Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Missing windows codec? I don't use Vista...


  • This topic is locked This topic is locked
10 replies to this topic

#1 Thieux

Thieux

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 26 May 2010 - 02:54 AM

Hello bleepingcompter,

Several days ago i removed System Security 2010 from my system. But i think there are some files still on my computer. I cant open the game Oblivion for instance. When i try to open the game a warning pops up telling that a windows codec is missing. I never had this warning before.

I think that i have the same problem as this one: http://www.bleepingcomputer.com/forums/t/315648/requires-a-missing-windows-codec/


I have 2 questions:

1) Is System Security 2010 still on my comnputer?
2) How can i disable the warning?


This is my HiJackThis-log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:39:18, on 26-5-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\USBStorage\USBDetector.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Mouse Driver\StartAutorun.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mouse Driver\KMConfig.exe
C:\Program Files\Mouse Driver\KMProcess.exe
C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\M&M\Mathieu\Anti-virus\AVG\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Mouse Driver\KMWDSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\3.bin\MBSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\5.bin\MORPHBAR.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\3.bin\MBSRCAS.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\5.bin\MORPHBAR.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Studiojusched] C:\program files\java\jre1.6.0_01\bin\jpegjaasnt6.0.10.6.exe
O4 - HKLM\..\Run: [quicktimeresourcesquicktime] c:\program files\quicktime\qtsystem\quicktimempeg.resources\zh_cn.lproj\quicktimeresourcesquicktime.exe
O4 - HKLM\..\Run: [rmidPlatform] c:\program files\java\jre1.6.0_01\bin\jpegjaasnt6.0.10.6.exe
O4 - HKLM\..\RunServices: [AntwoordenGEOTFVC202Macrovision] C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\vCnR.exe
O4 - HKLM\..\RunServices: [dappareilsLive] c:\program files\msn messenger\device manager\loc\12\dappareilslive.exe
O4 - HKLM\..\RunServices: [QuickTimeResourcesQuickTimeResources] c:\program files\quicktime\qtsystem\quicktimempeg.resources\zh_cn.lproj\quicktimeresourcesquicktime.exe
O4 - HKLM\..\RunServices: [SPCOMMONMicrosoft] c:\program files\common files\speechengines\microsoft\speechengine5.1.4111.00.exe
O4 - HKLM\..\RunServices: [Windowsdappareils1.0.5053.0] c:\program files\msn messenger\device manager\loc\12\dappareilslive.exe
O4 - HKLM\..\RunServices: [RevolutioniniAmerican] c:\program files\firaxis games\sid meier's civilization 4\mods\american revolution\americanrevolutionini.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX7000F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKE.EXE /FU "C:\WINDOWS\TEMP\E_SE1F.tmp" /EF "HKCU"
O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218134755490
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1218140241593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: video/x-flv - {08C72DD4-19AD-49f1-83DA-8542B4D302C5} - C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\11A.tmp
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieŰn - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - Unknown owner - C:\WINDOWS\ATKKBService.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - c:\M&M\Mathieu\Anti-virus\AVG\guard.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11618 bytes

Edited by Thieux, 26 May 2010 - 02:54 AM.


BC AdBot (Login to Remove)

 


#2 Thieux

Thieux
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 26 May 2010 - 03:16 AM

OTL logfile created on: 26-5-2010 10:02:10 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Gebruiker\Bureaublad
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1.023,00 Mb Total Physical Memory | 443,00 Mb Available Physical Memory | 43,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 144,93 Gb Free Space | 48,62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 4,18 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
I: Drive not present or media not loaded

Computer Name: NIJ
Current User Name: Gebruiker
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-05-26 09:40:48 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gebruiker\Bureaublad\OTL.exe
PRC - [2010-04-26 19:13:25 | 000,531,440 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010-04-03 12:12:29 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-03-19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009-10-29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009-10-27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009-09-16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009-09-16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009-07-10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009-07-08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009-07-07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009-01-23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008-04-14 19:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-11-01 15:26:04 | 000,327,680 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\KMProcess.exe
PRC - [2007-09-11 01:34:36 | 000,401,408 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\KMCONFIG.exe
PRC - [2007-09-07 23:22:24 | 000,204,800 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\KMWDSrv.exe
PRC - [2007-03-06 15:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\StartAutorun.exe
PRC - [2006-09-28 16:13:20 | 000,204,800 | ---- | M] (Anti-Malware Development a.s.) -- c:\M&M\Mathieu\Anti-virus\AVG\guard.exe
PRC - [2005-08-11 15:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003-04-01 11:33:00 | 000,053,248 | ---- | M] (ali) -- C:\USBStorage\USBDetector.exe


========== Modules (SafeList) ==========

MOD - [2010-05-26 09:40:48 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gebruiker\Bureaublad\OTL.exe
MOD - [2009-01-23 10:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008-04-14 19:01:18 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ATKKeyboardService)
SRV - [2010-03-19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009-10-27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009-09-16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009-09-16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009-09-16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009-07-10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009-07-08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009-07-07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009-01-23 10:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2007-09-07 23:22:24 | 000,204,800 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files\Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2007-01-19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006-09-28 16:13:20 | 000,204,800 | ---- | M] (Anti-Malware Development a.s.) [Auto | Running] -- c:\M&M\Mathieu\Anti-virus\AVG\guard.exe -- (AVG Anti-Spyware Guard)


========== Driver Services (SafeList) ==========

DRV - [2009-09-16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009-09-16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009-09-16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009-09-16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009-09-16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009-07-16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009-06-16 18:15:52 | 005,095,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009-06-10 06:03:00 | 008,087,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008-04-13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008-04-13 18:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-11-13 15:48:46 | 000,071,720 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pnp680.sys -- (Pnp680)
DRV - [2007-07-12 10:03:42 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2007-07-12 10:03:38 | 000,012,288 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2006-09-28 16:13:34 | 000,004,096 | ---- | M] () [Kernel | System | Running] -- c:\M&M\Mathieu\Anti-virus\AVG\guard.sys -- (AVG Anti-Spyware Driver)
DRV - [2006-09-05 18:03:16 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)
DRV - [2005-09-30 12:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005-07-27 17:25:28 | 000,077,056 | ---- | M] (Unibrain S.A.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ubohci.sys -- (ubohci)
DRV - [2005-07-27 17:25:28 | 000,036,352 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\UBUMAPI.sys -- (ubumapi)
DRV - [2005-07-27 17:25:28 | 000,014,080 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\UBSBM.sys -- (ubsbm)
DRV - [2005-01-07 18:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2002-05-31 18:35:02 | 000,076,976 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pnp680r.sys -- (pnp680r)
DRV - [2001-08-17 20:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
IE - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\..\URLSearchHook: {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\3.bin\MBSRCAS.DLL (Morpheus)
IE - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.nl/"
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: multipletab@piro.sakura.ne.jp:0.5.2010043001
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:0.3.2
FF - prefs.js..extensions.enabledItems: {13b4437e-b706-11dc-8314-0800200c9a66}:1.36.20100303

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010-03-04 01:51:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-12 15:41:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-03 12:12:36 | 000,000,000 | ---D | M]

[2010-01-17 15:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Extensions
[2010-01-17 15:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010-05-25 16:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions
[2010-03-29 14:53:19 | 000,000,000 | ---D | M] (Simple Green) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\{13b4437e-b706-11dc-8314-0800200c9a66}
[2010-05-22 20:58:13 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2008-06-28 10:28:06 | 000,000,000 | ---D | M] (Map+) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\{5359A5B3-9AFD-49ee-8C39-0A8F97A2A2D6}
[2009-12-19 14:05:05 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010-05-22 20:58:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2010-04-13 16:04:50 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009-12-12 21:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\firefox@tvunetworks.com
[2010-05-22 20:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\multipletab@piro.sakura.ne.jp
[2010-01-28 18:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\piclens@cooliris.com
[2010-05-22 20:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\tabscope@xuldev.org
[2010-03-29 14:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\{13b4437e-b706-11dc-8314-0800200c9a66}\chrome\mozapps\extensions
[2010-03-29 14:53:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\{13b4437e-b706-11dc-8314-0800200c9a66}\chrome\mozapps\extensionsO
[2008-03-24 18:13:35 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\searchplugins\siteadvisor.xml
[2010-05-25 16:50:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007-09-03 20:00:55 | 000,024,576 | ---- | M] (StreamCast Networks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPMorpBr.dll
[2010-03-12 00:02:38 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010-03-12 00:02:38 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010-03-12 00:02:38 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010-03-12 00:02:38 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2010-03-24 11:17:26 | 000,001,106 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2005-10-09 12:58:08 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MorpheusToolbar BHO) - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\5.bin\MORPHBAR.DLL (Morpheus)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\nl\msntb.dll (Microsoft Corporation)
O2 - BHO: () - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\3.bin\MBSRCAS.DLL (Morpheus)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Morpheus Toolbar) - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\5.bin\MORPHBAR.DLL (Morpheus)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\nl\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\..\Toolbar\WebBrowser: (Morpheus Toolbar) - {3F3714A9-89A4-46BE-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\5.bin\MORPHBAR.DLL (Morpheus)
O3 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\nl\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [quicktimeresourcesquicktime] c:\program files\quicktime\qtsystem\quicktimempeg.resources\zh_cn.lproj\quicktimeresourcesquicktime.exe File not found
O4 - HKLM..\Run: [rmidPlatform] c:\program files\java\jre1.6.0_01\bin\jpegjaasnt6.0.10.6.exe File not found
O4 - HKLM..\Run: [Studiojusched] C:\program files\java\jre1.6.0_01\bin\jpegjaasnt6.0.10.6.exe File not found
O4 - HKLM..\Run: [USBDetector] C:\USBStorage\USBDetector.exe (ali)
O4 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004..\Run: [EPSON Stylus DX7000F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\RunServices: [AntwoordenGEOTFVC202Macrovision] C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\vCnR.exe File not found
O4 - HKLM..\RunServices: [dappareilsLive] c:\program files\msn messenger\device manager\loc\12\dappareilslive.exe File not found
O4 - HKLM..\RunServices: [QuickTimeResourcesQuickTimeResources] c:\program files\quicktime\qtsystem\quicktimempeg.resources\zh_cn.lproj\quicktimeresourcesquicktime.exe File not found
O4 - HKLM..\RunServices: [RevolutioniniAmerican] c:\program files\firaxis games\sid meier's civilization 4\mods\american revolution\americanrevolutionini.exe File not found
O4 - HKLM..\RunServices: [SPCOMMONMicrosoft] c:\program files\common files\speechengines\microsoft\speechengine5.1.4111.00.exe File not found
O4 - HKLM..\RunServices: [Windowsdappareils1.0.5053.0] c:\program files\msn messenger\device manager\loc\12\dappareilslive.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: none = C:\Program Files\Video ActiveX Object\pmsngr.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1218134755490 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1218140241593 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\video/x-flv {08C72DD4-19AD-49f1-83DA-8542B4D302C5} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - File not found
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - c:\M&M\Mathieu\Anti-virus\AVG\shellexecutehook.dll (Anti-Malware Development a.s.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005-10-06 19:59:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005-11-21 19:26:21 | 000,000,057 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{337b34cc-c082-11de-bee8-00115be25f25}\Shell\AutoRun\command - "" = I:\Setup.exe -- File not found
O33 - MountPoints2\{383c7251-95ac-11da-865a-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{383c7251-95ac-11da-865a-806d6172696f}\Shell\AutoRun\command - "" = G:\start.exe -- File not found
O33 - MountPoints2\{5726ca66-b9bc-11de-bee0-00115be25f25}\Shell - "" = AutoRun
O33 - MountPoints2\{5726ca66-b9bc-11de-bee0-00115be25f25}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpReg: 5vc1jnuvc54g - hkey= - key= - C:\Documents and Settings\Gebruiker\Local Settings\Temp\m.2A4.tmp.exe File not found
MsConfig - StartUpReg: Desktop Security 2010 - hkey= - key= - C:\Documents and Settings\Gebruiker\Application Data\Desktop Security 2010\Desktop Security 2010.exe File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: MacrovisionEurope - hkey= - key= - C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\vCnR.exe File not found
MsConfig - StartUpReg: RevolutioniniAmerican - hkey= - key= - c:\program files\firaxis games\sid meier's civilization 4\mods\american revolution\americanrevolutionini.exe File not found
MsConfig - StartUpReg: SecurityCenter - hkey= - key= - C:\Documents and Settings\Gebruiker\Application Data\Desktop Security 2010\securitycenter.exe File not found
MsConfig - StartUpReg: vcnr - hkey= - key= - c:\docume~1\gebrui~1\locals~1\temp\vcnr.exe File not found
MsConfig - StartUpReg: WindowsLive - hkey= - key= - c:\program files\msn messenger\device manager\loc\12\dappareilslive.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamische HTML met gegevensbinding voor Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Geavanceerd bewerken
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Beveiligingsupdate voor Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webmappen
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taakplanner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corp.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.ffds - ff_vfw.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.xvid - xvidvfw.dll File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008-08-07 20:34:18 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010-05-26 09:40:48 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gebruiker\Bureaublad\OTL.exe
[2010-05-26 09:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-05-15 16:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Wowhead
[2010-05-03 18:39:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gebruiker\Onlangs geopend
[2010-05-03 18:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gebruiker\Application Data\Desktop Security 2010
[2010-05-03 18:01:54 | 000,000,000 | ---D | C] -- C:\Avenger
[2010-05-03 06:14:51 | 000,047,104 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Gebruiker\Bureaublad\ATF-Cleaner.exe
[2010-05-03 04:20:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gebruiker\Application Data\Malwarebytes
[2010-05-03 04:20:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-05-03 04:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010-05-03 04:20:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-05-03 04:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-05-03 04:19:27 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gebruiker\Bureaublad\mbam-setup(2).exe
[2010-05-03 04:18:49 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gebruiker\Bureaublad\mbam-setup.exe
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-05-26 10:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010-05-26 10:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010-05-26 09:40:48 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gebruiker\Bureaublad\OTL.exe
[2010-05-26 09:39:08 | 000,002,461 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\HiJackThis.lnk
[2010-05-26 09:39:00 | 000,001,150 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1960408961-682003330-1004UA.job
[2010-05-26 09:38:06 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\HiJackThis.msi
[2010-05-26 09:22:23 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-05-26 09:21:59 | 000,030,699 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010-05-26 09:21:16 | 000,126,276 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-05-26 09:21:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-05-26 09:21:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-05-26 09:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010-05-26 09:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010-05-26 08:57:11 | 000,508,910 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2010-05-26 08:57:11 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-05-26 08:57:11 | 000,090,586 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2010-05-26 08:57:10 | 001,126,308 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-05-26 08:57:10 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-05-26 08:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010-05-26 08:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010-05-26 00:22:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010-05-25 23:39:04 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1960408961-682003330-1004Core.job
[2010-05-25 23:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010-05-25 23:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010-05-25 22:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010-05-25 22:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010-05-25 21:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010-05-25 21:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010-05-25 20:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010-05-25 20:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010-05-25 19:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010-05-25 19:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010-05-25 18:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010-05-25 18:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010-05-25 17:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010-05-25 17:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010-05-23 00:50:59 | 006,557,696 | ---- | M] () -- C:\Documents and Settings\Gebruiker\NTUSER.DAT
[2010-05-23 00:50:59 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Gebruiker\ntuser.ini
[2010-05-23 00:47:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010-05-21 07:51:15 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Lieve Oma.doc
[2010-05-21 07:01:37 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Uitvaart Oma intro.doc
[2010-05-21 07:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010-05-21 07:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010-05-19 16:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010-05-19 16:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010-05-19 15:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010-05-19 15:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010-05-19 14:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010-05-19 14:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010-05-19 13:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010-05-19 13:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010-05-19 12:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010-05-19 12:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010-05-19 11:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010-05-19 11:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010-05-19 06:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010-05-19 06:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010-05-19 05:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010-05-19 05:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010-05-19 04:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010-05-19 04:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010-05-19 03:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010-05-19 03:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010-05-19 02:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010-05-19 02:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010-05-19 01:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010-05-19 01:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010-05-18 07:01:35 | 000,003,902 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010-05-15 17:08:41 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010-05-15 16:57:03 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Wowhead Client.lnk
[2010-05-15 16:52:48 | 000,410,265 | -H-- | M] () -- C:\treeinfo.wc
[2010-05-15 16:44:18 | 000,120,834 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Wowhead_Client.zip
[2010-05-05 22:01:37 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Adobe Reader 8.lnk
[2010-05-03 18:54:46 | 000,164,981 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\92969206.jpg
[2010-05-03 18:53:02 | 000,128,520 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\92968602.jpg
[2010-05-03 18:43:08 | 000,011,800 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Mijn documenten\cc_20100503_184258.reg
[2010-05-03 18:23:11 | 000,000,566 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-05-03 18:23:11 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-05-03 18:23:11 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010-05-03 04:20:34 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2010-05-03 04:19:35 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gebruiker\Bureaublad\mbam-setup(2).exe
[2010-05-03 04:18:54 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gebruiker\Bureaublad\mbam-setup.exe
[2010-05-01 01:20:15 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-05-26 09:38:37 | 000,002,461 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\HiJackThis.lnk
[2010-05-26 09:38:04 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\HiJackThis.msi
[2010-05-21 06:34:42 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Uitvaart Oma intro.doc
[2010-05-19 12:14:47 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Lieve Oma.doc
[2010-05-15 16:57:03 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Wowhead Client.lnk
[2010-05-15 16:44:11 | 000,120,834 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Wowhead_Client.zip
[2010-05-05 22:01:36 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Adobe Reader 8.lnk
[2010-05-03 18:54:46 | 000,164,981 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\92969206.jpg
[2010-05-03 18:53:01 | 000,128,520 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\92968602.jpg
[2010-05-03 18:43:00 | 000,011,800 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Mijn documenten\cc_20100503_184258.reg
[2010-05-03 04:20:34 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2009-07-19 21:46:41 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009-07-12 19:03:10 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2009-07-12 19:03:10 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2009-06-10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-06-10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-06-10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009-06-10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009-06-03 17:33:03 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009-04-22 13:05:02 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008-12-18 12:45:07 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008-12-06 15:36:13 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008-12-03 16:25:04 | 000,000,330 | ---- | C] () -- C:\WINDOWS\MENSA.INI
[2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-07-19 15:39:37 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008-05-18 00:32:36 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008-02-19 23:49:45 | 000,000,063 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008-01-31 21:59:05 | 000,000,127 | ---- | C] () -- C:\WINDOWS\gkerde3d.INI
[2007-12-27 18:38:56 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007-12-27 17:59:41 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX7000FEFDG.ini
[2007-11-19 17:11:19 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007-09-06 20:11:48 | 003,345,408 | ---- | C] () -- C:\WINDOWS\System32\avcodec-51.dll
[2007-09-06 20:11:48 | 000,448,512 | ---- | C] () -- C:\WINDOWS\System32\avformat-50.dll
[2007-09-06 20:11:48 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\avutil-49.dll
[2007-08-25 23:22:12 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2007-06-28 18:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007-06-24 11:25:38 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2007-05-05 17:19:21 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2006-12-14 14:55:33 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006-12-14 14:51:17 | 000,000,317 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006-12-11 15:32:50 | 000,003,554 | ---- | C] () -- C:\WINDOWS\ReaderString.ini
[2006-12-11 15:30:10 | 000,000,037 | ---- | C] () -- C:\WINDOWS\sunkist.ini
[2006-10-22 17:47:20 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2006-08-15 09:28:44 | 000,150,016 | ---- | C] () -- C:\WINDOWS\CRLASP95.DLL
[2006-08-15 09:28:23 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\NCSPI8EN.DLL
[2006-08-15 09:28:16 | 000,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL
[2006-08-15 09:28:16 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
[2006-04-08 19:56:29 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006-02-21 10:47:40 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006-02-21 10:47:40 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006-02-21 10:47:40 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006-02-13 12:09:26 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006-02-05 04:33:16 | 000,000,502 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006-02-04 21:53:59 | 000,003,902 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2005-10-09 10:51:36 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\dfbcdcaff3_g.dll
[2005-10-09 10:47:55 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\dfbcdcaff3_d.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004-08-04 14:00:00 | 018,788,859 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008-08-07 21:11:34 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008-08-07 21:11:34 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004-08-04 14:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004-08-04 14:00:00 | 018,788,859 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008-08-07 21:11:34 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-08-07 21:11:34 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008-04-14 19:02:25 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=CA64B9406EEDA4FFA2DAEAE1DABCCE42 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-14 19:02:25 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=CA64B9406EEDA4FFA2DAEAE1DABCCE42 -- C:\WINDOWS\system32\eventlog.dll
[2004-08-04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=F1720914CAB06FDE4BE250E3767713CF -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004-08-04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=B3FDAC7A518B6B684BEFE792DC1DC560 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008-04-14 19:02:33 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E6A7071DF6855AB7CCCC220AC3AAD087 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008-04-14 19:02:33 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E6A7071DF6855AB7CCCC220AC3AAD087 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008-04-14 19:02:39 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=0E3B585761E23C1E35442E972B7E45F9 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008-04-14 19:02:39 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=0E3B585761E23C1E35442E972B7E45F9 -- C:\WINDOWS\system32\scecli.dll
[2004-08-04 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=5AE934F6837B5A583DED535C4BE5A804 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008-08-07 22:23:52 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008-08-07 20:16:47 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2008-08-07 22:23:52 | 045,875,200 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008-08-07 22:23:54 | 005,242,880 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
< End of report >


OTL Extras logfile created on: 26-5-2010 10:02:11 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Gebruiker\Bureaublad
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1.023,00 Mb Total Physical Memory | 443,00 Mb Available Physical Memory | 43,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 144,93 Gb Free Space | 48,62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 4,18 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
I: Drive not present or media not loaded

Computer Name: NIJ
Current User Name: Gebruiker
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Morpheus\Morpheus.exe" = C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:M5Shell -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat" = C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat:*:Enabled:The Battle for Middle-earth ™ -- ()
"C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat" = C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat:*:Enabled:The Battle for Middle-earth™ II -- (Electronic Arts Inc.)
"C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat" = C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-king -- (Electronic Arts Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Games\MagicGathering\Magic\Manalink.exe" = C:\Program Files\Games\MagicGathering\Magic\Manalink.exe:*:Enabled:manalink -- (MicroProse Software, Inc.)
"C:\Program Files\Microsoft Games\Rise of Nations\rise.exe" = C:\Program Files\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.)
"C:\Program Files\Microsoft Games\Rise of Nations\nations.exe" = C:\Program Files\Microsoft Games\Rise of Nations\nations.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.)
"C:\Program Files\Ubisoft\SilentHunterIII\sh3.exe" = C:\Program Files\Ubisoft\SilentHunterIII\sh3.exe:*:Enabled:Silent Hunter III -- File not found
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe" = C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942 -- ()
"C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (IGN Entertainment, Inc.)
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire 4.18.8 -- (Lime Wire, LLC)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\The Creative Assembly\Rome - Total War\RomeTW.exe" = C:\Program Files\The Creative Assembly\Rome - Total War\RomeTW.exe:*:Enabled:Rome: Total War -- File not found
"C:\Program Files\Red Storm Entertainment\Ghost Recon\GhostRecon.exe" = C:\Program Files\Red Storm Entertainment\Ghost Recon\GhostRecon.exe:*:Enabled:GhostRecon -- ()
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe" = C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient -- File not found
"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService -- File not found
"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService -- File not found
"C:\Program Files\World of Warcraft Trial\Launcher.exe" = C:\Program Files\World of Warcraft Trial\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe" = C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe:*:Enabled:bfvietnam -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15e13d3b-4b57-4f68-9ba4-5d86c0931833}" = Pixia
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = SkypeÖ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth ™ II
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35D027A4-57BA-4E59-94DB-DFB36FFFDC1E}" = Remote Desktop Connection
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = The Battle for Middle-earth ™
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{5BDAEFB5-1FF6-45DA-AD07-910CD7F4B5EF}" = Microsoft DirectX SDK (April 2007)
"{5E09E82C-004D-4F08-B051-46DE6D79F71A}" = Microsoft Visual C++ Redist - ENU
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6E298B0A-558C-4138-0096-740677B382CD}" = LOTR The Return of the King tm
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{782A8AEE-0722-4E08-BB72-34C218CF166B}" = Uniblue PowerSuite 2009
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90110413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Editie 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Editie 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9641FD7C-CA09-48B7-BD42-91AA8EF12685}" = Mouse Driver
"{97EEEC00-A1C4-40BA-869E-F569EC876766}" = Oblivion Face Exchange Lite
"{9816B8B8-4B53-4D3D-9235-AD931252001D}" = Windows Live Messenger
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0BCF90F-B4E4-435C-A48D-8FAAE10554F9}" = Pixia
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AFAF626C-D2E6-455C-9A5A-ACDF049A6168}" = ASUS nVidia Driver
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B6AC3560-D98B-4DC5-8DF3-D420584DD69E}" = ATI Catalyst Control Center
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{BE155E06-610E-11D6-902F-0003476A1D2A}" = ThinPrint Client Win32
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{CAB16BAD-6BEA-4039-85B3-AD0A066BC0EF}" = FPA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster for Battlefield Vietnam
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare-software
"{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}" = Ghost Recon
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam™
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}" = ubCore
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FC123EEA-330A-4685-911C-95B8F5E9DE68}" = Thief - Deadly Shadows
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"7-Zip" = 7-Zip 4.65
"Aangifte inkomstenbelasting 2007" = Aangifte inkomstenbelasting 2007
"Aangifte inkomstenbelasting 2008" = Aangifte inkomstenbelasting 2008
"Aangifte inkomstenbelasting 2009" = Aangifte inkomstenbelasting 2009
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ArcExplorer--Java Edition for Education" = ArcExplorer--Java Edition for Education
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"BTmod" = Oblivion - BTmod 2.20
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DriverAgent.exe" = DriverAgent by TouchStone Software
"EPSON Printer and Utilities" = EPSON-printersoftware
"EPSON Scanner" = EPSON Scan
"ESCX6900F_DX7000F Gebr. handl." = ESCX6900F_DX7000F Gebr. handl.
"FPA" = FPA 4.12.05
"Francesco's leveled creatures-items mod_is1" = Francesco's leveled creatures-items mod 4.5b
"Francesco's optional new items/creatures_is1" = Francesco's optional new items/creatures 4.5
"GameSpy Arcade" = GameSpy Arcade
"GemistDownloader" = GemistDownloader
"Hema Album Software Advanced_is1" = Hema Album Software Advanced
"HijackThis" = HijackThis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Indeo« Software" = Indeo« Software
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{BE155E06-610E-11D6-902F-0003476A1D2A}" = ThinPrint Client Win32
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"InstallShield_{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}" = ubCore
"LimeWire" = LimeWire 5.4.6
"Lords of Magic" = Lords of Magic
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapWindow GIS_is1" = MapWindow GIS
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"MorpheusToolbar Uninstall" = Morpheus Toolbar
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Toolbar" = MSN Toolbar
"Natural Resources Database_is1" = NRDB Pro
"NEC DISPLAY SOLUTIONS Drivers" = NEC DISPLAY SOLUTIONS: Monitor Installer
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nuria_is1" = Nuria 3.3
"NVIDIA Drivers" = NVIDIA Drivers
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"Operation Optimization_is1" = Operation Optimization v1.1.1
"PhotoFiltre" = PhotoFiltre
"PixelPerfect_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1" = Uniblue PixelPerfect
"psyco-py2.5" = Python 2.5 psyco-1.6
"pywin32-py2.5" = Python 2.5 pywin32-212
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"SaddleBag" = Oblivion - SaddleBag (remove only)
"SWF & FLV Toolbox_is1" = SWF & FLV Toolbox 3.5 (build 3.5.13.199)
"System Tweaker_is1" = Uniblue System Tweaker
"Thief2DeinstallKey" = Thief 2
"ThiefDeinstallKey" = Thief:The Dark Project
"Total Video Player 1.20_is1" = Total Video Player 1.20
"Totalcmd" = Total Commander (Remove or Repair)
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"Uniblue PowerSuite 2009" = Uniblue PowerSuite 2009
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"Unofficial Oblivion Patch_is1" = Unofficial Oblivion Patch v3.2.0
"Verzoek of wijziging voorlopige aanslag 2009" = Verzoek of wijziging voorlopige aanslag 2009
"Verzoek of wijziging voorlopige aanslag 2010" = Verzoek of wijziging voorlopige aanslag 2010
"Verzoek voorlopige teruggaaf 2008" = Verzoek voorlopige teruggaaf 2008
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WinBank_is1" = WinBank Versie 1.7.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wolf2007" = Wolf2007
"World of Warcraft" = World of Warcraft
"wxPython2.8-ansi-py25_is1" = wxPython 2.8.7.1 (ansi) for Python 2.5
"xvid" = XviD MPEG-4 Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19-5-2010 17:25:08 | Computer Name = NIJ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4390

Error - 19-5-2010 17:25:10 | Computer Name = NIJ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 19-5-2010 17:25:10 | Computer Name = NIJ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6344

Error - 19-5-2010 17:25:10 | Computer Name = NIJ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6344

Error - 19-5-2010 17:25:12 | Computer Name = NIJ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 19-5-2010 17:25:12 | Computer Name = NIJ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8297

Error - 19-5-2010 17:25:12 | Computer Name = NIJ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8297

Error - 21-5-2010 0:14:29 | Computer Name = NIJ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 21-5-2010 0:14:29 | Computer Name = NIJ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 110964703

Error - 21-5-2010 0:14:29 | Computer Name = NIJ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 110964703

[ System Events ]
Error - 26-5-2010 2:00:00 | Computer Name = NIJ | Source = Schedule | ID = 7901
Description = Kan de opdracht At9.job niet starten vanwege de volgende fout: %%2147942402

Error - 26-5-2010 2:53:26 | Computer Name = NIJ | Source = DCOM | ID = 10010
Description = De server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} heeft zich binnen
de vereiste termijn niet bij DCOM geregistreerd.

Error - 26-5-2010 2:54:04 | Computer Name = NIJ | Source = Service Control Manager | ID = 7000
Description = De ATK Keyboard Service-service kan vanwege de volgende fout niet
worden gestart: %%2

Error - 26-5-2010 3:00:00 | Computer Name = NIJ | Source = Schedule | ID = 7901
Description = Kan de opdracht At10.job niet starten vanwege de volgende fout: %%2147942402

Error - 26-5-2010 3:00:00 | Computer Name = NIJ | Source = Schedule | ID = 7901
Description = Kan de opdracht At34.job niet starten vanwege de volgende fout: %%2147942402

Error - 26-5-2010 3:02:02 | Computer Name = NIJ | Source = Service Control Manager | ID = 7031
Description = De Mobiel Apple apparaat-service is onverwacht gestopt. Dit is 1 keer
gebeurd. De volgende herstelbewerking zal over 60000 milliseconden worden uitgevoerd:
Service opnieuw starten.

Error - 26-5-2010 3:06:47 | Computer Name = NIJ | Source = DCOM | ID = 10005
Description = DCOM kreeg foutmelding '%1058' bij het starten van de wuauserv-service
met de argumenten '' om de server {E60687F7-01A1-40AA-86AC-DB1CBF673334} te starten

Error - 26-5-2010 3:22:48 | Computer Name = NIJ | Source = Service Control Manager | ID = 7000
Description = De ATK Keyboard Service-service kan vanwege de volgende fout niet
worden gestart: %%2

Error - 26-5-2010 4:00:00 | Computer Name = NIJ | Source = Schedule | ID = 7901
Description = Kan de opdracht At11.job niet starten vanwege de volgende fout: %%2147942402

Error - 26-5-2010 4:00:00 | Computer Name = NIJ | Source = Schedule | ID = 7901
Description = Kan de opdracht At35.job niet starten vanwege de volgende fout: %%2147942402


< End of report >

#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:59 PM

Posted 28 May 2010 - 05:52 AM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have
since resolved your issues I would appreciate if you would let me no so I can close this topic.


Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.



Once you have run them scans please run OTL again and post back with the new log.


Then please post back here with the following:
  • MBAM log
  • Gmer log
  • New OTL log

Thanks

unite.jpg


#4 Thieux

Thieux
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 28 May 2010 - 01:10 PM

Thank you for the help.

I did the the following:

* MBAM scan
* Gmer scan
* New OTL scan

I tried to scan Gmer two times and both times the system crashed after a 60+ minute scan. sad.gif
That's why a have no Gmer result, but i do have the logs files of MBAM and OTL.

The problems i had are now gone, though. I can start the game Oblivion and iTunes again.

If you think i should do something more, please let me know.

Again thnx for your help!
Regards,
Thieux

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Databaseversie: 4151

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28-5-2010 18:34:29
mbam-log-2010-05-28 (18-34-29).txt

Scantype: Snelle scan
Objecten gescand: 121677
Verstreken tijd: 10 minuut/minuten, 29 seconde(n)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 0
Registerwaarden ge´nfecteerd: 0
Registerdata ge´nfecteerd: 0
Mappen ge´nfecteerd: 1
Bestanden ge´nfecteerd: 8

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen ge´nfecteerd:
C:\Documents and Settings\Gebruiker\Application Data\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

Bestanden ge´nfecteerd:
C:\Documents and Settings\Gebruiker\Local Settings\Temp\11A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gebruiker\Application Data\Desktop Security 2010\mfc71.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gebruiker\Application Data\Desktop Security 2010\MFC71ENU.DLL (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gebruiker\Application Data\Desktop Security 2010\msvcp71.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gebruiker\Application Data\Desktop Security 2010\msvcr71.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gebruiker\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop Security 2010.LNK (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gebruiker\Local Settings\Temp\test.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gebruiker\Local Settings\Temp\wrfwe_di.exe (Trojan.Downloader) -> Quarantined and deleted successfully.





OTL logfile created on: 28-5-2010 19:57:45 - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Gebruiker\Bureaublad
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1.023,00 Mb Total Physical Memory | 784,00 Mb Available Physical Memory | 77,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 143,88 Gb Free Space | 48,27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 4,18 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
I: Drive not present or media not loaded

Computer Name: NIJ
Current User Name: Gebruiker
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-05-26 09:40:48 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gebruiker\Bureaublad\OTL.exe
PRC - [2010-03-19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009-10-29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009-10-27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009-09-16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009-09-16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009-07-10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009-07-08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009-07-07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009-01-23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008-04-14 19:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-11-01 15:26:04 | 000,327,680 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\KMProcess.exe
PRC - [2007-09-11 01:34:36 | 000,401,408 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\KMCONFIG.exe
PRC - [2007-09-07 23:22:24 | 000,204,800 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\KMWDSrv.exe
PRC - [2007-03-06 15:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\StartAutorun.exe
PRC - [2006-09-28 16:13:20 | 000,204,800 | ---- | M] (Anti-Malware Development a.s.) -- c:\M&M\Mathieu\Anti-virus\AVG\guard.exe
PRC - [2005-08-11 15:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003-04-01 11:33:00 | 000,053,248 | ---- | M] (ali) -- C:\USBStorage\USBDetector.exe


========== Modules (SafeList) ==========

MOD - [2010-05-26 09:40:48 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gebruiker\Bureaublad\OTL.exe
MOD - [2009-01-23 10:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008-04-14 19:01:18 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ATKKeyboardService)
SRV - [2010-03-19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009-10-27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009-09-16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009-09-16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009-09-16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009-07-10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009-07-08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009-07-07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009-01-23 10:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2007-09-07 23:22:24 | 000,204,800 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files\Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2007-01-19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006-09-28 16:13:20 | 000,204,800 | ---- | M] (Anti-Malware Development a.s.) [Auto | Running] -- c:\M&M\Mathieu\Anti-virus\AVG\guard.exe -- (AVG Anti-Spyware Guard)


========== Driver Services (SafeList) ==========

DRV - [2009-09-16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009-09-16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009-09-16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009-09-16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009-09-16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009-07-16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009-06-16 18:15:52 | 005,095,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009-06-10 06:03:00 | 008,087,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008-04-13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008-04-13 18:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-11-13 15:48:46 | 000,071,720 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pnp680.sys -- (Pnp680)
DRV - [2007-07-12 10:03:42 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2007-07-12 10:03:38 | 000,012,288 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2006-09-28 16:13:34 | 000,004,096 | ---- | M] () [Kernel | System | Running] -- c:\M&M\Mathieu\Anti-virus\AVG\guard.sys -- (AVG Anti-Spyware Driver)
DRV - [2006-09-05 18:03:16 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)
DRV - [2005-09-30 12:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005-07-27 17:25:28 | 000,077,056 | ---- | M] (Unibrain S.A.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ubohci.sys -- (ubohci)
DRV - [2005-07-27 17:25:28 | 000,036,352 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\UBUMAPI.sys -- (ubumapi)
DRV - [2005-07-27 17:25:28 | 000,014,080 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\UBSBM.sys -- (ubsbm)
DRV - [2005-01-07 18:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2002-05-31 18:35:02 | 000,076,976 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pnp680r.sys -- (pnp680r)
DRV - [2001-08-17 20:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
IE - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\..\URLSearchHook: {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\3.bin\MBSRCAS.DLL (Morpheus)
IE - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.nl/"
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: multipletab@piro.sakura.ne.jp:0.5.2010043001
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:0.3.2
FF - prefs.js..extensions.enabledItems: {13b4437e-b706-11dc-8314-0800200c9a66}:1.36.20100303

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010-03-04 01:51:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-12 15:41:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-03 12:12:36 | 000,000,000 | ---D | M]

[2010-01-17 15:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Extensions
[2010-01-17 15:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010-05-28 18:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions
[2010-03-29 14:53:19 | 000,000,000 | ---D | M] (Simple Green) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\{13b4437e-b706-11dc-8314-0800200c9a66}
[2010-05-22 20:58:13 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2008-06-28 10:28:06 | 000,000,000 | ---D | M] (Map+) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\{5359A5B3-9AFD-49ee-8C39-0A8F97A2A2D6}
[2009-12-19 14:05:05 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010-04-13 16:04:50 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009-12-12 21:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\firefox@tvunetworks.com
[2010-05-22 20:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\multipletab@piro.sakura.ne.jp
[2010-01-28 18:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\piclens@cooliris.com
[2010-05-22 20:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\tabscope@xuldev.org
[2010-03-29 14:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\{13b4437e-b706-11dc-8314-0800200c9a66}\chrome\mozapps\extensions
[2010-03-29 14:53:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\{13b4437e-b706-11dc-8314-0800200c9a66}\chrome\mozapps\extensionsO
[2008-03-24 18:13:35 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\searchplugins\siteadvisor.xml
[2010-05-28 18:26:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007-09-03 20:00:55 | 000,024,576 | ---- | M] (StreamCast Networks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPMorpBr.dll
[2010-03-12 00:02:38 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010-03-12 00:02:38 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010-03-12 00:02:38 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010-03-12 00:02:38 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2010-03-24 11:17:26 | 000,001,106 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2005-10-09 12:58:08 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MorpheusToolbar BHO) - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\5.bin\MORPHBAR.DLL (Morpheus)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\nl\msntb.dll (Microsoft Corporation)
O2 - BHO: () - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\3.bin\MBSRCAS.DLL (Morpheus)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Morpheus Toolbar) - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\5.bin\MORPHBAR.DLL (Morpheus)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\nl\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\..\Toolbar\WebBrowser: (Morpheus Toolbar) - {3F3714A9-89A4-46BE-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\5.bin\MORPHBAR.DLL (Morpheus)
O3 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\nl\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [quicktimeresourcesquicktime] c:\program files\quicktime\qtsystem\quicktimempeg.resources\zh_cn.lproj\quicktimeresourcesquicktime.exe File not found
O4 - HKLM..\Run: [rmidPlatform] c:\program files\java\jre1.6.0_01\bin\jpegjaasnt6.0.10.6.exe File not found
O4 - HKLM..\Run: [Studiojusched] C:\program files\java\jre1.6.0_01\bin\jpegjaasnt6.0.10.6.exe File not found
O4 - HKLM..\Run: [USBDetector] C:\USBStorage\USBDetector.exe (ali)
O4 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004..\Run: [EPSON Stylus DX7000F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\RunServices: [AntwoordenGEOTFVC202Macrovision] C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\vCnR.exe File not found
O4 - HKLM..\RunServices: [dappareilsLive] c:\program files\msn messenger\device manager\loc\12\dappareilslive.exe File not found
O4 - HKLM..\RunServices: [QuickTimeResourcesQuickTimeResources] c:\program files\quicktime\qtsystem\quicktimempeg.resources\zh_cn.lproj\quicktimeresourcesquicktime.exe File not found
O4 - HKLM..\RunServices: [RevolutioniniAmerican] c:\program files\firaxis games\sid meier's civilization 4\mods\american revolution\americanrevolutionini.exe File not found
O4 - HKLM..\RunServices: [SPCOMMONMicrosoft] c:\program files\common files\speechengines\microsoft\speechengine5.1.4111.00.exe File not found
O4 - HKLM..\RunServices: [Windowsdappareils1.0.5053.0] c:\program files\msn messenger\device manager\loc\12\dappareilslive.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: none = C:\Program Files\Video ActiveX Object\pmsngr.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1218134755490 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1218140241593 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\video/x-flv {08C72DD4-19AD-49f1-83DA-8542B4D302C5} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - File not found
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - c:\M&M\Mathieu\Anti-virus\AVG\shellexecutehook.dll (Anti-Malware Development a.s.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005-10-06 19:59:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005-11-21 19:26:21 | 000,000,057 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{337b34cc-c082-11de-bee8-00115be25f25}\Shell\AutoRun\command - "" = I:\Setup.exe -- File not found
O33 - MountPoints2\{383c7251-95ac-11da-865a-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{383c7251-95ac-11da-865a-806d6172696f}\Shell\AutoRun\command - "" = G:\start.exe -- File not found
O33 - MountPoints2\{5726ca66-b9bc-11de-bee0-00115be25f25}\Shell - "" = AutoRun
O33 - MountPoints2\{5726ca66-b9bc-11de-bee0-00115be25f25}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-05-28 18:17:31 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gebruiker\Bureaublad\mbam-setup-1.46.exe
[2010-05-26 09:40:48 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gebruiker\Bureaublad\OTL.exe
[2010-05-26 09:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-05-15 16:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Wowhead
[2010-05-03 18:39:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gebruiker\Onlangs geopend
[2010-05-03 06:14:51 | 000,047,104 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Gebruiker\Bureaublad\ATF-Cleaner.exe
[2010-05-03 04:20:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gebruiker\Application Data\Malwarebytes
[2010-05-03 04:20:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-05-03 04:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010-05-03 04:20:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-05-03 04:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-05-03 04:19:27 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gebruiker\Bureaublad\mbam-setup(2).exe
[2010-05-03 04:18:49 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gebruiker\Bureaublad\mbam-setup.exe
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-05-28 20:00:01 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010-05-28 20:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010-05-28 19:42:16 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-05-28 19:41:51 | 000,126,276 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-05-28 19:41:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-05-28 19:41:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-05-28 19:41:30 | 1073,168,384 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010-05-28 19:00:01 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010-05-28 19:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010-05-28 18:44:29 | 000,030,699 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010-05-28 18:41:13 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\cmoxw7w8.exe
[2010-05-28 18:39:01 | 000,001,150 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1960408961-682003330-1004UA.job
[2010-05-28 18:35:31 | 006,557,696 | ---- | M] () -- C:\Documents and Settings\Gebruiker\NTUSER.DAT
[2010-05-28 18:35:31 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Gebruiker\ntuser.ini
[2010-05-28 18:18:36 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2010-05-28 18:17:41 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gebruiker\Bureaublad\mbam-setup-1.46.exe
[2010-05-28 00:47:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010-05-28 00:22:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010-05-27 23:39:01 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1960408961-682003330-1004Core.job
[2010-05-27 23:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010-05-27 23:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010-05-27 22:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010-05-27 22:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010-05-27 21:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010-05-27 21:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010-05-27 18:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010-05-27 18:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010-05-27 17:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010-05-27 17:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010-05-27 10:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010-05-27 10:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010-05-27 09:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010-05-27 09:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010-05-27 08:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010-05-27 08:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010-05-26 16:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010-05-26 16:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010-05-26 15:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010-05-26 15:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010-05-26 14:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010-05-26 14:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010-05-26 13:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010-05-26 13:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010-05-26 12:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010-05-26 12:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010-05-26 11:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010-05-26 11:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010-05-26 09:40:48 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gebruiker\Bureaublad\OTL.exe
[2010-05-26 09:39:08 | 000,002,461 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\HiJackThis.lnk
[2010-05-26 09:38:06 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\HiJackThis.msi
[2010-05-26 08:57:11 | 000,508,910 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2010-05-26 08:57:11 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-05-26 08:57:11 | 000,090,586 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2010-05-26 08:57:10 | 001,126,308 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-05-26 08:57:10 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-05-21 07:51:15 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Lieve Oma.doc
[2010-05-21 07:01:37 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Uitvaart Oma intro.doc
[2010-05-21 07:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010-05-21 07:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010-05-19 06:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010-05-19 06:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010-05-19 05:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010-05-19 05:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010-05-19 04:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010-05-19 04:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010-05-19 03:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010-05-19 03:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010-05-19 02:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010-05-19 02:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010-05-19 01:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010-05-19 01:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010-05-18 07:01:35 | 000,003,902 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010-05-15 17:08:41 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010-05-15 16:57:03 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Wowhead Client.lnk
[2010-05-15 16:52:48 | 000,410,265 | -H-- | M] () -- C:\treeinfo.wc
[2010-05-15 16:44:18 | 000,120,834 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Wowhead_Client.zip
[2010-05-05 22:01:37 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Adobe Reader 8.lnk
[2010-05-03 18:54:46 | 000,164,981 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\92969206.jpg
[2010-05-03 18:53:02 | 000,128,520 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\92968602.jpg
[2010-05-03 18:43:08 | 000,011,800 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Mijn documenten\cc_20100503_184258.reg
[2010-05-03 18:23:11 | 000,000,566 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-05-03 18:23:11 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-05-03 18:23:11 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010-05-03 04:19:35 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gebruiker\Bureaublad\mbam-setup(2).exe
[2010-05-03 04:18:54 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gebruiker\Bureaublad\mbam-setup.exe
[2010-05-01 01:20:15 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-05-28 18:41:12 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\cmoxw7w8.exe
[2010-05-26 09:38:37 | 000,002,461 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\HiJackThis.lnk
[2010-05-26 09:38:04 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\HiJackThis.msi
[2010-05-21 06:34:42 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Uitvaart Oma intro.doc
[2010-05-19 12:14:47 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Lieve Oma.doc
[2010-05-15 16:57:03 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Wowhead Client.lnk
[2010-05-15 16:44:11 | 000,120,834 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Wowhead_Client.zip
[2010-05-05 22:01:36 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Adobe Reader 8.lnk
[2010-05-03 18:54:46 | 000,164,981 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\92969206.jpg
[2010-05-03 18:53:01 | 000,128,520 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\92968602.jpg
[2010-05-03 18:43:00 | 000,011,800 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Mijn documenten\cc_20100503_184258.reg
[2010-05-03 04:20:34 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2009-07-19 21:46:41 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009-07-12 19:03:10 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2009-07-12 19:03:10 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2009-06-10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-06-10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-06-10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009-06-10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009-06-03 17:33:03 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009-04-22 13:05:02 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008-12-18 12:45:07 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008-12-06 15:36:13 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008-12-03 16:25:04 | 000,000,330 | ---- | C] () -- C:\WINDOWS\MENSA.INI
[2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-07-19 15:39:37 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008-05-18 00:32:36 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008-02-19 23:49:45 | 000,000,063 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008-01-31 21:59:05 | 000,000,127 | ---- | C] () -- C:\WINDOWS\gkerde3d.INI
[2007-12-27 18:38:56 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007-12-27 17:59:41 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX7000FEFDG.ini
[2007-11-19 17:11:19 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007-09-06 20:11:48 | 003,345,408 | ---- | C] () -- C:\WINDOWS\System32\avcodec-51.dll
[2007-09-06 20:11:48 | 000,448,512 | ---- | C] () -- C:\WINDOWS\System32\avformat-50.dll
[2007-09-06 20:11:48 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\avutil-49.dll
[2007-08-25 23:22:12 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2007-06-28 18:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007-06-24 11:25:38 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2007-05-05 17:19:21 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2006-12-14 14:55:33 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006-12-14 14:51:17 | 000,000,317 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006-12-11 15:32:50 | 000,003,554 | ---- | C] () -- C:\WINDOWS\ReaderString.ini
[2006-12-11 15:30:10 | 000,000,037 | ---- | C] () -- C:\WINDOWS\sunkist.ini
[2006-10-22 17:47:20 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2006-08-15 09:28:44 | 000,150,016 | ---- | C] () -- C:\WINDOWS\CRLASP95.DLL
[2006-08-15 09:28:23 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\NCSPI8EN.DLL
[2006-08-15 09:28:16 | 000,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL
[2006-08-15 09:28:16 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
[2006-04-08 19:56:29 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006-02-21 10:47:40 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006-02-21 10:47:40 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006-02-21 10:47:40 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006-02-13 12:09:26 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006-02-05 04:33:16 | 000,000,502 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006-02-04 21:53:59 | 000,003,902 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2005-10-09 10:51:36 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\dfbcdcaff3_g.dll
[2005-10-09 10:47:55 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\dfbcdcaff3_d.dll
< End of report >


#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:59 PM

Posted 28 May 2010 - 01:48 PM

Hi Thieux,

You still have a bit of malware there, let's get it cleaned up.


Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (ATKKeyboardService)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe File not found
    O4 - HKLM..\Run: [quicktimeresourcesquicktime] c:\program files\quicktime\qtsystem\quicktimempeg.resources\zh_cn.lproj\quicktimeresourcesquicktime.exe File not found
    O4 - HKLM..\Run: [rmidPlatform] c:\program files\java\jre1.6.0_01\bin\jpegjaasnt6.0.10.6.exe File not found
    O4 - HKLM..\Run: [Studiojusched] C:\program files\java\jre1.6.0_01\bin\jpegjaasnt6.0.10.6.exe File not found
    O4 - HKLM..\RunServices: [AntwoordenGEOTFVC202Macrovision] C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\vCnR.exe File not found
    O4 - HKLM..\RunServices: [dappareilsLive] c:\program files\msn messenger\device manager\loc\12\dappareilslive.exe File not found
    O4 - HKLM..\RunServices: [QuickTimeResourcesQuickTimeResources] c:\program files\quicktime\qtsystem\quicktimempeg.resources\zh_cn.lproj\quicktimeresourcesquicktime.exe File not found
    O4 - HKLM..\RunServices: [RevolutioniniAmerican] c:\program files\firaxis games\sid meier's civilization 4\mods\american revolution\americanrevolutionini.exe File not found
    O4 - HKLM..\RunServices: [SPCOMMONMicrosoft] c:\program files\common files\speechengines\microsoft\speechengine5.1.4111.00.exe File not found
    O4 - HKLM..\RunServices: [Windowsdappareils1.0.5053.0] c:\program files\msn messenger\device manager\loc\12\dappareilslive.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: none = C:\Program Files\Video ActiveX Object\pmsngr.exe File not found
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O18 - Protocol\Filter\video/x-flv {08C72DD4-19AD-49f1-83DA-8542B4D302C5} - Reg Error: Key error. File not found
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O20 - Winlogon\Notify\avldr: DllName - avldr.dll - File not foundO32 - AutoRun File - [2005-11-21 19:26:21 | 000,000,057 | R--- | M] () - H:\autorun.inf -- [ UDF ]
    O33 - MountPoints2\{337b34cc-c082-11de-bee8-00115be25f25}\Shell\AutoRun\command - "" = I:\Setup.exe -- File not found
    O33 - MountPoints2\{383c7251-95ac-11da-865a-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{383c7251-95ac-11da-865a-806d6172696f}\Shell\AutoRun\command - "" = G:\start.exe -- File not found
    O33 - MountPoints2\{5726ca66-b9bc-11de-bee0-00115be25f25}\Shell - "" = AutoRun
    O33 - MountPoints2\{5726ca66-b9bc-11de-bee0-00115be25f25}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
    O33 - MountPoints2\I\Shell - "" = AutoRun
    O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
    [2010-05-28 20:00:01 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
    [2010-05-28 20:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
    [2010-05-28 19:00:01 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
    [2010-05-28 19:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
    [2010-05-28 00:47:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2010-05-28 00:22:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
    [2010-05-27 23:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
    [2010-05-27 23:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
    [2010-05-27 22:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
    [2010-05-27 22:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
    [2010-05-27 21:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
    [2010-05-27 21:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
    [2010-05-27 18:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
    [2010-05-27 18:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
    [2010-05-27 17:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
    [2010-05-27 17:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
    [2010-05-27 10:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
    [2010-05-27 10:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
    [2010-05-27 09:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
    [2010-05-27 09:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
    [2010-05-27 08:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
    [2010-05-27 08:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
    [2010-05-26 16:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
    [2010-05-26 16:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
    [2010-05-26 15:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
    [2010-05-26 15:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
    [2010-05-26 14:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
    [2010-05-26 14:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
    [2010-05-26 13:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
    [2010-05-26 13:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
    [2010-05-26 12:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
    [2010-05-26 12:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
    [2010-05-26 11:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
    [2010-05-26 11:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
    [2010-05-21 07:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
    [2010-05-21 07:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
    [2010-05-19 06:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
    [2010-05-19 06:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
    [2010-05-19 05:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
    [2010-05-19 05:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
    [2010-05-19 04:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
    [2010-05-19 04:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
    [2010-05-19 03:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
    [2010-05-19 03:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
    [2010-05-19 02:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
    [2010-05-19 02:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
    [2010-05-19 01:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
    [2010-05-19 01:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.



Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading.
Select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Then

Please click this link-->Virustotal
When the Virustotal page has finished loading, click the Browse button and navigate to the following files one by one and click Submit.

C:\WINDOWS\System32\dfbcdcaff3_g.dll
C:\WINDOWS\System32\dfbcdcaff3_d.dll

Please post back with the link to the scan results, in your next post.
If Virustotal is busy, try the same at Jotti: http://virusscan.jotti.org/



Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Go to Start >> Run then copy and paste the following line into the run box
    "%userprofile%\desktop\mbr.exe" -t

  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe from.
  • Copy and paste the contents of mbr.log on your next reply.


Then please post back here with the following logs:
  • OTL results
  • New OTL log
  • Virustotal links
  • mbr.log

Thanks

unite.jpg


#6 Thieux

Thieux
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 29 May 2010 - 12:30 PM

I did the the following:

* OTL results
* New OTL log
* Virustotal links
* mbr.log

Here are the logs:

All processes killed
========== OTL ==========
Service ATKKeyboardService stopped successfully!
Service ATKKeyboardService deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KMCONFIG deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\quicktimeresourcesquicktime deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rmidPlatform deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Studiojusched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\\AntwoordenGEOTFVC202Macrovision deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\\dappareilsLive deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\\QuickTimeResourcesQuickTimeResources deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\\RevolutioniniAmerican deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\\SPCOMMONMicrosoft deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\\Windowsdappareils1.0.5053.0 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\none deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\video/x-flv\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08C72DD4-19AD-49f1-83DA-8542B4D302C5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{08C72DD4-19AD-49f1-83DA-8542B4D302C5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{337b34cc-c082-11de-bee8-00115be25f25}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{337b34cc-c082-11de-bee8-00115be25f25}\ not found.
File I:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{383c7251-95ac-11da-865a-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{383c7251-95ac-11da-865a-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{383c7251-95ac-11da-865a-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{383c7251-95ac-11da-865a-806d6172696f}\ not found.
File G:\start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5726ca66-b9bc-11de-bee0-00115be25f25}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5726ca66-b9bc-11de-bee0-00115be25f25}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5726ca66-b9bc-11de-bee0-00115be25f25}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5726ca66-b9bc-11de-bee0-00115be25f25}\ not found.
File I:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\LaunchU3.exe not found.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Corel

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Gebruiker
->Temp folder emptied: 8080774 bytes
->Temporary Internet Files folder emptied: 6741127 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 36533370 bytes
->Google Chrome cache emptied: 82558841 bytes
->Apple Safari cache emptied: 3925056 bytes
->Flash cache emptied: 1975980 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->FireFox cache emptied: 3746332 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 8476529 bytes
%systemroot%\System32 .tmp files removed: 7059456 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24216 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 509040 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 259591 bytes
RecycleBin emptied: 3563560 bytes

Total Files Cleaned = 156,00 mb


[EMPTYFLASH]

User: All Users

User: Corel

User: Default User

User: Gebruiker
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.5.0 log created on 05292010_183343

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

*******************************************************************************************************

OTL logfile created on: 29-5-2010 18:59:27 - Run 3
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Gebruiker\Bureaublad
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1.023,00 Mb Total Physical Memory | 557,00 Mb Available Physical Memory | 54,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 144,00 Gb Free Space | 48,31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 4,18 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
I: Drive not present or media not loaded

Computer Name: NIJ
Current User Name: Gebruiker
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-05-26 09:40:48 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gebruiker\Bureaublad\OTL.exe
PRC - [2010-04-03 12:12:29 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-03-19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009-10-29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009-10-27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009-09-16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009-09-16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009-07-10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009-07-08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009-07-07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009-01-23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008-04-14 19:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-09-07 23:22:24 | 000,204,800 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\KMWDSrv.exe
PRC - [2006-09-28 16:13:20 | 000,204,800 | ---- | M] (Anti-Malware Development a.s.) -- c:\M&M\Mathieu\Anti-virus\AVG\guard.exe
PRC - [2005-08-11 15:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003-04-01 11:33:00 | 000,053,248 | ---- | M] (ali) -- C:\USBStorage\USBDetector.exe


========== Modules (SafeList) ==========

MOD - [2010-05-26 09:40:48 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gebruiker\Bureaublad\OTL.exe
MOD - [2009-01-23 10:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008-04-14 19:01:18 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010-03-19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009-10-27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009-09-16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009-09-16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009-09-16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009-07-10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009-07-08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009-07-07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009-01-23 10:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2007-09-07 23:22:24 | 000,204,800 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files\Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2007-01-19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006-09-28 16:13:20 | 000,204,800 | ---- | M] (Anti-Malware Development a.s.) [Auto | Running] -- c:\M&M\Mathieu\Anti-virus\AVG\guard.exe -- (AVG Anti-Spyware Guard)


========== Driver Services (SafeList) ==========

DRV - [2009-09-16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009-09-16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009-09-16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009-09-16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009-09-16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009-07-16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009-06-16 18:15:52 | 005,095,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009-06-10 06:03:00 | 008,087,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008-04-13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008-04-13 18:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-11-13 15:48:46 | 000,071,720 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pnp680.sys -- (Pnp680)
DRV - [2007-07-12 10:03:42 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2007-07-12 10:03:38 | 000,012,288 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2006-09-28 16:13:34 | 000,004,096 | ---- | M] () [Kernel | System | Running] -- c:\M&M\Mathieu\Anti-virus\AVG\guard.sys -- (AVG Anti-Spyware Driver)
DRV - [2006-09-05 18:03:16 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)
DRV - [2005-09-30 12:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005-07-27 17:25:28 | 000,077,056 | ---- | M] (Unibrain S.A.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ubohci.sys -- (ubohci)
DRV - [2005-07-27 17:25:28 | 000,036,352 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\UBUMAPI.sys -- (ubumapi)
DRV - [2005-07-27 17:25:28 | 000,014,080 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\UBSBM.sys -- (ubsbm)
DRV - [2005-01-07 18:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2002-05-31 18:35:02 | 000,076,976 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pnp680r.sys -- (pnp680r)
DRV - [2001-08-17 20:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
IE - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\..\URLSearchHook: {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\3.bin\MBSRCAS.DLL (Morpheus)
IE - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.nl/"
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: multipletab@piro.sakura.ne.jp:0.5.2010043001
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:0.3.2
FF - prefs.js..extensions.enabledItems: {13b4437e-b706-11dc-8314-0800200c9a66}:1.36.20100303

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010-03-04 01:51:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-12 15:41:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-03 12:12:36 | 000,000,000 | ---D | M]

[2010-01-17 15:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Extensions
[2010-01-17 15:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010-05-28 18:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions
[2010-03-29 14:53:19 | 000,000,000 | ---D | M] (Simple Green) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\{13b4437e-b706-11dc-8314-0800200c9a66}
[2010-05-22 20:58:13 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2008-06-28 10:28:06 | 000,000,000 | ---D | M] (Map+) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\{5359A5B3-9AFD-49ee-8C39-0A8F97A2A2D6}
[2009-12-19 14:05:05 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010-04-13 16:04:50 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009-12-12 21:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\firefox@tvunetworks.com
[2010-05-22 20:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\multipletab@piro.sakura.ne.jp
[2010-01-28 18:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\piclens@cooliris.com
[2010-05-22 20:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\tabscope@xuldev.org
[2010-03-29 14:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\{13b4437e-b706-11dc-8314-0800200c9a66}\chrome\mozapps\extensions
[2010-03-29 14:53:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\extensions\{13b4437e-b706-11dc-8314-0800200c9a66}\chrome\mozapps\extensionsO
[2008-03-24 18:13:35 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0p0w1d0h.default\searchplugins\siteadvisor.xml
[2010-05-28 18:26:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007-09-03 20:00:55 | 000,024,576 | ---- | M] (StreamCast Networks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPMorpBr.dll
[2010-03-12 00:02:38 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010-03-12 00:02:38 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010-03-12 00:02:38 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010-03-12 00:02:38 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2010-03-24 11:17:26 | 000,001,106 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2005-10-09 12:58:08 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MorpheusToolbar BHO) - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\5.bin\MORPHBAR.DLL (Morpheus)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\nl\msntb.dll (Microsoft Corporation)
O2 - BHO: () - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\3.bin\MBSRCAS.DLL (Morpheus)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Morpheus Toolbar) - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\5.bin\MORPHBAR.DLL (Morpheus)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\nl\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\..\Toolbar\WebBrowser: (Morpheus Toolbar) - {3F3714A9-89A4-46BE-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\5.bin\MORPHBAR.DLL (Morpheus)
O3 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\nl\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [USBDetector] C:\USBStorage\USBDetector.exe (ali)
O4 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004..\Run: [EPSON Stylus DX7000F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKE.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-21-1078081533-1960408961-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1218134755490 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1218140241593 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - c:\M&M\Mathieu\Anti-virus\AVG\shellexecutehook.dll (Anti-Malware Development a.s.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005-10-06 19:59:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-05-29 18:27:48 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2005-11-21 19:26:21 | 000,000,057 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-05-29 18:33:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-05-29 18:27:48 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010-05-28 18:17:31 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gebruiker\Bureaublad\mbam-setup-1.46.exe
[2010-05-26 09:40:48 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gebruiker\Bureaublad\OTL.exe
[2010-05-26 09:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-05-15 16:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Wowhead
[2010-05-03 18:39:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gebruiker\Onlangs geopend
[2010-05-03 06:14:51 | 000,047,104 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Gebruiker\Bureaublad\ATF-Cleaner.exe
[2010-05-03 04:20:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gebruiker\Application Data\Malwarebytes
[2010-05-03 04:20:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-05-03 04:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010-05-03 04:20:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-05-03 04:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-05-03 04:19:27 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gebruiker\Bureaublad\mbam-setup(2).exe
[2010-05-03 04:18:49 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gebruiker\Bureaublad\mbam-setup.exe

========== Files - Modified Within 30 Days ==========

[2010-05-29 18:39:01 | 000,001,150 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1960408961-682003330-1004UA.job
[2010-05-29 18:36:19 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-05-29 18:35:52 | 000,030,699 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010-05-29 18:35:51 | 000,126,276 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-05-29 18:35:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-05-29 18:35:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-05-29 18:34:21 | 006,557,696 | ---- | M] () -- C:\Documents and Settings\Gebruiker\NTUSER.DAT
[2010-05-29 18:34:21 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Gebruiker\ntuser.ini
[2010-05-29 18:27:01 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Flash_Disinfector.exe
[2010-05-29 18:05:52 | 000,009,926 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\nieuwlogo.jpg
[2010-05-28 19:41:30 | 1073,168,384 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010-05-28 18:41:13 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\cmoxw7w8.exe
[2010-05-28 18:18:36 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2010-05-28 18:17:41 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gebruiker\Bureaublad\mbam-setup-1.46.exe
[2010-05-27 23:39:01 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1960408961-682003330-1004Core.job
[2010-05-26 09:40:48 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gebruiker\Bureaublad\OTL.exe
[2010-05-26 09:39:08 | 000,002,461 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\HiJackThis.lnk
[2010-05-26 09:38:06 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\HiJackThis.msi
[2010-05-26 08:57:11 | 000,508,910 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2010-05-26 08:57:11 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-05-26 08:57:11 | 000,090,586 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2010-05-26 08:57:10 | 001,126,308 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-05-26 08:57:10 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-05-21 07:51:15 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Lieve Oma.doc
[2010-05-21 07:01:37 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Uitvaart Oma intro.doc
[2010-05-18 07:01:35 | 000,003,902 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010-05-15 17:08:41 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010-05-15 16:57:03 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Wowhead Client.lnk
[2010-05-15 16:52:48 | 000,410,265 | -H-- | M] () -- C:\treeinfo.wc
[2010-05-15 16:44:18 | 000,120,834 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Wowhead_Client.zip
[2010-05-05 22:01:37 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Adobe Reader 8.lnk
[2010-05-03 18:54:46 | 000,164,981 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\92969206.jpg
[2010-05-03 18:53:02 | 000,128,520 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\92968602.jpg
[2010-05-03 18:43:08 | 000,011,800 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Mijn documenten\cc_20100503_184258.reg
[2010-05-03 18:23:11 | 000,000,566 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-05-03 18:23:11 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-05-03 18:23:11 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010-05-03 04:19:35 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gebruiker\Bureaublad\mbam-setup(2).exe
[2010-05-03 04:18:54 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gebruiker\Bureaublad\mbam-setup.exe
[2010-05-01 01:20:15 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job

========== Files Created - No Company Name ==========

[2010-05-29 18:27:01 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Flash_Disinfector.exe
[2010-05-29 18:05:51 | 000,009,926 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\nieuwlogo.jpg
[2010-05-28 18:41:12 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\cmoxw7w8.exe
[2010-05-26 09:38:37 | 000,002,461 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\HiJackThis.lnk
[2010-05-26 09:38:04 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\HiJackThis.msi
[2010-05-21 06:34:42 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Uitvaart Oma intro.doc
[2010-05-19 12:14:47 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Lieve Oma.doc
[2010-05-15 16:57:03 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Wowhead Client.lnk
[2010-05-15 16:44:11 | 000,120,834 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Wowhead_Client.zip
[2010-05-05 22:01:36 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Adobe Reader 8.lnk
[2010-05-03 18:54:46 | 000,164,981 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\92969206.jpg
[2010-05-03 18:53:01 | 000,128,520 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\92968602.jpg
[2010-05-03 18:43:00 | 000,011,800 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Mijn documenten\cc_20100503_184258.reg
[2010-05-03 04:20:34 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2009-07-19 21:46:41 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009-07-12 19:03:10 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2009-07-12 19:03:10 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2009-06-10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-06-10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-06-10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009-06-10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009-06-03 17:33:03 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009-04-22 13:05:02 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008-12-18 12:45:07 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008-12-06 15:36:13 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008-12-03 16:25:04 | 000,000,330 | ---- | C] () -- C:\WINDOWS\MENSA.INI
[2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-07-19 15:39:37 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008-05-18 00:32:36 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008-02-19 23:49:45 | 000,000,063 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008-01-31 21:59:05 | 000,000,127 | ---- | C] () -- C:\WINDOWS\gkerde3d.INI
[2007-12-27 18:38:56 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007-12-27 17:59:41 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX7000FEFDG.ini
[2007-11-19 17:11:19 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007-09-06 20:11:48 | 003,345,408 | ---- | C] () -- C:\WINDOWS\System32\avcodec-51.dll
[2007-09-06 20:11:48 | 000,448,512 | ---- | C] () -- C:\WINDOWS\System32\avformat-50.dll
[2007-09-06 20:11:48 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\avutil-49.dll
[2007-08-25 23:22:12 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2007-06-28 18:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007-06-24 11:25:38 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2007-05-05 17:19:21 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2006-12-14 14:55:33 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006-12-14 14:51:17 | 000,000,317 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006-12-11 15:32:50 | 000,003,554 | ---- | C] () -- C:\WINDOWS\ReaderString.ini
[2006-12-11 15:30:10 | 000,000,037 | ---- | C] () -- C:\WINDOWS\sunkist.ini
[2006-10-22 17:47:20 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2006-08-15 09:28:44 | 000,150,016 | ---- | C] () -- C:\WINDOWS\CRLASP95.DLL
[2006-08-15 09:28:23 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\NCSPI8EN.DLL
[2006-08-15 09:28:16 | 000,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL
[2006-08-15 09:28:16 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
[2006-04-08 19:56:29 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006-02-21 10:47:40 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006-02-21 10:47:40 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006-02-21 10:47:40 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006-02-13 12:09:26 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006-02-05 04:33:16 | 000,000,502 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006-02-04 21:53:59 | 000,003,902 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2005-10-09 10:51:36 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\dfbcdcaff3_g.dll
[2005-10-09 10:47:55 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\dfbcdcaff3_d.dll
< End of report >

**************************************************************************************************

I did scan C:\WINDOWS\System32\dfbcdcaff3_d.dll at virustotal first. Link -->

https://www.virustotal.com/nl/analisis/784d...5b28-1275153029

Then i tried C:\WINDOWS\System32\dfbcdcaff3_g.dll, but virustotal considered this one already scanned, but it links to the _d.dll file.

**************************************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK


THNX again.

Thieux

#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:59 PM

Posted 29 May 2010 - 01:04 PM

Hello

Please let me know in your next reply how the computer is running and if you have any other problems.


Go to the Malware Upload Channel and upload the following file.
  • Please enter the link to the topic in the text box next to: Link to topic where this file was requested:
http://www.bleepingcomputer.com/forums/t/319306/missing-windows-codec-i-dont-use-vista/
  • Then click "Browse" on the line below and navigate to the following file:
C:\WINDOWS\System32\dfbcdcaff3_g.dll
C:\WINDOWS\System32\dfbcdcaff3_d.dll
  • Click Send File



You don't have the latest version of Java, you should run JavaRa to clean up any older Java, then
download and install the latest version from here.

Please download JavaRa and unzip it to your desktop.
Then Print these instructions as you won't have Internet access during this particular phase.

Close any instances of Internet Explorer before continuing
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English or the appropriate language...and click on Select.
  • JavaRa will open; Select Remove Older Versions, click yes, then ok.
  • A logfile will pop up, you can close it.
  • Now select Additional Tasks and check the following:
    Remove Useless JRE Files
    Remove Startup Entry
  • Click Go then ok to all the prompts, once done restart your computer.



Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the button.
  • Check
  • Click the button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push


Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • ESET report
  • New HijackThis log
Thanks

Edited by syler, 29 May 2010 - 01:06 PM.

unite.jpg


#8 Thieux

Thieux
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 30 May 2010 - 01:33 AM

Hi again,

Here are the following results:
* ESET report
* New HijackThis log


C:\Program Files\Morpheus\morpheustoolbar.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
C:\Program Files\MorpheusBar\bar\5.bin\M0PLUGIN.DLL Win32/Toolbar.Morpheus application cleaned by deleting - quarantined
C:\Program Files\MorpheusBar\bar\5.bin\M0POPSWT.DLL Win32/Toolbar.Morpheus application cleaned by deleting - quarantined
C:\Program Files\MorpheusBar\bar\5.bin\MORPHBAR.DLL Win32/Toolbar.Morpheus application cleaned by deleting (after the next restart) - quarantined
C:\Program Files\MorpheusBar\SrchAstt\3.bin\MBSRCAS.DLL Win32/Toolbar.Morpheus application cleaned by deleting (after the next restart) - quarantined



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:32:03, on 30-5-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\USBStorage\USBDetector.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\M&M\Mathieu\Anti-virus\AVG\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Mouse Driver\KMWDSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\3.bin\MBSRCAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX7000F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKE.EXE /FU "C:\WINDOWS\TEMP\E_SE1F.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218134755490
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1218140241593
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieŰn - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - c:\M&M\Mathieu\Anti-virus\AVG\guard.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9648 bytes


After all the help so far, my computer runs narmaly as far as i can see. I have no strange problems.

Is there anything more i have to do?

Regards,
Thieux

#9 Thieux

Thieux
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 30 May 2010 - 01:34 AM

Oh and btw...

I uploaded the 2 files to Malware Upload Channel as you asked me for!

C:\WINDOWS\System32\dfbcdcaff3_g.dll
C:\WINDOWS\System32\dfbcdcaff3_d.dll

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:59 PM

Posted 30 May 2010 - 03:34 PM

Your logs are looking fine to me now smile.gif


Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Cleaning and creating restore points
  • Click Start, right click My Computer and select properties.
  • Select the System Restore tab then check the box "Turn off System Restore".
  • Click Apply then Ok, then restart your computer
  • Now follow these steps again, but instead of checking "Turn off System Restore" Uncheck it.
Now that you have cleaned out you restore points you need to set a new restore point
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Select "Create a restore point" then click Next.
  • Type a name under Restore point description then click Create.
Additional instructions can be found here if needed.

Note: This does not need to be done on a regular basis.


Congratulations! You now appear clean! thumbup.gif

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Keeping Windows updated
It is extremely important to keep windows up to date with the latest service pack and patches. This will
prevent you from getting the malware which uses vulnerabilities found in windows to exploit your computer.
The easiest way to do this this is by making sure that Automatic Updates are always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you
do not update your antivirus software then it will not be able to catch any of the new variants that may come
out. If you use a commercial antivirus program you must make sure you keep renewing your subscription.
Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Make sure all programs are updated
It is also possible for other programs on your computer to have security vulnerability that can allow malware
to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed
applications that are regularly patched to fix vulnerabilities. You can check these by visiting
Calendar of Updates or you can install Secunia PSI.

Install Sanboxie
Sandboxie is a great program to help protect you against malware, working inside Sandboxie will basically
mean that, what you are doing will not make a permenant changes to your system, unless you allow it too.
So you can be surfing the web inside Sandboxie then if you happen to stumble upon a bad site and get
infected, you can simply delete the Sanbox and all is gone. Having said that, it can not be considered 100%
secure as no program can be, but it can be a great help and is an excellent program. You can find a download
link and more information about the program here.

Secure your browsing
Firefox is generally considered to be a lot safer that Internet Explorer, I would recommend that you install
Firefox and install some addons that will make the browser even safer. You can download the latest version
of Firefox here, if you already have firefox these are some good addons.

Recommended addons
NoScript
Adblock Plus
WOT

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs. You can find a tutorial and download link here.

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions here.


Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing smile.gif
Syler

unite.jpg


#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:59 PM

Posted 01 June 2010 - 07:05 AM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users