---- | M] () -- C:\Users\Annie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/16 21:11:51 | 000,007,648 | ---- | M] () -- C:\Users\Annie\AppData\Local\Resmon.ResmonCfg

========== Files Created - No Company Name ==========

[2011/04/03 20:30:27 | 000,133,632 | ---- | C] () -- C:\Users\Annie\Desktop\RKUnhookerLE.EXE
[2011/04/03 17:04:51 | 000,625,664 | ---- | C] () -- C:\Users\Annie\Desktop\dds.scr
[2011/04/03 17:04:18 | 000,080,384 | ---- | C] () -- C:\Users\Annie\Desktop\MBRCheck.exe
[2011/04/01 19:53:42 | 000,000,983 | ---- | C] () -- C:\Users\Annie\Desktop\SequoiaView.lnk
[2011/04/01 19:52:11 | 000,567,047 | ---- | C] () -- C:\Users\Annie\Desktop\Sequoia1_3Install.exe
[2011/03/19 19:54:10 | 215,014,933 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/03/09 22:45:36 | 000,001,255 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/03/09 22:44:59 | 000,001,324 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/03/09 22:43:55 | 000,001,408 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/03/09 22:42:56 | 000,002,436 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/03/08 21:51:08 | 000,007,648 | ---- | C] () -- C:\Users\Annie\AppData\Local\Resmon.ResmonCfg
[2010/08/20 13:18:12 | 000,004,608 | ---- | C] () -- C:\Users\Annie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/19 12:12:06 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/19 12:12:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/19 12:12:06 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/19 12:12:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/19 12:12:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/03/26 13:23:33 | 000,000,004 | ---- | C] () -- C:\ProgramData\WBLD.INI
[2010/03/26 13:07:56 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2010/03/26 12:21:54 | 000,016,456 | ---- | C] () -- C:\Windows\System32\drivers\ATKACPI.SYS
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 10:27:22 | 000,341,322 | ---- | C] () -- C:\Windows\System32\perfi013.dat
[2009/07/14 10:27:21 | 000,696,280 | ---- | C] () -- C:\Windows\System32\perfh013.dat
[2009/07/14 10:27:21 | 000,132,554 | ---- | C] () -- C:\Windows\System32\perfc013.dat
[2009/07/14 10:27:21 | 000,043,068 | ---- | C] () -- C:\Windows\System32\perfd013.dat
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 06:33:53 | 000,344,488 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,611,332 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,105,512 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/08/04 20:29:24 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\BullGuard
[2011/02/17 21:59:23 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\Nokia
[2011/02/17 21:59:28 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\Nokia Ovi Suite
[2011/01/22 13:12:35 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\PC Suite
[2011/02/07 22:48:34 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\Windows Live Writer
[2009/07/14 06:53:46 | 000,031,184 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/06/10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011/04/05 12:59:44 | 000,015,906 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/04/05 12:14:36 | 797,605,888 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/29 09:38:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/29 09:38:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/04/05 12:14:38 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009/07/14 06:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 23:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/10/26 20:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/14 03:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 03:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/08/04 13:15:18 | 000,000,221 | -HS- | M] () -- C:\Users\Annie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/04/03 16:59:12 | 000,080,384 | ---- | M] () -- C:\Users\Annie\Desktop\MBRCheck.exe
[2011/04/06 00:21:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Annie\Desktop\OTL.exe
[2011/04/03 20:29:46 | 000,133,632 | ---- | M] () -- C:\Users\Annie\Desktop\RKUnhookerLE.EXE
[2011/04/01 19:52:13 | 000,567,047 | ---- | M] () -- C:\Users\Annie\Desktop\Sequoia1_3Install.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 23:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/01/26 01:07:22 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2011/01/26 01:07:22 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2011/01/20 23:02:26 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2011/01/20 23:02:26 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2011/01/26 01:07:22 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/08 10:38:09 | 000,000,402 | -HS- | M] () -- C:\Users\Annie\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/04/12 15:11:49 | 000,000,004 | ---- | M] () -- C:\ProgramData\WBLD.INI

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

Thanks!

janwin7 · 2011/04/05

Extras log

OTL Extras logfile created on: 6/04/2011 0:27:03 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Annie\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000813 | Country: BelgiÃ« | Language: NLB | Date Format: d/MM/yyyy

1.014,00 Mb Total Physical Memory | 424,00 Mb Available Physical Memory | 42,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 49,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 191,78 Gb Total Space | 159,90 Gb Free Space | 83,38% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 2,63 Gb Free Space | 6,57% Space Free | Partition Type: NTFS
Drive E: | 7,41 Gb Total Space | 3,42 Gb Free Space | 46,07% Space Free | Partition Type: FAT32

Computer Name: ANNIE-PC | User Name: Annie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0F1A2E4E-E2EE-4806-B7CE-356D83A3CDEB}" = Windows Live Family Safety
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28191B83-1D60-44B6-9B08-E854EF6632D5}" = Ovi Desktop Sync Engine
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{3FC42713-B6E7-49AA-A553-A224FE9828A8}" = Nokia Ovi Suite
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5158F1F5-FA1B-4D49-B546-55A5004B89BD}" = Microsoft Works
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79214B92-A439-4841-B160-0896E977A383}" = Norman Security Suite
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0413-0000-0000000FF1CE}" = Compatibiliteitspakket voor het 2007 Microsoft Office system
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_HOMESTUDENTR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Dutch)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1043-7B44-A94000000001}" = Adobe Reader 9.4.3 - Nederlands
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD19EDD9-1632-4002-9212-7478E4BA0423}" = Windows Live Sync
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger Sensing Pad Driver
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-stuurprogrammapakket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"755087041320E005CB1E8A67C5C55A260EB81B90" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
"97CEB8209F0BC014131F0864966F5B9C9345570E" = Windows Driver Package - Broadcom Bluetooth (05/27/2009 6.1.7100.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"conduitEngine" = Conduit Engine
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Nokia Ovi Suite" = Nokia Ovi Suite
"SequoiaView" = SequoiaView
"Softonic-Eng7 Toolbar" = Softonic-Eng7 Toolbar
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/03/2011 15:05:16 | Computer Name = Annie-PC | Source = Windows Backup | ID = 4104
Description =

Error - 20/03/2011 15:11:54 | Computer Name = Annie-PC | Source = Windows Backup | ID = 4104
Description =

Error - 27/03/2011 14:35:10 | Computer Name = Annie-PC | Source = Windows Backup | ID = 4104
Description =

Error - 2/04/2011 13:50:12 | Computer Name = Annie-PC | Source = VSS | ID = 8194
Description =

Error - 3/04/2011 10:19:39 | Computer Name = Annie-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: nq3zbl5m.exe, versie: 1.0.15.15570,
tijdstempel: 0x4d86265c Naam van module met fout: nq3zbl5m.exe, versie: 1.0.15.15570,
tijdstempel: 0x4d86265c Uitzonderingscode: 0xc0000005 Foutoffset: 0x0000c676 Id van
proces met fout: 0x145c Starttijd van toepassing met fout: 0x01cbf206c917fe60 Pad
naar toepassing met fout: F:\software\nq3zbl5m.exe Pad naar module met fout: F:\software\nq3zbl5m.exe
Rapport-id:
68aece4e-5dfd-11e0-b6f8-7071bc2da660

Error - 3/04/2011 10:30:02 | Computer Name = Annie-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: oyyn78s0.exe, versie: 1.0.15.15570,
tijdstempel: 0x4d86265c Naam van module met fout: oyyn78s0.exe, versie: 1.0.15.15570,
tijdstempel: 0x4d86265c Uitzonderingscode: 0xc0000005 Foutoffset: 0x0000c676 Id van
proces met fout: 0x9dc Starttijd van toepassing met fout: 0x01cbf20b26baa52f Pad
naar toepassing met fout: F:\software\oyyn78s0.exe Pad naar module met fout: F:\software\oyyn78s0.exe
Rapport-id:
dbcf403f-5dfe-11e0-8294-1c4bd66c613d

Error - 3/04/2011 11:13:03 | Computer Name = Annie-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: gmer.exe, versie: 1.0.15.15570, tijdstempel:
0x4d86265c Naam van module met fout: gmer.exe, versie: 1.0.15.15570, tijdstempel:
0x4d86265c Uitzonderingscode: 0xc0000005 Foutoffset: 0x0000c676 Id van proces met
fout: 0x8c4 Starttijd van toepassing met fout: 0x01cbf211159a7a09 Pad naar toepassing
met fout: C:\Users\Annie\Desktop\gmer\gmer.exe Pad naar module met fout: C:\Users\Annie\Desktop\gmer\gmer.exe
Rapport-id:
de2adb01-5e04-11e0-b7f1-1c4bd66c613d

Error - 3/04/2011 11:39:11 | Computer Name = Annie-PC | Source = Application Hang | ID = 1002
Description = Het programma msnmsgr.exe, versie 15.4.3508.1109 reageert niet meer
op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem
beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum
in het Configuratiescherm. Proces-id: c48 Starttijd: 01cbf210f3582f58 Eindtijd: 0 Toepassingspad:
C:\Program Files\Windows Live\Messenger\msnmsgr.exe Rapport-id: 7b18e93a-5e08-11e0-b7f1-7071bc2da660

Error - 3/04/2011 11:41:15 | Computer Name = Annie-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: wlcomm.exe, versie: 15.4.3508.1109,
tijdstempel: 0x4cda5f30 Naam van module met fout: npipe.dll, versie: 1.0.1.2, tijdstempel:
0x4cd7fd00 Uitzonderingscode: 0xc0000005 Foutoffset: 0x00002879 Id van proces met
fout: 0x114c Starttijd van toepassing met fout: 0x01cbf2158899f20d Pad naar toepassing
met fout: C:\Program Files\Windows Live\Contacts\wlcomm.exe Pad naar module met
fout: C:\Program Files\Norman\npm\bin\npipe.dll Rapport-id: ced8bc67-5e08-11e0-b7f1-7071bc2da660

Error - 3/04/2011 13:04:52 | Computer Name = Annie-PC | Source = Windows Backup | ID = 4104
Description =

[ System Events ]
Error - 3/04/2011 11:08:04 | Computer Name = Annie-PC | Source = Service Control Manager | ID = 7026
Description = De volgende opstartstuurprogramma's zijn niet geladen: cdrom

Error - 3/04/2011 11:39:42 | Computer Name = Annie-PC | Source = DCOM | ID = 10010
Description =

Error - 3/04/2011 16:44:20 | Computer Name = Annie-PC | Source = Service Control Manager | ID = 7026
Description = De volgende opstartstuurprogramma's zijn niet geladen: cdrom

Error - 4/04/2011 1:16:34 | Computer Name = Annie-PC | Source = Service Control Manager | ID = 7011
Description = Time-out (30000 seconden) tijdens het wachten op een reactie op een
transactie van deze service: Netman.

Error - 5/04/2011 6:15:05 | Computer Name = Annie-PC | Source = Service Control Manager | ID = 7026
Description = De volgende opstartstuurprogramma's zijn niet geladen: cdrom

Error - 5/04/2011 6:38:04 | Computer Name = Annie-PC | Source = Service Control Manager | ID = 7030
Description = De PEVSystemStart-service staat aangeduid als een interactieve service.
Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn
toegestaan. Deze service werkt mogelijk niet juist.

Error - 5/04/2011 6:46:00 | Computer Name = Annie-PC | Source = Service Control Manager | ID = 7030
Description = De PEVSystemStart-service staat aangeduid als een interactieve service.
Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn
toegestaan. Deze service werkt mogelijk niet juist.

Error - 5/04/2011 6:54:17 | Computer Name = Annie-PC | Source = Service Control Manager | ID = 7030
Description = De PEVSystemStart-service staat aangeduid als een interactieve service.
Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn
toegestaan. Deze service werkt mogelijk niet juist.

Error - 5/04/2011 13:30:18 | Computer Name = Annie-PC | Source = Service Control Manager | ID = 7011
Description = Time-out (30000 seconden) tijdens het wachten op een reactie op een
transactie van deze service: ShellHWDetection.

Error - 5/04/2011 17:52:30 | Computer Name = Annie-PC | Source = Service Control Manager | ID = 7011
Description = Time-out (30000 seconden) tijdens het wachten op een reactie op een
transactie van deze service: Netman.

< End of report >

Thanks!!

broni · 2011/04/05

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

=====================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O3 - HKU\S-1-5-21-1421142099-3989457265-74788173-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
=====================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

janwin7 · 2011/04/05

OTL log

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1421142099-3989457265-74788173-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Annie
->Temp folder emptied: 5366619 bytes
->Temporary Internet Files folder emptied: 2045299 bytes
->Java cache emptied: 2027 bytes
->Flash cache emptied: 1074 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 68193 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7,00 mb

[EMPTYFLASH]

User: All Users

User: Annie
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04062011_012307

Files\Folders moved on Reboot...
File\Folder C:\Users\Annie\AppData\Local\Temp\~DF12F74F97CEF60DE2.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DF15C7C6EC9DB9F6B5.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DF333D314A88A2CD3F.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DF6AFD91569D69C8C8.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DF6BA6627F3896A03F.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DF6C7E42FF35F1FAD3.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DF779FD43A8E5D1430.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DF93B07960E5336B72.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DF9853716AB5B2494C.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DFA20353240A2F7375.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DFAB2C008AFB8843AE.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DFAE2AE6E578CCF2F6.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DFB02D61884E26FE95.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DFCD85BEB74EB8842E.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DFEA3C356CE14A4261.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DFEBC60539F41C9B7E.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DFF1B958F3A813EAD2.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DFF786F827D1831424.TMP not found!
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QH5BBA73\ads[1].htm moved successfully.
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QH5BBA73\ddc[1].htm moved successfully.
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QH5BBA73\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NMY7JWT\00b42e3a-b809-49b2-b433-cc45b2bc89d33rd_party_BBS[1].htm moved successfully.
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NMY7JWT\drts[1].htm moved successfully.
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NMY7JWT\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NMY7JWT\p-01-0VIaSjnOLg[2].gif moved successfully.
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NMY7JWT\p-01-0VIaSjnOLg[3].gif moved successfully.
File\Folder C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9HECAW2F\ADSAdClient31[1].txt not found!
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9HECAW2F\ads[1].htm moved successfully.
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9HECAW2F\drts[1].htm moved successfully.
File\Folder C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9HECAW2F\messengerscripttracking[1].aspx not found!
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9HECAW2F\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ZSJ63M7\98522-active-logs-dds-mbrcheck-requested[1].html moved successfully.
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ZSJ63M7\drts[1].htm moved successfully.
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ZSJ63M7\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ZSJ63M7\pixel[1].htm moved successfully.
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

janwin7 · 2011/04/05

Security check log

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Norman Security Suite
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.0.42.34
Adobe Reader 9.4.3 - Nederlands
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

broni · 2011/04/05

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

...and Eset...

janwin7 · 2011/04/06

eset on line scanner

No threats were found with the eset on line scanner.
The adobe reader is downloaded and is installing for the last 40 minutes. But it won't finish.
Something is wrong, i don't know what but i will try again.

Thanks for your help.

janwin7 · 2011/04/06

adobe reader

Adobe reader is been installed!

broni · 2011/04/06

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

janwin7 · 2011/04/07

post resulting log otl

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Annie
->Temp folder emptied: 601839546 bytes
->Temporary Internet Files folder emptied: 2589504 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 700 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66276 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 576,00 mb

[EMPTYFLASH]

User: All Users

User: Annie
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04072011_123733

Files\Folders moved on Reboot...
File\Folder C:\Users\Annie\AppData\Local\Temp\~DF049BA7AC7B55EE30.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DF210FAAD97EAE6DDF.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DF2A2A2B12422682DE.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DF2B60305B77E42B9A.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DF2E05BA6EC1536A8D.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DF33A4048EB07BC143.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DF3E24B7CCE8A93BCD.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DF5BD61D1767148DF8.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DF74EE5C34E4B8279A.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DF761D365696868512.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DF7743593317B27EC4.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DF77EC296315B62BCD.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DF7C785F48C5623A10.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DF8F7B008F17FCA229.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DFA5FAA1443E207DA4.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DFA77336614AC5385E.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DFAEEB51BC39B6D5A0.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DFC2B1ADA7BCB4A872.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DFCB48A24FE8D0C9FF.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DFD1A3BE2DCF730505.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DFD8C50810E5B6DDE8.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DFE003E84A4FA24F2F.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DFE02BCD370DF096C1.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Temp\~DFEB73ABAC822EFD09.TMP not found!
File\Folder C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J5T1KQNF\00b42e3a-b809-49b2-b433-cc45b2bc89d33rd_party_BBS[1].htm not found!
File\Folder C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J5T1KQNF\ADSAdClient31[1].txt not found!
File\Folder C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J5T1KQNF\ads[3].htm not found!
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J5T1KQNF\p-01-0VIaSjnOLg[1].gif moved successfully.
File\Folder C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J5T1KQNF\p-01-0VIaSjnOLg[2].gif not found!
File\Folder C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HLQYXFOX\ads[3].htm not found!
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HLQYXFOX\ddc[1].htm moved successfully.
File\Folder C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HLQYXFOX\drts[1].htm not found!
File\Folder C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HLQYXFOX\p-01-0VIaSjnOLg[1].gif not found!
File\Folder C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HLQYXFOX\p-01-0VIaSjnOLg[2].gif not found!
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HLQYXFOX\pixel[1].htm moved successfully.
File\Folder C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G09GKDZ1\ads[1].htm not found!
File\Folder C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G09GKDZ1\ads[2].htm not found!
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G09GKDZ1\drts[1].htm moved successfully.
File\Folder C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G09GKDZ1\messengerscripttracking[1].aspx not found!
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G09GKDZ1\p-01-0VIaSjnOLg[1].gif moved successfully.
File\Folder C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G09GKDZ1\p-01-0VIaSjnOLg[2].gif not found!
File\Folder C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5AXT2P4U\98522-active-logs-dds-mbrcheck-requested-2[1].html not found!
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5AXT2P4U\98522-active-logs-dds-mbrcheck-requested-2[2].html moved successfully.
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5AXT2P4U\cm[1].htm moved successfully.
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5AXT2P4U\drts[1].htm moved successfully.
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5AXT2P4U\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5AXT2P4U\p-01-0VIaSjnOLg[2].gif moved successfully.
File\Folder C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5AXT2P4U\p-01-0VIaSjnOLg[3].gif not found!
C:\Users\Annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

Log in or Sign up

Solved logs of dds,mbrcheck as requested

janwin7 Inactive Thread Starter

janwin7 Inactive Thread Starter

wildfire Getting Old

broni Moderator Malware Analyst

janwin7 Inactive Thread Starter

broni Moderator Malware Analyst

janwin7 Inactive Thread Starter

broni Moderator Malware Analyst

janwin7 Inactive Thread Starter

broni Moderator Malware Analyst

janwin7 Inactive Thread Starter

janwin7 Inactive Thread Starter

broni Moderator Malware Analyst

janwin7 Inactive Thread Starter

janwin7 Inactive Thread Starter

broni Moderator Malware Analyst

janwin7 Inactive Thread Starter

janwin7 Inactive Thread Starter

broni Moderator Malware Analyst

janwin7 Inactive Thread Starter

Share This Page

Log in or Sign up

Solved logs of dds,mbrcheck as requested

janwin7 Inactive Thread Starter

janwin7 Inactive Thread Starter

wildfire Getting Old

broni Moderator Malware Analyst

janwin7 Inactive Thread Starter

broni Moderator Malware Analyst

janwin7 Inactive Thread Starter

broni Moderator Malware Analyst

janwin7 Inactive Thread Starter

broni Moderator Malware Analyst

janwin7 Inactive Thread Starter

janwin7 Inactive Thread Starter

broni Moderator Malware Analyst

janwin7 Inactive Thread Starter

janwin7 Inactive Thread Starter

broni Moderator Malware Analyst

janwin7 Inactive Thread Starter

janwin7 Inactive Thread Starter

broni Moderator Malware Analyst

janwin7 Inactive Thread Starter

Share This Page

Useful Searches