Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly infected, Gmer wont runst


  • This topic is locked This topic is locked
32 replies to this topic

#1 SoleX

SoleX

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 11 June 2010 - 02:16 AM

Hi there,

I'm new here but have been a follower of Bleeping C for a while now.
My computer is not totally right, removed something a couple of weeks ago, cant find exactly what it was, there was improvement immediately, except Norton still had an error and shut down.
yesterday Windows wanted to install updates, Norton had issues with MsiExec.exe, online was said it was a windows update thing and was ok. immediately after this there were black bands and weird colours.
i made a dds log, gmer wouldn't run (created error and shut down)
Any assistance would be hugely appreciated, and needed seeing my lack of computer know how.
oh, and i want to get rid of norton and use a free virus scanner, which one is recommended?
Many thanks

Martin

second try< just froze>


DDS (Ver_10-03-17.01) - NTFSx86
Run by MARTIN at 16:37:07,60 on vr 11-06-2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3070.1949 [GMT 10:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\digi96.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\VoipCheapCom\VoipCheapCom.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NetComm\NP545\Installer\WINXP\NP545 Wireless Client Utility.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Software\XYplorer Free\XYplorerFree.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\MARTIN\Bureaublad\dds.scr

============== Pseudo HJT Report ===============

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton systemworks\norton antivirus\NavShExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton systemworks\norton antivirus\NavShExt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [VoipCheapCom] "c:\program files\voipcheapcom\VoipCheapCom.exe" -nosplash -minimized
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [DAEMON Tools-1033] "c:\program files\daemon.exe" -lang 1033
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
mRun: [ccRegVfy] c:\program files\common files\symantec shared\ccRegVfy.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [RMETray] digi96.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\np545w~1.lnk - c:\program files\netcomm\np545\installer\winxp\NP545 Wireless Client Utility.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\martin\applic~1\mozilla\firefox\profiles\cwo8a2co.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.symbaloo.com/nl/#
FF - component: c:\documents and settings\martin\application data\mozilla\firefox\profiles\cwo8a2co.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-21 64288]
R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [2003-10-2 119552]
R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [2003-9-27 5504]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2002-8-8 308936]
R2 digi96;RME Digi Audio Device;c:\windows\system32\drivers\digi96.sys [2009-9-11 48768]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton systemworks\norton antivirus\NAVAPSVC.EXE [2002-8-19 116336]
R2 NProtectService;Norton Unerase Protection;c:\program files\norton systemworks\norton utilities\NPROTECT.EXE [2009-3-13 135168]
R2 SAVRTPEL;SAVRTPEL;c:\windows\system32\drivers\SAVRTPEL.SYS [2002-7-25 35552]
R2 sensorsview32;sensorsview32;c:\windows\system32\drivers\sensorsview32.sys [2009-3-13 14416]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100609.003\NAVENG.Sys [2010-6-10 85552]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100609.003\NavEx15.Sys [2010-6-10 1347504]
R3 SAVRT;SAVRT;c:\windows\system32\drivers\SAVRT.SYS [2002-7-25 235744]
S2 gupdate1c9d56e4dfc7ca2;Google Updateservice (gupdate1c9d56e4dfc7ca2);c:\program files\google\update\GoogleUpdate.exe [2009-5-16 133104]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2001-8-13 54408]
S3 ccPwdSvc;Symantec Password Validation Service;c:\program files\common files\symantec shared\ccPwdSvc.exe [2002-8-19 63176]

=============== Created Last 30 ================

2010-06-11 06:31:12 0 ----a-w- c:\documents and settings\martin\defogger_reenable
2010-06-10 12:38:08 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-05-28 01:32:56 0 d-----w- c:\docume~1\martin\applic~1\SUPERAntiSpyware.com
2010-05-28 01:32:56 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-05-28 01:32:50 0 d-----w- c:\program files\SUPERAntiSpyware
2010-05-23 05:26:57 23184 ----a-w- c:\windows\hpqins15.dat
2010-05-16 11:26:17 77824 ----a-w- c:\windows\system32\ODBCTL32.DLL
2010-05-16 11:26:17 270344 ----a-w- c:\windows\system32\Btn32x10.ocx
2010-05-16 11:26:17 200704 ------r- c:\windows\system32\THREED32.OCX
2010-05-16 11:26:17 196880 ------w- c:\windows\system32\RICHTX32.OCX
2010-05-16 11:26:17 192784 ------w- c:\windows\system32\TABCTL32.OCX
2010-05-16 11:26:17 155920 ------w- c:\windows\system32\COMCT232.OCX
2010-05-16 11:26:17 129808 ------w- c:\windows\system32\COMDLG32.OCX
2010-05-16 11:26:16 78608 ----a-w- c:\windows\system32\VB5DB.DLL
2010-05-16 11:26:16 407312 ------w- c:\windows\system32\msrepl35.dll
2010-05-16 11:26:16 0 d-----w- c:\program files\HT Audio
2010-05-16 11:25:01 37 ----a-w- c:\windows\DAOCONV.T1C

==================== Find3M ====================

2010-06-11 01:50:39 86256 ----a-w- c:\windows\system32\perfc013.dat
2010-06-11 01:50:39 499226 ----a-w- c:\windows\system32\perfh013.dat
2010-05-06 10:37:06 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:10:36 1851392 ----a-w- c:\windows\system32\win32k.sys
2010-04-22 05:36:08 21816 ----a-w- c:\docume~1\martin\applic~1\GDIPFONTCACHEV1.DAT
2010-04-20 05:35:02 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-14 09:00:44 271704 ----a-w- c:\windows\system32\hpzids01.dll
2010-04-12 07:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-07 02:02:28 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-04-07 02:02:16 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-04-07 02:01:28 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-04-07 02:00:26 3981312 ----a-w- c:\windows\system32\aticaldd.dll
2010-04-07 01:52:16 14356480 ----a-w- c:\windows\system32\atioglxx.dll
2010-04-07 01:46:42 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-04-07 01:45:46 300544 ----a-w- c:\windows\system32\ati2dvag.dll
2010-04-07 01:41:38 3620288 ----a-w- c:\windows\system32\ati3duag.dll
2010-04-07 01:31:00 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-04-07 01:30:44 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-04-07 01:30:32 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-04-07 01:30:24 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-04-07 01:30:10 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-04-07 01:28:56 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-04-07 01:28:06 2220928 ----a-w- c:\windows\system32\ativvaxx.dll
2010-04-07 01:27:40 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-04-07 01:27:34 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-04-07 01:26:48 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-04-07 01:23:14 585728 ----a-w- c:\windows\system32\atikvmag.dll
2010-04-07 01:21:52 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-04-07 01:21:20 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-04-07 01:20:54 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-04-07 01:15:22 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-04-07 01:14:06 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-04-07 01:14:06 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-03-17 15:06:30 202234 ----a-w- c:\windows\system32\atiicdxx.dat
2003-10-01 16:20:50 81920 ----a-w- c:\program files\daemon.exe
2002-05-23 01:55:16 167936 ----a-w- c:\program files\pfctoc.dll
2009-03-13 08:07:10 32 --sha-w- c:\windows\{1667505B-C946-46A1-9AD4-5AB452470B97}.dat
2009-03-13 08:06:52 32 --sha-w- c:\windows\{2321F833-295D-4630-81CD-D7FB56203A24}.dat
2009-03-13 08:06:22 32 --sha-w- c:\windows\{362EB219-A053-41BF-85C8-BD4178E3194D}.dat
2009-03-13 08:05:50 32 --sha-w- c:\windows\{5CF71B1C-1582-4B4B-ABDD-FF6C54CCDAF1}.dat
2009-03-13 08:07:10 32 --sha-w- c:\windows\system32\{7B313D51-29E3-4C3E-AEAE-C3661286E587}.dat
2009-03-13 08:05:50 32 --sha-w- c:\windows\system32\{9F877B23-55E6-4E65-BC85-0D70FBC619F7}.dat
2009-03-13 08:06:52 32 --sha-w- c:\windows\system32\{BA5B34F0-99DD-4D74-A976-1D36E3980706}.dat
2009-03-13 08:06:22 32 --sha-w- c:\windows\system32\{D67AC808-6DD0-4E25-B83F-A1B61908AC75}.dat
2009-03-16 23:44:15 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012009030920090316\index.dat
2009-03-16 23:44:15 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012009031720090318\index.dat

============= FINISH: 16:39:07,78 ===============


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:29 AM

Posted 15 June 2010 - 03:42 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 SoleX

SoleX
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 15 June 2010 - 08:44 PM

Thank you Schrauber for your reply. i have tried to do what you said, here is a short walk through of my adventures:
-Norton systemworks 2003 would not let me disable auto protect, it just didn't listen. with unchecking the load at startup button and restarting it was disabled.
-Gmer still didn't run, windows wouldn't let me restart with the start button, it just didn't react. (had to use the reset button)
first time in safe mode i just had a blinking cursor until it restarted itself after a couple of minutes, next try it worked, but gmer still didn't work. it starts a scan but after 5 seconds it "created an error and had to shut down"
- The computer is behaving more and more strangely, it ignores much of what i'm trying to open or start.

here are the dds logs (this did work)

I very much appreciate the help you're giving me, i sooo need it cos its driving me mad....

Thanks

Martin


DDS (Ver_10-03-17.01) - NTFSx86
Run by MARTIN at 10:33:54,62 on wo 16-06-2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3070.1991 [GMT 10:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\digi96.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\VoipCheapCom\VoipCheapCom.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NetComm\NP545\Installer\WINXP\NP545 Wireless Client Utility.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\MARTIN\Bureaublad\dds.scr

============== Pseudo HJT Report ===============

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton systemworks\norton antivirus\NavShExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton systemworks\norton antivirus\NavShExt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [VoipCheapCom] "c:\program files\voipcheapcom\VoipCheapCom.exe" -nosplash -minimized
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [DAEMON Tools-1033] "c:\program files\daemon.exe" -lang 1033
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
mRun: [ccRegVfy] c:\program files\common files\symantec shared\ccRegVfy.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [RMETray] digi96.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\np545w~1.lnk - c:\program files\netcomm\np545\installer\winxp\NP545 Wireless Client Utility.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\martin\applic~1\mozilla\firefox\profiles\cwo8a2co.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.symbaloo.com/nl/#
FF - component: c:\documents and settings\martin\application data\mozilla\firefox\profiles\cwo8a2co.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-21 64288]
R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [2003-10-2 119552]
R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [2003-9-27 5504]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2002-8-8 308936]
R2 digi96;RME Digi Audio Device;c:\windows\system32\drivers\digi96.sys [2009-9-11 48768]
R2 NProtectService;Norton Unerase Protection;c:\program files\norton systemworks\norton utilities\NPROTECT.EXE [2009-3-13 135168]
R2 SAVRTPEL;SAVRTPEL;c:\windows\system32\drivers\SAVRTPEL.SYS [2002-7-25 35552]
R2 sensorsview32;sensorsview32;c:\windows\system32\drivers\sensorsview32.sys [2009-3-13 14416]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R3 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton systemworks\norton antivirus\NAVAPSVC.EXE [2002-8-19 116336]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100609.003\NAVENG.Sys [2010-6-10 85552]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100609.003\NavEx15.Sys [2010-6-10 1347504]
R3 SAVRT;SAVRT;c:\windows\system32\drivers\SAVRT.SYS [2002-7-25 235744]
S2 gupdate1c9d56e4dfc7ca2;Google Updateservice (gupdate1c9d56e4dfc7ca2);c:\program files\google\update\GoogleUpdate.exe [2009-5-16 133104]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2001-8-13 54408]
S3 ccPwdSvc;Symantec Password Validation Service;c:\program files\common files\symantec shared\ccPwdSvc.exe [2002-8-19 63176]

=============== Created Last 30 ================

2010-06-11 06:31:12 0 ----a-w- c:\documents and settings\martin\defogger_reenable
2010-06-10 12:38:08 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-05-28 01:32:56 0 d-----w- c:\docume~1\martin\applic~1\SUPERAntiSpyware.com
2010-05-28 01:32:56 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-05-28 01:32:50 0 d-----w- c:\program files\SUPERAntiSpyware
2010-05-23 05:26:57 23184 ----a-w- c:\windows\hpqins15.dat

==================== Find3M ====================

2010-06-11 01:50:39 86256 ----a-w- c:\windows\system32\perfc013.dat
2010-06-11 01:50:39 499226 ----a-w- c:\windows\system32\perfh013.dat
2010-05-06 10:37:06 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:10:36 1851392 ----a-w- c:\windows\system32\win32k.sys
2010-04-22 05:36:08 21816 ----a-w- c:\docume~1\martin\applic~1\GDIPFONTCACHEV1.DAT
2010-04-20 05:35:02 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-14 09:00:44 271704 ----a-w- c:\windows\system32\hpzids01.dll
2010-04-12 07:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-07 02:02:28 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-04-07 02:02:16 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-04-07 02:01:28 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-04-07 02:00:26 3981312 ----a-w- c:\windows\system32\aticaldd.dll
2010-04-07 01:52:16 14356480 ----a-w- c:\windows\system32\atioglxx.dll
2010-04-07 01:46:42 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-04-07 01:45:46 300544 ----a-w- c:\windows\system32\ati2dvag.dll
2010-04-07 01:41:38 3620288 ----a-w- c:\windows\system32\ati3duag.dll
2010-04-07 01:31:00 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-04-07 01:30:44 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-04-07 01:30:32 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-04-07 01:30:24 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-04-07 01:30:10 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-04-07 01:28:56 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-04-07 01:28:06 2220928 ----a-w- c:\windows\system32\ativvaxx.dll
2010-04-07 01:27:40 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-04-07 01:27:34 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-04-07 01:26:48 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-04-07 01:23:14 585728 ----a-w- c:\windows\system32\atikvmag.dll
2010-04-07 01:21:52 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-04-07 01:21:20 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-04-07 01:20:54 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-04-07 01:15:22 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-04-07 01:14:06 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-04-07 01:14:06 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2003-10-01 16:20:50 81920 ----a-w- c:\program files\daemon.exe
2002-05-23 01:55:16 167936 ----a-w- c:\program files\pfctoc.dll
2009-03-13 08:07:10 32 --sha-w- c:\windows\{1667505B-C946-46A1-9AD4-5AB452470B97}.dat
2009-03-13 08:06:52 32 --sha-w- c:\windows\{2321F833-295D-4630-81CD-D7FB56203A24}.dat
2009-03-13 08:06:22 32 --sha-w- c:\windows\{362EB219-A053-41BF-85C8-BD4178E3194D}.dat
2009-03-13 08:05:50 32 --sha-w- c:\windows\{5CF71B1C-1582-4B4B-ABDD-FF6C54CCDAF1}.dat
2009-03-13 08:07:10 32 --sha-w- c:\windows\system32\{7B313D51-29E3-4C3E-AEAE-C3661286E587}.dat
2009-03-13 08:05:50 32 --sha-w- c:\windows\system32\{9F877B23-55E6-4E65-BC85-0D70FBC619F7}.dat
2009-03-13 08:06:52 32 --sha-w- c:\windows\system32\{BA5B34F0-99DD-4D74-A976-1D36E3980706}.dat
2009-03-13 08:06:22 32 --sha-w- c:\windows\system32\{D67AC808-6DD0-4E25-B83F-A1B61908AC75}.dat
2009-03-16 23:44:15 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012009030920090316\index.dat
2009-03-16 23:44:15 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012009031720090318\index.dat

============= FINISH: 10:34:14,53 ===============

Attached Files



#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:29 AM

Posted 16 June 2010 - 01:21 PM

Hello, SoleX
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 4-5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 SoleX

SoleX
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 16 June 2010 - 07:30 PM

Thank you Thomas,

here is the log you requested. it found a rootkit and had to restart, but you'll probably know when looking at the log.


Martin


ComboFix 10-06-16.02 - MARTIN 17-06-2010 10:18:35.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3070.2653 [GMT 10:00]
Gestart vanuit: c:\documents and settings\MARTIN\Bureaublad\schrauber.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\MARTIN\Application Data\inst.exe
c:\windows\system32\AutoRun.inf

.
(((((((((((((((((((( Bestanden Gemaakt van 2010-05-17 to 2010-06-17 ))))))))))))))))))))))))))))))
.

2010-06-10 12:38 . 2010-05-06 10:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-07 10:11 . 2010-05-23 07:50 73216 ----a-w- c:\documents and settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
2010-06-07 10:11 . 2010-04-18 04:33 307200 ----a-w- c:\documents and settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2010-06-07 10:11 . 2010-04-18 04:33 172032 ----a-w- c:\documents and settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2010-06-05 02:36 . 2010-06-05 02:36 -------- d-----w- c:\documents and settings\MARTIN\Application Data\HPAppData
2010-05-28 11:43 . 2010-05-28 11:43 -------- d-sh--w- c:\documents and settings\Administrator.FREBATIN\PrivacIE
2010-05-28 07:36 . 2010-05-28 08:18 -------- d-----w- c:\documents and settings\Administrator.FREBATIN\DoctorWeb
2010-05-28 06:13 . 2010-06-11 05:37 63488 ----a-w- c:\documents and settings\Administrator.FREBATIN\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-28 06:13 . 2010-05-28 06:13 52224 ----a-w- c:\documents and settings\Administrator.FREBATIN\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-28 06:13 . 2010-06-11 05:37 117760 ----a-w- c:\documents and settings\Administrator.FREBATIN\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-28 06:13 . 2010-05-28 06:13 -------- d-----w- c:\documents and settings\Administrator.FREBATIN\Application Data\SUPERAntiSpyware.com
2010-05-28 06:02 . 2010-05-28 06:02 22376 ----a-w- c:\documents and settings\Administrator.FREBATIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-28 01:35 . 2010-06-07 11:19 63488 ----a-w- c:\documents and settings\MARTIN\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-28 01:35 . 2010-05-28 01:35 52224 ----a-w- c:\documents and settings\MARTIN\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-28 01:35 . 2010-06-07 11:19 117760 ----a-w- c:\documents and settings\MARTIN\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-28 01:32 . 2010-05-28 01:32 -------- d-----w- c:\documents and settings\MARTIN\Application Data\SUPERAntiSpyware.com
2010-05-28 01:32 . 2010-05-28 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-28 01:32 . 2010-06-11 05:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-23 05:26 . 2010-05-23 05:28 23184 ----a-w- c:\windows\hpqins15.dat
2010-05-23 02:13 . 2010-05-23 02:13 503808 ----a-w- c:\documents and settings\MARTIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5255b16a-n\msvcp71.dll
2010-05-23 02:13 . 2010-05-23 02:13 499712 ----a-w- c:\documents and settings\MARTIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5255b16a-n\jmc.dll
2010-05-23 02:13 . 2010-05-23 02:13 348160 ----a-w- c:\documents and settings\MARTIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5255b16a-n\msvcr71.dll
2010-05-23 02:13 . 2010-05-23 02:13 61440 ----a-w- c:\documents and settings\MARTIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6cd83a72-n\decora-sse.dll
2010-05-23 02:13 . 2010-05-23 02:13 12800 ----a-w- c:\documents and settings\MARTIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6cd83a72-n\decora-d3d.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-17 00:07 . 2009-03-13 08:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-13 11:30 . 2010-05-02 10:12 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-11 14:53 . 2009-03-13 02:34 -------- d-----w- c:\program files\Drive Image 5.0
2010-06-11 01:50 . 2002-09-11 12:00 86256 ----a-w- c:\windows\system32\perfc013.dat
2010-06-11 01:50 . 2002-09-11 12:00 499226 ----a-w- c:\windows\system32\perfh013.dat
2010-06-11 01:37 . 2010-02-06 12:58 -------- d-----w- c:\program files\AIMP2
2010-05-31 04:01 . 2009-09-02 07:01 -------- d-----w- c:\documents and settings\MARTIN\Application Data\HpUpdate
2010-05-28 07:30 . 2009-03-13 08:05 -------- d-----w- c:\program files\Norton SystemWorks
2010-05-25 07:34 . 2009-03-16 13:33 -------- d-----w- c:\documents and settings\MARTIN\Application Data\AdobeUM
2010-05-23 05:27 . 2009-03-15 13:19 -------- d-----w- c:\program files\HP
2010-05-22 16:33 . 2009-05-15 14:24 -------- d-----w- c:\program files\Google
2010-05-16 12:10 . 2010-05-16 11:26 -------- d-----w- c:\program files\HT Audio
2010-05-06 10:37 . 2004-08-04 00:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-03 01:48 . 2010-05-03 01:48 503808 ----a-w- c:\documents and settings\MARTIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-100ccb30-n\msvcp71.dll
2010-05-03 01:48 . 2010-05-03 01:48 499712 ----a-w- c:\documents and settings\MARTIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-100ccb30-n\jmc.dll
2010-05-03 01:48 . 2010-05-03 01:48 348160 ----a-w- c:\documents and settings\MARTIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-100ccb30-n\msvcr71.dll
2010-05-03 01:48 . 2010-05-03 01:48 61440 ----a-w- c:\documents and settings\MARTIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-30cd5a2d-n\decora-sse.dll
2010-05-03 01:48 . 2010-05-03 01:48 12800 ----a-w- c:\documents and settings\MARTIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-30cd5a2d-n\decora-d3d.dll
2010-05-03 01:48 . 2010-05-03 01:48 -------- d-----w- c:\program files\Common Files\Java
2010-05-03 01:47 . 2009-05-15 13:40 -------- d-----w- c:\program files\Java
2010-05-03 01:11 . 2009-03-12 13:00 22376 ----a-w- c:\documents and settings\MARTIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-03 00:31 . 2010-05-03 00:31 -------- d-----w- c:\program files\MSBuild
2010-05-03 00:31 . 2010-05-03 00:31 -------- d-----w- c:\program files\Reference Assemblies
2010-05-02 12:39 . 2010-05-02 09:55 -------- d-----w- c:\program files\ATI Technologies
2010-05-02 12:39 . 2010-05-02 12:39 -------- d-----w- c:\program files\ATI
2010-05-02 10:32 . 2010-05-02 10:32 -------- d-----w- c:\documents and settings\MARTIN\Application Data\ATI
2010-05-02 10:32 . 2010-05-02 10:32 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-05-02 10:01 . 2010-05-02 10:01 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-05-02 09:55 . 2009-03-12 13:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-02 08:10 . 2004-08-03 23:56 1851392 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 07:44 . 2009-04-09 04:04 -------- d-----w- c:\program files\REAPER
2010-04-30 05:41 . 2010-04-30 05:41 0 ----a-w- c:\windows\ativpsrm.bin
2010-04-26 05:55 . 2009-04-09 04:04 -------- d-----w- c:\documents and settings\MARTIN\Application Data\REAPER
2010-04-25 10:32 . 2010-04-25 08:34 -------- d-----w- c:\program files\DrumFlow
2010-04-24 11:26 . 2010-04-21 06:55 -------- d-----w- c:\program files\ordrumbox
2010-04-24 09:57 . 2010-04-24 09:57 45056 ----a-r- c:\documents and settings\MARTIN\Application Data\Microsoft\Installer\{9764B950-8667-4297-AF52-93D9A3354801}\ProximaController.ex_9764B95086674297AF5293D9A3354801.exe
2010-04-24 09:57 . 2010-04-24 09:57 45056 ----a-r- c:\documents and settings\MARTIN\Application Data\Microsoft\Installer\{9764B950-8667-4297-AF52-93D9A3354801}\ARPPRODUCTICON.exe
2010-04-24 09:57 . 2010-04-24 09:57 -------- d-----w- c:\program files\Proxima Controller
2010-04-20 05:35 . 2004-08-04 00:01 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-18 13:27 . 2010-04-18 13:27 -------- d-----w- c:\documents and settings\MARTIN\Application Data\Waves Audio
2010-04-18 13:27 . 2010-04-18 13:26 -------- d-----w- c:\program files\Waves
2010-04-18 13:26 . 2010-04-18 13:26 -------- d-----w- c:\program files\Common Files\Digidesign
2010-04-18 13:26 . 2009-03-13 02:11 -------- d-----w- c:\program files\Plugins
2010-04-14 09:00 . 2009-03-15 13:25 271704 ----a-w- c:\windows\system32\hpzids01.dll
2010-04-12 07:29 . 2010-05-03 01:47 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-07 02:42 . 2009-03-14 11:25 4687872 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-04-07 02:02 . 2009-10-02 02:27 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-04-07 02:02 . 2009-10-02 02:26 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-04-07 02:01 . 2010-05-02 09:55 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-04-07 02:00 . 2009-10-02 02:25 3981312 ----a-w- c:\windows\system32\aticaldd.dll
2010-04-07 01:52 . 2009-10-02 02:56 14356480 ----a-w- c:\windows\system32\atioglxx.dll
2010-04-07 01:46 . 2010-05-02 09:55 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-04-07 01:45 . 2008-04-14 17:02 300544 ----a-w- c:\windows\system32\ati2dvag.dll
2010-04-07 01:41 . 2008-04-14 17:02 3620288 ----a-w- c:\windows\system32\ati3duag.dll
2010-04-07 01:31 . 2009-10-02 03:17 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-04-07 01:30 . 2009-10-02 03:16 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-04-07 01:30 . 2009-10-02 03:16 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-04-07 01:30 . 2009-10-02 03:16 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-04-07 01:30 . 2009-10-02 03:16 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-04-07 01:28 . 2009-10-02 03:15 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-04-07 01:28 . 2008-04-14 17:02 2220928 ----a-w- c:\windows\system32\ativvaxx.dll
2010-04-07 01:27 . 2010-05-02 09:55 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-04-07 01:27 . 2010-05-02 09:55 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-04-07 01:27 . 2009-10-02 03:13 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-04-07 01:26 . 2010-05-02 12:40 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-04-07 01:23 . 2009-10-02 02:28 585728 ----a-w- c:\windows\system32\atikvmag.dll
2010-04-07 01:21 . 2009-10-02 02:24 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-04-07 01:21 . 2009-10-02 02:26 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-04-07 01:20 . 2009-10-02 02:25 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-04-07 01:15 . 2008-04-14 17:02 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-04-07 01:15 . 2009-10-02 02:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-04-07 01:14 . 2009-10-02 02:32 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-04-07 01:14 . 2009-10-02 02:32 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2003-10-01 16:20 . 2003-10-01 16:20 81920 ----a-w- c:\program files\daemon.exe
2002-05-23 01:55 . 2002-05-23 01:55 167936 ----a-w- c:\program files\pfctoc.dll
2009-03-13 08:07 . 2009-03-13 08:07 32 --sha-w- c:\windows\{1667505B-C946-46A1-9AD4-5AB452470B97}.dat
2009-03-13 08:06 . 2009-03-13 08:06 32 --sha-w- c:\windows\{2321F833-295D-4630-81CD-D7FB56203A24}.dat
2009-03-13 08:06 . 2009-03-13 08:06 32 --sha-w- c:\windows\{362EB219-A053-41BF-85C8-BD4178E3194D}.dat
2009-03-13 08:05 . 2009-03-13 08:05 32 --sha-w- c:\windows\{5CF71B1C-1582-4B4B-ABDD-FF6C54CCDAF1}.dat
2009-03-13 08:07 . 2009-03-13 08:07 32 --sha-w- c:\windows\system32\{7B313D51-29E3-4C3E-AEAE-C3661286E587}.dat
2009-03-13 08:05 . 2009-03-13 08:05 32 --sha-w- c:\windows\system32\{9F877B23-55E6-4E65-BC85-0D70FBC619F7}.dat
2009-03-13 08:06 . 2009-03-13 08:06 32 --sha-w- c:\windows\system32\{BA5B34F0-99DD-4D74-A976-1D36E3980706}.dat
2009-03-13 08:06 . 2009-03-13 08:06 32 --sha-w- c:\windows\system32\{D67AC808-6DD0-4E25-B83F-A1B61908AC75}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"VoipCheapCom"="c:\program files\VoipCheapCom\VoipCheapCom.exe" [2010-01-18 9275704]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-15 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-11 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"DAEMON Tools-1033"="c:\program files\daemon.exe" [2003-10-01 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 50880]
"ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 34504]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-03-25 570664]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"RMETray"="digi96.exe" [2005-06-14 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-01 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-06 54936]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-15 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NP545 Wireless Client Utility.lnk - c:\program files\NetComm\NP545\Installer\WINXP\NP545 Wireless Client Utility.exe [2009-3-15 593920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"=digi96.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
m‘|\ü [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-02-26 04:08 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-03-25 04:33 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipCheapCom]
2010-01-18 08:33 9275704 ----a-w- c:\program files\VoipCheapCom\voipcheapcom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UPS"=3 (0x3)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"NeroRegInCDSrv"=2 (0x2)
"LightScribeService"=2 (0x2)
"InCDsrv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21-9-2009 11:58 64288]
R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [2-10-2003 3:16 119552]
R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [27-9-2003 14:37 5504]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [18-2-2010 4:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11-5-2010 4:41 67656]
R2 digi96;RME Digi Audio Device;c:\windows\system32\drivers\digi96.sys [11-9-2009 14:43 48768]
R2 NProtectService;Norton Unerase Protection;c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [13-3-2009 18:06 135168]
R2 sensorsview32;sensorsview32;c:\windows\system32\drivers\sensorsview32.sys [13-3-2009 19:49 14416]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13-11-2009 21:31 92008]
S2 gupdate1c9d56e4dfc7ca2;Google Updateservice (gupdate1c9d56e4dfc7ca2);c:\program files\Google\Update\GoogleUpdate.exe [16-5-2009 1:03 133104]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24-9-2009 21:17 1181328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 04:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map

2010-06-17 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 01:48]

2010-06-17 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 01:48]

2010-06-17 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 01:48]

2010-06-17 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 01:48]

2010-06-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 01:48]

2010-06-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-15 14:59]

2010-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-15 15:03]

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-15 15:03]

2010-04-30 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NORTON~1\NAVW32.exe [2002-08-19 09:31]

2010-05-28 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2002-08-28 14:53]

2010-06-17 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2009-03-13 23:04]
.
.
------- Bijkomende Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.symbaloo.com/nl/#
FF - component: c:\documents and settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS VERWIJDERD - - - -

ShellIconOverlayIdentifiers-{8D2223A2-B3C6-4e32-B096-CDD11F628C60} - (no file)
MSConfigStartUp-InCD - c:\program files\Nero\Nero8\InCD\InCD.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-17 10:21
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A0A65A0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf735dcb8
\Driver\atapi -> 0x8a0a65a0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf71c5bb0
PacketIndicateHandler -> NDIS.sys @ 0xf71d2a21
SendHandler -> NDIS.sys @ 0xf71b087b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{04C61962-5FC5-7F82-5D9A-777B412E0332}\InProcServer32*]
"jabecckdgjclbmmlhdpa"=hex:6a,61,61,66,6f,6e,69,67,69,62,6d,69,6c,6b,64,6a,65,
65,62,63,00,fa
"iabeicpccgocefgfdc"=hex:6a,61,61,66,61,6f,63,67,61,61,6e,65,65,67,6d,6d,69,69,
6d,65,00,f8
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Voltooingstijd: 2010-06-17 10:23:06
ComboFix-quarantined-files.txt 2010-06-17 00:23

Pre-Run: 26.757.304.320 bytes beschikbaar
Post-Run: 27.688.333.312 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 3314622C5B1715CAE777041355E3FAC6


#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:29 AM

Posted 19 June 2010 - 07:03 AM

Hi,

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 SoleX

SoleX
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 19 June 2010 - 10:33 AM

Hi Thomas,

After downloading and extraction i pressed Ctrl + C to copy the text, pressed Start, and the computer froze. i pressed the reset button, and with the restart all the programs that normally start up did start up, while before the restart none were running. i think Spybot (started automatically) warned that there were registry changes detected which i allowed ( changes from previous steps ?) I hope I did right.

There are a lot of programs that i dont need and want to remove, I'm not happy with Norton antivirus and would like to change to a good free antivirus program, do you have any suggestions which one is 'the best'? same with spyware and such. I have always been very conscious of virus protection, but on this 'new' computer (1-1/2 year... ) my father put Norton on. Before I had virtually no problems with virusses, but recently i'm not so sure, and this episode is worse than I've ever had.
So your help is greatly appreciated!

Vielen Dank!

Here is the logfile:

01:04:20:609 2168 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
01:04:20:609 2168 ================================================================================
01:04:20:609 2168 SystemInfo:

01:04:20:609 2168 OS Version: 5.1.2600 ServicePack: 3.0
01:04:20:609 2168 Product type: Workstation
01:04:20:609 2168 ComputerName: FREBATIN
01:04:20:609 2168 UserName: MARTIN
01:04:20:609 2168 Windows directory: C:\WINDOWS
01:04:20:609 2168 Processor architecture: Intel x86
01:04:20:609 2168 Number of processors: 2
01:04:20:609 2168 Page size: 0x1000
01:04:20:625 2168 Boot type: Normal boot
01:04:20:625 2168 ================================================================================
01:04:20:812 2168 Initialize success
01:04:20:812 2168
01:04:20:812 2168 Scanning Services ...
01:04:21:109 2168 Raw services enum returned 365 services
01:04:21:125 2168
01:04:21:125 2168 Scanning Drivers ...
01:04:21:765 2168 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:04:21:796 2168 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
01:04:21:812 2168 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
01:04:21:843 2168 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
01:04:21:859 2168 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
01:04:21:906 2168 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:04:21:906 2168 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
01:04:22:000 2168 ati2mtag (c026951271d59ff97deb2a6b4895b416) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
01:04:22:046 2168 AtiHdmiService (fac04a8e09c8d70594382656d99772a3) C:\WINDOWS\system32\drivers\AtiHdmi.sys
01:04:22:046 2168 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:04:22:062 2168 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
01:04:22:078 2168 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
01:04:22:171 2168 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
01:04:22:203 2168 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
01:04:22:218 2168 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
01:04:22:250 2168 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
01:04:22:250 2168 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:04:22:296 2168 digi96 (db7839a235cab1decbbefb2231720194) C:\WINDOWS\system32\DRIVERS\digi96.sys
01:04:22:296 2168 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
01:04:22:328 2168 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
01:04:22:375 2168 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
01:04:22:375 2168 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
01:04:22:390 2168 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
01:04:22:406 2168 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
01:04:22:437 2168 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
01:04:22:437 2168 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
01:04:22:453 2168 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
01:04:22:468 2168 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
01:04:22:468 2168 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
01:04:22:484 2168 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:04:22:484 2168 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:04:22:515 2168 gdrv (5c230948dd6652228f88ca7ae6cb276c) C:\WINDOWS\gdrv.sys
01:04:22:515 2168 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
01:04:22:515 2168 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:04:22:531 2168 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
01:04:22:546 2168 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:04:22:578 2168 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
01:04:22:578 2168 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
01:04:22:609 2168 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
01:04:22:640 2168 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
01:04:22:656 2168 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:04:22:765 2168 ialm (bffa387180121df1e4646c4ced3e16ca) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
01:04:22:859 2168 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
01:04:22:953 2168 IntcAzAudAddService (08baf30f6de95814f58af9ce7bbc5614) C:\WINDOWS\system32\drivers\RtkHDAud.sys
01:04:22:984 2168 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:04:23:000 2168 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
01:04:23:015 2168 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:04:23:031 2168 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:04:23:046 2168 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:04:23:046 2168 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:04:23:062 2168 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
01:04:23:078 2168 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:04:23:078 2168 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:04:23:078 2168 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
01:04:23:109 2168 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
01:04:23:125 2168 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
01:04:23:140 2168 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
01:04:23:156 2168 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\WINDOWS\system32\DRIVERS\Lbd.sys
01:04:23:187 2168 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
01:04:23:218 2168 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
01:04:23:234 2168 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
01:04:23:265 2168 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
01:04:23:281 2168 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
01:04:23:281 2168 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:04:23:296 2168 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:04:23:296 2168 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
01:04:23:312 2168 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:04:23:328 2168 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:04:23:343 2168 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
01:04:23:359 2168 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:04:23:375 2168 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:04:23:390 2168 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
01:04:23:390 2168 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:04:23:406 2168 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
01:04:23:421 2168 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
01:04:23:421 2168 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
01:04:23:515 2168 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100609.003\NAVENG.Sys
01:04:23:562 2168 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100609.003\NavEx15.Sys
01:04:23:593 2168 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
01:04:23:625 2168 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
01:04:23:640 2168 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:04:23:671 2168 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:04:23:687 2168 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:04:23:718 2168 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
01:04:23:734 2168 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
01:04:23:750 2168 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
01:04:23:781 2168 NPDriver (410ab482d8a1e1655a7158a7b5c72ce7) C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
01:04:23:812 2168 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
01:04:23:843 2168 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
01:04:23:875 2168 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
01:04:23:890 2168 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:04:23:906 2168 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:04:23:921 2168 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
01:04:23:921 2168 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
01:04:23:953 2168 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
01:04:23:968 2168 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
01:04:24:000 2168 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
01:04:24:015 2168 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
01:04:24:031 2168 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
01:04:24:062 2168 pepifilter (a05f0d7419cf4680eedd5736e6549e7b) C:\WINDOWS\system32\DRIVERS\lv302af.sys
01:04:24:140 2168 PID_PEPI (4bb5ac2dd485b8eefccb977ee66a68ad) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
01:04:24:203 2168 pnpshark (e68daac907bb158c55ad55d01d6e31ba) C:\WINDOWS\system32\DRIVERS\pnpshark.sys
01:04:24:203 2168 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:04:24:234 2168 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
01:04:24:234 2168 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
01:04:24:250 2168 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:04:24:250 2168 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
01:04:24:281 2168 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:04:24:296 2168 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:04:24:296 2168 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:04:24:296 2168 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
01:04:24:312 2168 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:04:24:312 2168 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:04:24:328 2168 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:04:24:343 2168 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
01:04:24:359 2168 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
01:04:24:406 2168 RT73 (6ea04a4370609e5e1eaeee898a2ab6ac) C:\WINDOWS\system32\DRIVERS\rt73.sys
01:04:24:421 2168 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
01:04:24:484 2168 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
01:04:24:500 2168 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
01:04:24:515 2168 SAVRT (916f1232167a090311950e6b87f1eab4) C:\WINDOWS\system32\Drivers\SAVRT.SYS
01:04:24:531 2168 SAVRTPEL (35f4d6f53fc698c1e00ac52cc8cd6f93) C:\WINDOWS\system32\Drivers\SAVRTPEL.SYS
01:04:24:546 2168 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:04:24:578 2168 sensorsview32 (845af1ba23c8d5e64def61bcc441604c) C:\WINDOWS\system32\drivers\sensorsview32.sys
01:04:24:593 2168 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
01:04:24:609 2168 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
01:04:24:609 2168 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
01:04:24:640 2168 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
01:04:24:656 2168 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
01:04:24:671 2168 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
01:04:24:703 2168 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
01:04:24:703 2168 st3shark (f7cd574cff0e0df2ced11710acfb60a2) C:\WINDOWS\system32\DRIVERS\st3shark.sys
01:04:24:718 2168 StillCam (bf8aa066bb0398ddcbc9573153d39b8c) C:\WINDOWS\system32\DRIVERS\serscan.sys
01:04:24:750 2168 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
01:04:24:781 2168 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
01:04:24:796 2168 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
01:04:24:875 2168 SymEvent (73c834e4d9b96e91c8c09b5f02d0a8f3) C:\Program Files\Symantec\SYMEVENT.SYS
01:04:24:906 2168 SYMREDRV (792cd16e3a656b5c0ec060e9ca490178) C:\WINDOWS\system32\Drivers\SYMREDRV.SYS
01:04:24:906 2168 SYMTDI (1fcd26286eeba109aa2890a7b4745424) C:\WINDOWS\system32\Drivers\SYMTDI.SYS
01:04:24:937 2168 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
01:04:24:953 2168 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:04:24:968 2168 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
01:04:25:000 2168 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
01:04:25:015 2168 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
01:04:25:046 2168 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
01:04:25:078 2168 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
01:04:25:109 2168 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
01:04:25:125 2168 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:04:25:140 2168 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:04:25:156 2168 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:04:25:187 2168 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
01:04:25:203 2168 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:04:25:234 2168 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:04:25:250 2168 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:04:25:281 2168 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
01:04:25:281 2168 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
01:04:25:312 2168 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
01:04:25:328 2168 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:04:25:359 2168 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
01:04:25:390 2168 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
01:04:25:406 2168 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:04:25:421 2168 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:04:25:437 2168
01:04:25:437 2168 Completed
01:04:25:437 2168
01:04:25:437 2168 Results:
01:04:25:437 2168 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
01:04:25:437 2168 File objects infected / cured / cured on reboot: 0 / 0 / 0
01:04:25:437 2168
01:04:25:437 2168 KLMD(ARK) unloaded successfully


#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:29 AM

Posted 19 June 2010 - 02:20 PM

Hi,


Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.






Go to Start => Run and copy/paste the following line and click OK.

cmd /c mbr.exe -t >log.txt&start log.txt

A log file opens. Please post the content to your reply.




  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemdrive%\*.sys /90 /md5
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 SoleX

SoleX
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 19 June 2010 - 06:23 PM

Hi Thomas,

Defogger did not ask me to reboot so i didn't, the rest went OK

Thanks

These are the log files


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A1D0570]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8a1d0570
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !



OTL logfile created on: 20-6-2010 9:13:33 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\MARTIN\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 25,80 Gb Free Space | 52,83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 195,32 Gb Total Space | 164,27 Gb Free Space | 84,10% Space Free | Partition Type: NTFS
Drive F: | 221,62 Gb Total Space | 200,38 Gb Free Space | 90,42% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FREBATIN
Current User Name: MARTIN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-06-20 09:11:33 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MARTIN\Bureaublad\OTL.exe
PRC - [2010-06-11 15:40:11 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010-04-18 23:16:27 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-02-05 11:48:17 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010-01-18 18:33:15 | 009,275,704 | ---- | M] (VoipCheapCom) -- C:\Program Files\VoipCheapCom\voipcheapcom.exe
PRC - [2009-11-13 21:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009-11-13 21:31:12 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009-03-05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008-08-14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008-08-14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008-08-14 17:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008-07-26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008-07-26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008-04-15 03:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-02-28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007-05-24 14:40:50 | 000,593,920 | ---- | M] (NetComm Limited ) -- C:\Program Files\NetComm\NP545\Installer\WINXP\NP545 Wireless Client Utility.exe
PRC - [2006-11-13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006-11-13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005-06-14 18:20:50 | 000,086,016 | ---- | M] (RME) -- C:\WINDOWS\system32\digi96.exe
PRC - [2003-10-24 14:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2002-08-19 22:22:38 | 000,050,880 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2002-08-14 06:03:00 | 000,135,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
PRC - [2002-08-14 06:00:00 | 000,172,065 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Speed Disk\NOPDB.EXE
PRC - [2002-08-08 22:40:02 | 000,308,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2001-02-17 23:35:08 | 000,046,496 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE


========== Modules (SafeList) ==========

MOD - [2010-06-20 09:11:33 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MARTIN\Bureaublad\OTL.exe
MOD - [2008-07-26 08:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll
MOD - [2008-04-15 03:01:18 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010-02-05 11:48:17 | 001,181,328 | ---- | M] (Lavasoft) [On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009-11-13 21:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008-07-26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008-07-26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2002-11-14 19:41:26 | 000,116,336 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2002-08-19 22:23:32 | 000,063,176 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2002-08-14 06:03:00 | 000,135,168 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2002-08-14 06:00:00 | 000,172,065 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Speed Disk\NOPDB.EXE -- (Speed Disk service)
SRV - [2002-08-08 22:40:02 | 000,308,936 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2001-08-13 23:18:36 | 000,054,408 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe -- (SBService)


========== Driver Services (SafeList) ==========

DRV - [2010-05-12 18:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100609.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010-05-12 18:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100609.003\NAVENG.SYS -- (NAVENG)
DRV - [2010-05-11 04:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-04-07 12:42:04 | 004,687,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010-02-18 04:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009-09-23 22:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009-08-19 22:05:56 | 000,100,368 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009-03-12 23:24:06 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008-07-27 04:30:30 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sensorsview32.sys -- (sensorsview32)
DRV - [2008-07-27 01:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008-07-27 01:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008-07-27 01:22:34 | 002,570,520 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008-07-27 01:22:22 | 000,013,848 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008-07-26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008-04-14 04:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Stuurprogramma voor USB-audio (WDM)
DRV - [2008-04-14 02:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-02-14 19:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-01-04 00:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007-08-24 13:22:56 | 005,776,928 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006-01-12 19:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005-07-21 17:55:26 | 000,048,768 | ---- | M] (RME) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\digi96.sys -- (digi96)
DRV - [2003-10-02 03:16:48 | 000,119,552 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pnpshark.sys -- (pnpshark)
DRV - [2003-09-27 14:37:16 | 000,005,504 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\st3shark.sys -- (st3shark)
DRV - [2003-09-18 13:47:56 | 000,035,552 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SAVRTPEL.SYS -- (SAVRTPEL)
DRV - [2003-09-18 13:47:48 | 000,235,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SAVRT.SYS -- (SAVRT)
DRV - [2002-09-16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2002-08-29 02:41:02 | 000,073,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2002-08-15 17:45:42 | 000,181,400 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2002-08-15 17:45:36 | 000,015,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2002-08-14 06:03:00 | 000,034,578 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [1996-04-04 05:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.symbaloo.com/nl/#"
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: symbaloo-ff-extension@symbaloo.com:0.95
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-05-23 15:27:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-05-10 01:51:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-05-03 11:47:56 | 000,000,000 | ---D | M]

[2010-03-04 23:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Extensions
[2010-03-04 23:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009-03-14 01:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\9ehs1fqk.default\extensions
[2009-03-14 01:02:32 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\9ehs1fqk.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009-03-14 01:02:32 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\9ehs1fqk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010-06-20 01:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\extensions
[2010-05-28 10:08:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-04-14 22:04:00 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009-06-06 16:35:51 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010-06-07 20:11:53 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009-07-27 17:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\extensions\symbaloo-ff-extension@symbaloo.com
[2009-07-27 17:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\extensions\symbaloo-ff-extension@symbaloo.com\chrome
[2009-07-27 17:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\extensions\symbaloo-ff-extension@symbaloo.com\defaults
[2008-06-22 14:10:10 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\searchplugins\wikipedia-en.xml
[2010-06-17 10:56:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-05-03 11:47:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010-06-17 10:21:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe (Symantec Corporation)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RMETray] C:\WINDOWS\System32\digi96.exe (RME)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [VoipCheapCom] C:\Program Files\VoipCheapCom\VoipCheapCom.exe (VoipCheapCom)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\NP545 Wireless Client Utility.lnk = C:\Program Files\NetComm\NP545\Installer\WINXP\NP545 Wireless Client Utility.exe (NetComm Limited )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1 10.1.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Ierland.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Ierland.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-03-12 22:53:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-03-13 06:37:32 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 90 Days ==========

[2010-06-20 09:12:03 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MARTIN\Bureaublad\OTL.exe
[2010-06-20 00:50:17 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\MARTIN\Bureaublad\TDSSKiller.exe
[2010-06-17 10:13:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-06-17 10:10:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-06-17 10:10:42 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-06-17 10:10:42 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-06-17 10:10:42 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-06-17 10:10:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-06-17 10:10:34 | 000,000,000 | ---D | C] -- C:\schrauber
[2010-06-17 10:08:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-06-05 12:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARTIN\Application Data\HPAppData
[2010-06-03 16:49:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARTIN\Mijn documenten\Mijn scanafbeeldingen
[2010-05-28 15:58:25 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010-05-28 11:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARTIN\Application Data\SUPERAntiSpyware.com
[2010-05-28 11:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010-05-28 11:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010-05-28 11:31:20 | 008,924,856 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\MARTIN\Bureaublad\SUPERAntiSpyware.exe
[2010-05-16 21:26:17 | 000,200,704 | R--- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\THREED32.OCX
[2010-05-16 21:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\HT Audio
[2010-05-03 11:48:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010-05-03 11:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010-05-03 10:31:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010-05-03 10:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010-05-03 10:31:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010-05-03 10:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010-05-02 22:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010-05-02 22:37:38 | 000,000,000 | ---D | C] -- C:\ATI
[2010-05-02 20:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARTIN\Local Settings\Application Data\ATI
[2010-05-02 20:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARTIN\Application Data\ATI
[2010-05-02 20:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2010-05-02 20:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2010-05-02 19:58:08 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010-05-02 19:57:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010-05-02 19:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010-04-25 18:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\DrumFlow
[2010-04-24 19:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\Proxima Controller
[2010-04-21 16:55:25 | 000,000,000 | ---D | C] -- C:\Program Files\ordrumbox
[2010-04-18 23:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARTIN\Application Data\Waves Audio
[2010-04-18 23:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\Waves
[2010-04-18 23:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Digidesign
[2010-04-17 16:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARTIN\Application Data\Lexicon PCM Native
[2010-04-17 16:17:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}
[2010-04-17 16:17:34 | 000,000,000 | ---D | C] -- C:\Program Files\Lexicon
[2010-04-17 15:12:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARTIN\Local Settings\Application Data\Xara
[2010-04-17 15:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2003-10-02 03:16:48 | 000,119,552 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\pnpshark.sys
[2003-09-27 14:37:16 | 000,005,504 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\st3shark.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010-06-20 09:11:33 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MARTIN\Bureaublad\OTL.exe
[2010-06-20 09:05:15 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\MARTIN\Bureaublad\Defogger.exe
[2010-06-20 09:04:15 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010-06-20 09:00:09 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-06-20 01:25:12 | 000,001,042 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-06-20 01:15:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010-06-20 01:15:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010-06-20 01:15:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010-06-20 01:15:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010-06-20 01:15:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010-06-20 00:53:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-06-20 00:53:18 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-06-20 00:53:08 | 000,000,968 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010-06-20 00:52:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-06-20 00:52:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-06-20 00:52:54 | 3219,640,320 | -HS- | M] () -- C:\hiberfil.sys
[2010-06-19 20:56:04 | 008,388,608 | -H-- | M] () -- C:\Documents and Settings\MARTIN\NTUSER.DAT
[2010-06-17 10:21:51 | 000,000,253 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-06-17 10:21:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-06-17 10:15:28 | 000,000,288 | -HS- | M] () -- C:\Documents and Settings\MARTIN\ntuser.ini
[2010-06-17 10:14:00 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010-06-17 09:57:20 | 003,713,237 | R--- | M] () -- C:\Documents and Settings\MARTIN\Bureaublad\schrauber.exe
[2010-06-16 11:42:16 | 000,003,994 | ---- | M] () -- C:\Documents and Settings\MARTIN\Bureaublad\Attach.zip
[2010-06-16 10:05:07 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\MARTIN\Bureaublad\dds.scr
[2010-06-11 16:31:12 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\MARTIN\defogger_reenable
[2010-06-11 11:50:39 | 001,053,806 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-06-11 11:50:39 | 000,499,226 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2010-06-11 11:50:39 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-06-11 11:50:39 | 000,086,256 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2010-06-11 11:50:39 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-06-11 11:37:01 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\MARTIN\Bureaublad\AIMP2.lnk
[2010-06-11 00:14:48 | 000,138,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-06-10 23:52:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-06-03 16:55:30 | 000,068,383 | ---- | M] () -- C:\Documents and Settings\MARTIN\Mijn documenten\Reisgegevens MB.pdf
[2010-05-31 10:41:12 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\MARTIN\Bureaublad\TDSSKiller.exe
[2010-05-28 17:30:32 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
[2010-05-28 16:05:57 | 041,783,824 | ---- | M] () -- C:\Documents and Settings\MARTIN\Bureaublad\5yfakv42.exe
[2010-05-28 11:32:51 | 000,001,688 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\SUPERAntiSpyware Free Edition.lnk
[2010-05-28 11:30:39 | 008,924,856 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\MARTIN\Bureaublad\SUPERAntiSpyware.exe
[2010-05-23 15:28:21 | 000,023,184 | ---- | M] () -- C:\WINDOWS\hpqins15.dat
[2010-05-23 02:33:56 | 000,001,925 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Google Earth.lnk
[2010-05-16 21:25:01 | 000,000,037 | ---- | M] () -- C:\WINDOWS\DAOCONV.T1C
[2010-05-03 11:11:23 | 000,022,376 | ---- | M] () -- C:\Documents and Settings\MARTIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010-05-02 20:13:33 | 001,639,420 | -H-- | M] () -- C:\Documents and Settings\MARTIN\Local Settings\Application Data\IconCache.db
[2010-05-02 19:38:10 | 000,000,010 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010-05-02 17:44:56 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\REAPER.lnk
[2010-04-30 21:21:29 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
[2010-04-30 17:07:49 | 000,393,104 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100525-191325.backup
[2010-04-30 15:41:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2010-04-26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010-04-25 18:35:20 | 000,001,572 | ---- | M] () -- C:\Documents and Settings\MARTIN\Bureaublad\DrumFlow v1.70.lnk
[2010-04-24 20:31:47 | 000,001,584 | ---- | M] () -- C:\Documents and Settings\MARTIN\Bureaublad\ordrumbox.lnk
[2010-04-24 20:26:48 | 000,000,713 | ---- | M] () -- C:\WINDOWS\Massiva.ini
[2010-04-22 15:36:08 | 000,021,816 | ---- | M] () -- C:\Documents and Settings\MARTIN\Application Data\GDIPFONTCACHEV1.DAT
[2010-04-22 12:06:31 | 000,000,768 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-04-17 15:51:08 | 000,000,049 | ---- | M] () -- C:\WINDOWS\SamControlpanel95.INI
[2010-04-17 15:12:28 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Samplitude 11.lnk
[2010-04-07 11:31:00 | 000,208,896 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010-04-07 11:30:44 | 000,155,648 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2010-04-07 11:30:32 | 000,026,112 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010-04-07 11:30:24 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010-04-07 11:27:44 | 000,471,136 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010-04-07 11:27:40 | 000,887,724 | ---- | M] () -- C:\WINDOWS\System32\ativva6x.dat
[2010-04-07 11:27:40 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System32\ativva5x.dat
[2010-04-07 11:26:52 | 000,038,400 | ---- | M] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010-04-01 19:34:28 | 000,020,862 | ---- | M] () -- C:\WINDOWS\atiogl.xml
[2010-03-30 12:57:00 | 001,731,481 | ---- | M] () -- C:\Documents and Settings\MARTIN\Mijn documenten\David Jetski Trailer.pdf
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-06-20 09:09:57 | 000,000,453 | ---- | C] () -- C:\Documents and Settings\MARTIN\mbr.log
[2010-06-20 09:09:57 | 000,000,453 | ---- | C] () -- C:\Documents and Settings\MARTIN\log.txt
[2010-06-17 10:14:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010-06-17 10:13:58 | 000,261,936 | ---- | C] () -- C:\cmldr
[2010-06-17 10:10:42 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-06-17 10:10:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-06-17 10:10:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-06-17 10:10:42 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-06-17 10:10:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-06-17 10:00:18 | 003,713,237 | R--- | C] () -- C:\Documents and Settings\MARTIN\Bureaublad\schrauber.exe
[2010-06-16 11:42:16 | 000,003,994 | ---- | C] () -- C:\Documents and Settings\MARTIN\Bureaublad\Attach.zip
[2010-06-16 11:17:11 | 3219,640,320 | -HS- | C] () -- C:\hiberfil.sys
[2010-06-16 10:05:03 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\MARTIN\Bureaublad\dds.scr
[2010-06-11 16:31:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\MARTIN\defogger_reenable
[2010-06-11 16:25:14 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\MARTIN\Bureaublad\Defogger.exe
[2010-06-03 16:55:29 | 000,068,383 | ---- | C] () -- C:\Documents and Settings\MARTIN\Mijn documenten\Reisgegevens MB.pdf
[2010-05-28 12:34:33 | 041,783,824 | ---- | C] () -- C:\Documents and Settings\MARTIN\Bureaublad\5yfakv42.exe
[2010-05-28 11:32:51 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\SUPERAntiSpyware Free Edition.lnk
[2010-05-23 15:26:57 | 000,023,184 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010-05-23 02:33:56 | 000,001,925 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Google Earth.lnk
[2010-05-16 21:26:17 | 000,270,344 | ---- | C] () -- C:\WINDOWS\System32\Btn32x10.ocx
[2010-05-16 21:25:01 | 000,000,037 | ---- | C] () -- C:\WINDOWS\DAOCONV.T1C
[2010-05-03 19:29:12 | 000,001,572 | ---- | C] () -- C:\Documents and Settings\MARTIN\Bureaublad\DrumFlow v1.70.lnk
[2010-05-02 22:40:06 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010-05-02 20:12:58 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-05-02 19:55:31 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010-05-02 19:55:25 | 000,007,167 | R--- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2010-05-02 19:55:23 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010-05-02 19:55:23 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010-05-02 19:55:22 | 000,202,234 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010-04-30 16:26:21 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010-04-30 15:41:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010-04-30 15:41:00 | 000,020,862 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2010-04-26 15:54:36 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\REAPER.lnk
[2010-04-24 20:31:47 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\MARTIN\Bureaublad\ordrumbox.lnk
[2010-04-24 19:33:37 | 000,000,713 | ---- | C] () -- C:\WINDOWS\Massiva.ini
[2010-04-17 15:51:08 | 000,000,049 | ---- | C] () -- C:\WINDOWS\SamControlpanel95.INI
[2010-04-17 15:12:28 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Samplitude 11.lnk
[2010-03-30 12:27:53 | 001,731,481 | ---- | C] () -- C:\Documents and Settings\MARTIN\Mijn documenten\David Jetski Trailer.pdf
[2010-02-06 01:30:59 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-08-31 22:33:38 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009-03-24 14:56:21 | 000,000,155 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-03-15 23:01:23 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2009-03-13 20:00:44 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2009-03-13 18:50:26 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-03-12 23:22:04 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2008-07-26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007-04-18 23:07:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2003-10-02 02:20:48 | 000,061,952 | ---- | C] () -- C:\WINDOWS\daemon.dll
[1996-04-04 05:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009-03-16 12:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010-03-04 23:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010-04-17 16:17:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}
[2009-10-27 11:40:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2010-04-15 13:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\AIMP
[2010-02-09 10:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\Auslogics
[2009-08-31 22:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\Leadertech
[2010-04-17 16:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\Lexicon PCM Native
[2010-04-26 15:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\REAPER
[2010-03-04 23:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\TomTom
[2009-09-17 22:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\Uniblue
[2010-02-11 12:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\uTorrent
[2009-05-14 22:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\VoipCheapCom
[2010-01-29 23:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\Vso
[2010-04-18 23:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\Waves Audio
[2010-06-20 01:15:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010-06-20 01:15:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010-06-20 01:15:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010-06-20 01:15:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010-06-20 01:15:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004-08-04 10:14:26 | 018,788,859 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009-03-17 09:29:11 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009-03-17 09:29:11 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008-04-14 04:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008-04-14 04:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-14 04:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004-08-04 10:14:26 | 018,788,859 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009-03-17 09:29:11 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009-03-17 09:29:11 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008-04-14 04:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008-04-14 04:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-14 04:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004-08-04 07:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008-04-15 03:02:25 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=CA64B9406EEDA4FFA2DAEAE1DABCCE42 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008-04-15 03:02:25 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=CA64B9406EEDA4FFA2DAEAE1DABCCE42 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-15 03:02:25 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=CA64B9406EEDA4FFA2DAEAE1DABCCE42 -- C:\WINDOWS\system32\eventlog.dll
[2004-08-04 10:03:10 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=F1720914CAB06FDE4BE250E3767713CF -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004-08-04 10:03:18 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=B3FDAC7A518B6B684BEFE792DC1DC560 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008-04-15 03:02:33 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E6A7071DF6855AB7CCCC220AC3AAD087 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008-04-15 03:02:33 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E6A7071DF6855AB7CCCC220AC3AAD087 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008-04-15 03:02:33 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E6A7071DF6855AB7CCCC220AC3AAD087 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008-04-15 03:02:33 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E6A7071DF6855AB7CCCC220AC3AAD087 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008-04-15 03:02:39 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=0E3B585761E23C1E35442E972B7E45F9 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008-04-15 03:02:39 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=0E3B585761E23C1E35442E972B7E45F9 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008-04-15 03:02:39 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=0E3B585761E23C1E35442E972B7E45F9 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008-04-15 03:02:39 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=0E3B585761E23C1E35442E972B7E45F9 -- C:\WINDOWS\system32\scecli.dll
[2004-08-04 10:03:22 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=5AE934F6837B5A583DED535C4BE5A804 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010-04-07 11:46:42 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009-03-13 06:39:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009-03-13 06:39:46 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009-03-13 06:39:46 | 000,425,984 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemdrive%\*.sys /90 /md5 >
[2010-06-20 00:52:54 | 3219,640,320 | -HS- | M] () Unable to obtain MD5 -- C:\hiberfil.sys
[2010-06-20 00:52:52 | 2145,386,496 | -HS- | M] () Unable to obtain MD5 -- C:\pagefile.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\MARTIN\Bureaublad\5yfakv42.exe:SummaryInformation
< End of report >


OTL Extras logfile created on: 20-6-2010 9:13:33 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\MARTIN\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 25,80 Gb Free Space | 52,83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 195,32 Gb Total Space | 164,27 Gb Free Space | 84,10% Space Free | Partition Type: NTFS
Drive F: | 221,62 Gb Total Space | 200,38 Gb Free Space | 90,42% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FREBATIN
Current User Name: MARTIN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [File Finder...] -- C:\Program Files\PowerDesk\pdfind.exe /PATH:%1 (Ontrack Data International, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VoipCheapCom\VoipCheapCom.exe" = C:\Program Files\VoipCheapCom\VoipCheapCom.exe:*:Enabled:VoipCheapCom -- (VoipCheapCom)
"C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter -- (Nero AG)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0323AE9F-5D24-46B4-8535-349128D482AE}" = NP545 Wireless Client Utility
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0B25271C-C90B-056F-B4B1-84DFCC905497}" = ATI Catalyst Install Manager
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{2090AAD2-D129-375A-8152-93AE4EBDEF11}" = ccc-core-static
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 20
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2DF9A978-DEA1-4433-805D-66790FC28C62}" = DAEMON Tools
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3B1BD294-2747-6271-6F47-82A640A3A9E9}" = Catalyst Control Center Localization All
"{43C3D832-AC96-463A-2003-1B8D1BFA252F}" = Norton SystemWorks 2003
"{4685E2C0-838E-2D49-E561-5870D57C2112}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56E4D082-46F8-99B4-4E43-C6B79677968F}" = Catalyst Control Center Graphics Previews Common
"{575471C8-A90D-9AEB-DD5F-D68D0536482A}" = ccc-utility
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6F3ECAC9-BB76-C8A8-8DFD-754633F965D1}" = Catalyst Control Center Core Implementation
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{872BD2A4-7CB6-4692-A74E-99ABA11DED75}" = RME DIGICheck
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{905D6E0C-B378-8CF8-0681-31F38D78E204}" = ccc-core-preinstall
"{9075FCA2-7B7E-46A3-841A-52519270C1B2}" = PowerQuest Drive Image 5.0
"{922D09F2-5A96-2ECB-BB71-493F23AD052B}" = Catalyst Control Center Graphics Light
"{9764B950-8667-4297-AF52-93D9A3354801}" = Proxima Controller
"{97882553-D37E-F980-1ED0-0748A550D912}" = Catalyst Control Center Graphics Full Existing
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional
"{AD4E589A-C44A-4498-A8AF-6AFF09E07901}" = Creative ZEN Neeon 2
"{AE0009FD-8F50-4565-835D-4432BD18D792}" = Samplitude 11
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF16488F-1EAB-5AF1-54D4-59BBAEFA4F48}" = Catalyst Control Center Graphics Full New
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B10949AD-0C3C-47e8-ADF7-441C1BB9F621}" = C4380
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4691C58-2A6A-4AFA-960E-AEB767639E44}" = PCM Native Reverb VST Plug-in
"{B661D1BD-5C0C-4EF1-A801-B5699AD41043}" = Nero 8 Essentials
"{B7FB6B99-C93C-4818-825B-37EF4B64C80C}" = PS_AIO_02_Software
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BDA128C9-66F5-46c9-A503-AA7098AF384F}" = C4380_Help
"{BEECCA33-C880-4648-A043-18614EE1249E}" = ATI AVIVO Codecs
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3308F5E-FAA9-4fc5-8975-800C36ECCEAC}" = C4380_doccd
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D25BDCF5-19F6-4d9e-B9C9-273FE81446C4}" = PS_AIO_02_ProductContext
"{D64BC2CF-0F12-47d7-B412-B4F3FD684253}" = HP Photosmart All-In-One Software 9.0
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FA930901-0E74-F94E-B36B-057B55194E00}" = Skins
"{FE2243EE-7C32-C90A-DDF8-75067F45A68D}" = Catalyst Control Center HydraVision Full
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AIMP2" = AIMP2
"AIMP2at" = AIMP2: Audio Tools
"BassBox 6 Pro" = BassBox 6 Pro
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"DIGI96" = RME DIGI32, DIGI96 and Hammerfall Series
"Free DVD Creator (by minidvdsoft)_is1" = Free DVD Creator version 2.0
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Basic)
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Magic DVD Copier_is1" = Magic DVD Copier Version 4.9.3
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Norton Speed Disk" = Norton Speed Disk 7.0 for Windows NT
"Norton Utilities" = Norton Utilities 2003 for Windows
"ordrumbox_is1" = ordrumbox-0.9.00
"PCM Native Reverb VST Plug-in" = PCM Native Reverb VST Plug-in
"Picasa 3" = Picasa 3
"PowerDesk5.0" = PowerDesk 5.0
"QuickTime" = QuickTime
"REAPER" = REAPER
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"SensorsView Pro 3.2" = SensorsView Pro 3.2
"SysInfo" = Creative System Information
"TomTom HOME" = TomTom HOME 2.7.3.1894
"VoipCheapCom_is1" = VoipCheapCom
"Waves Mercury Bundle" = Waves Mercury Bundle
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6-2-2010 7:20:16 | Computer Name = FREBATIN | Source = Application Error | ID = 1000
Description = Vastgelopen toepassing: pdexplo.exe, versie: 5.0.1.2, vastgelopen
module: pdexplo.exe, versie: 5.0.1.2, vastgelopen op: 0x0002fd90.

Error - 6-2-2010 7:49:49 | Computer Name = FREBATIN | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: XYplorerFree.exe, versie: 5.55.0.0, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 6-2-2010 8:02:52 | Computer Name = FREBATIN | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: XYplorerFree.exe, versie: 5.55.0.0, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 6-2-2010 10:28:14 | Computer Name = FREBATIN | Source = Application Error | ID = 1000
Description = Vastgelopen toepassing: pdexplo.exe, versie: 5.0.1.2, vastgelopen
module: pdexplo.exe, versie: 5.0.1.2, vastgelopen op: 0x0002fd90.

Error - 4-3-2010 9:33:02 | Computer Name = FREBATIN | Source = TomTomHOMEService | ID = 10000
Description =

Error - 19-4-2010 11:49:29 | Computer Name = FREBATIN | Source = Application Error | ID = 1000
Description = Vastgelopen toepassing: reaper.exe, versie: 3.2.0.0, vastgelopen module:
waves5.0.dll, versie: 5.0.0.0, vastgelopen op: 0x00024a2a.

Error - 20-4-2010 3:45:52 | Computer Name = FREBATIN | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: Setup.exe, versie: 2.0.0.0, vastgelopen module:
hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 20-4-2010 3:54:06 | Computer Name = FREBATIN | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: Setup.exe, versie: 2.0.0.0, vastgelopen module:
hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 21-4-2010 1:11:55 | Computer Name = FREBATIN | Source = Application Error | ID = 1000
Description = Vastgelopen toepassing: reaper.exe, versie: 3.4.0.0, vastgelopen module:
reaper.exe, versie: 3.4.0.0, vastgelopen op: 0x0033e140.

Error - 28-4-2010 8:18:13 | Computer Name = FREBATIN | Source = Application Error | ID = 1000
Description = Vastgelopen toepassing: reaper.exe, versie: 3.4.5.1, vastgelopen module:
waves5.2.dll, versie: 5.2.0.0, vastgelopen op: 0x0002619a.

[ System Events ]
Error - 19-6-2010 19:04:12 | Computer Name = FREBATIN | Source = Service Control Manager | ID = 7001
Description = De Verbindingsbeheer voor RAS-service is afhankelijk van de Telephony-service,
die vanwege de volgende fout niet kan worden gestart: %%1058

Error - 19-6-2010 19:04:12 | Computer Name = FREBATIN | Source = Service Control Manager | ID = 7001
Description = De Verbindingsbeheer voor RAS-service is afhankelijk van de Telephony-service,
die vanwege de volgende fout niet kan worden gestart: %%1058

Error - 19-6-2010 19:04:12 | Computer Name = FREBATIN | Source = Service Control Manager | ID = 7001
Description = De Verbindingsbeheer voor RAS-service is afhankelijk van de Telephony-service,
die vanwege de volgende fout niet kan worden gestart: %%1058

Error - 19-6-2010 19:04:12 | Computer Name = FREBATIN | Source = Service Control Manager | ID = 7001
Description = De Verbindingsbeheer voor RAS-service is afhankelijk van de Telephony-service,
die vanwege de volgende fout niet kan worden gestart: %%1058

Error - 19-6-2010 19:04:13 | Computer Name = FREBATIN | Source = Service Control Manager | ID = 7001
Description = De Verbindingsbeheer voor RAS-service is afhankelijk van de Telephony-service,
die vanwege de volgende fout niet kan worden gestart: %%1058

Error - 19-6-2010 19:04:13 | Computer Name = FREBATIN | Source = Service Control Manager | ID = 7001
Description = De Verbindingsbeheer voor RAS-service is afhankelijk van de Telephony-service,
die vanwege de volgende fout niet kan worden gestart: %%1058

Error - 19-6-2010 19:04:13 | Computer Name = FREBATIN | Source = Service Control Manager | ID = 7001
Description = De Verbindingsbeheer voor RAS-service is afhankelijk van de Telephony-service,
die vanwege de volgende fout niet kan worden gestart: %%1058

Error - 19-6-2010 19:04:13 | Computer Name = FREBATIN | Source = Service Control Manager | ID = 7001
Description = De Verbindingsbeheer voor RAS-service is afhankelijk van de Telephony-service,
die vanwege de volgende fout niet kan worden gestart: %%1058

Error - 19-6-2010 19:05:15 | Computer Name = FREBATIN | Source = Service Control Manager | ID = 7001
Description = De Verbindingsbeheer voor RAS-service is afhankelijk van de Telephony-service,
die vanwege de volgende fout niet kan worden gestart: %%1058

Error - 19-6-2010 19:05:23 | Computer Name = FREBATIN | Source = Service Control Manager | ID = 7001
Description = De Verbindingsbeheer voor RAS-service is afhankelijk van de Telephony-service,
die vanwege de volgende fout niet kan worden gestart: %%1058


< End of report >







#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:29 AM

Posted 21 June 2010 - 05:53 AM

Hi,

You must first verify that you can logon to the Windows Recovery Console.
To do so, you must have the Recovery Console installed or use the Windows XP installation cd.

How to install and use the Windows XP Recovery Console


Restart the computer and logon to the Recovery Console.
Execute the following bolded command at the x:\windows> prompt <--- the red x represents your operating system drive letter, usually C

fixmbr


Please type exit, the system will reboot. Please repeat the last instructions.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 SoleX

SoleX
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 21 June 2010 - 09:35 AM

hi Tom,

I installed recovery console, did the previous instructions.

This time there was no extra.txt after running OTL

Here are the logs:


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A16A460]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8a16a460
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !




OTL logfile created on: 22-6-2010 0:21:05 - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\MARTIN\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 26,32 Gb Free Space | 53,91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 195,32 Gb Total Space | 164,27 Gb Free Space | 84,10% Space Free | Partition Type: NTFS
Drive F: | 221,62 Gb Total Space | 200,39 Gb Free Space | 90,42% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FREBATIN
Current User Name: MARTIN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-06-20 09:11:33 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MARTIN\Bureaublad\OTL.exe
PRC - [2010-04-18 23:16:27 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-01-18 18:33:15 | 009,275,704 | ---- | M] (VoipCheapCom) -- C:\Program Files\VoipCheapCom\voipcheapcom.exe
PRC - [2009-11-13 21:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009-11-13 21:31:12 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009-03-05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008-08-14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008-08-14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008-08-14 17:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008-07-26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008-07-26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008-04-15 03:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-02-28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007-05-24 14:40:50 | 000,593,920 | ---- | M] (NetComm Limited ) -- C:\Program Files\NetComm\NP545\Installer\WINXP\NP545 Wireless Client Utility.exe
PRC - [2006-11-13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006-11-13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005-06-14 18:20:50 | 000,086,016 | ---- | M] (RME) -- C:\WINDOWS\system32\digi96.exe
PRC - [2003-10-24 14:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2002-08-19 22:22:38 | 000,050,880 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2002-08-14 06:03:00 | 000,135,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
PRC - [2002-08-14 06:00:00 | 000,172,065 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Speed Disk\NOPDB.EXE
PRC - [2002-08-08 22:40:02 | 000,308,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe


========== Modules (SafeList) ==========

MOD - [2010-06-20 09:11:33 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MARTIN\Bureaublad\OTL.exe
MOD - [2008-07-26 08:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll
MOD - [2008-04-15 03:01:18 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010-02-05 11:48:17 | 001,181,328 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009-11-13 21:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008-07-26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008-07-26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2002-11-14 19:41:26 | 000,116,336 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2002-08-19 22:23:32 | 000,063,176 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2002-08-14 06:03:00 | 000,135,168 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2002-08-14 06:00:00 | 000,172,065 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Speed Disk\NOPDB.EXE -- (Speed Disk service)
SRV - [2002-08-08 22:40:02 | 000,308,936 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2001-08-13 23:18:36 | 000,054,408 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe -- (SBService)


========== Driver Services (SafeList) ==========

DRV - [2010-05-12 18:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100609.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010-05-12 18:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100609.003\NAVENG.SYS -- (NAVENG)
DRV - [2010-05-11 04:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-04-07 12:42:04 | 004,687,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010-02-18 04:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009-09-23 22:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009-08-19 22:05:56 | 000,100,368 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009-03-12 23:24:06 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008-07-27 04:30:30 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sensorsview32.sys -- (sensorsview32)
DRV - [2008-07-27 01:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008-07-27 01:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008-07-27 01:22:34 | 002,570,520 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008-07-27 01:22:22 | 000,013,848 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008-07-26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008-04-14 04:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Stuurprogramma voor USB-audio (WDM)
DRV - [2008-04-14 02:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-02-14 19:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-01-04 00:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007-08-24 13:22:56 | 005,776,928 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006-01-12 19:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005-07-21 17:55:26 | 000,048,768 | ---- | M] (RME) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\digi96.sys -- (digi96)
DRV - [2003-10-02 03:16:48 | 000,119,552 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pnpshark.sys -- (pnpshark)
DRV - [2003-09-27 14:37:16 | 000,005,504 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\st3shark.sys -- (st3shark)
DRV - [2003-09-18 13:47:56 | 000,035,552 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SAVRTPEL.SYS -- (SAVRTPEL)
DRV - [2003-09-18 13:47:48 | 000,235,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SAVRT.SYS -- (SAVRT)
DRV - [2002-09-16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2002-08-29 02:41:02 | 000,073,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2002-08-15 17:45:42 | 000,181,400 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2002-08-15 17:45:36 | 000,015,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2002-08-14 06:03:00 | 000,034,578 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [1996-04-04 05:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.symbaloo.com/nl/#"
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: symbaloo-ff-extension@symbaloo.com:0.95
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-05-23 15:27:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-05-10 01:51:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-05-03 11:47:56 | 000,000,000 | ---D | M]

[2010-03-04 23:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Extensions
[2010-03-04 23:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009-03-14 01:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\9ehs1fqk.default\extensions
[2009-03-14 01:02:32 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\9ehs1fqk.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009-03-14 01:02:32 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\9ehs1fqk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010-06-20 01:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\extensions
[2010-05-28 10:08:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-04-14 22:04:00 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009-06-06 16:35:51 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010-06-07 20:11:53 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009-07-27 17:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\extensions\symbaloo-ff-extension@symbaloo.com
[2009-07-27 17:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\extensions\symbaloo-ff-extension@symbaloo.com\chrome
[2009-07-27 17:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\extensions\symbaloo-ff-extension@symbaloo.com\defaults
[2008-06-22 14:10:10 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\searchplugins\wikipedia-en.xml
[2010-06-20 01:04:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-05-03 11:47:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010-06-17 10:21:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe (Symantec Corporation)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RMETray] C:\WINDOWS\System32\digi96.exe (RME)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [VoipCheapCom] C:\Program Files\VoipCheapCom\VoipCheapCom.exe (VoipCheapCom)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\NP545 Wireless Client Utility.lnk = C:\Program Files\NetComm\NP545\Installer\WINXP\NP545 Wireless Client Utility.exe (NetComm Limited )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Ierland.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Ierland.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-03-12 22:53:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-03-13 06:37:32 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 90 Days ==========

[2010-06-21 23:55:14 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-06-21 23:55:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2010-06-21 23:54:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2010-06-20 09:12:03 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MARTIN\Bureaublad\OTL.exe
[2010-06-20 00:50:17 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\MARTIN\Bureaublad\TDSSKiller.exe
[2010-06-17 10:10:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-06-17 10:10:42 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-06-17 10:10:42 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-06-17 10:10:42 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-06-17 10:10:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-06-17 10:10:34 | 000,000,000 | ---D | C] -- C:\schrauber
[2010-06-17 10:08:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-06-05 12:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARTIN\Application Data\HPAppData
[2010-06-03 16:49:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARTIN\Mijn documenten\Mijn scanafbeeldingen
[2010-05-28 15:58:25 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010-05-28 11:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARTIN\Application Data\SUPERAntiSpyware.com
[2010-05-28 11:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010-05-28 11:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010-05-28 11:31:20 | 008,924,856 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\MARTIN\Bureaublad\SUPERAntiSpyware.exe
[2010-05-16 21:26:17 | 000,200,704 | R--- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\THREED32.OCX
[2010-05-16 21:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\HT Audio
[2010-05-03 11:48:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010-05-03 11:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010-05-03 10:31:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010-05-03 10:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010-05-03 10:31:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010-05-03 10:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010-05-02 22:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010-05-02 22:37:38 | 000,000,000 | ---D | C] -- C:\ATI
[2010-05-02 20:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARTIN\Local Settings\Application Data\ATI
[2010-05-02 20:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARTIN\Application Data\ATI
[2010-05-02 20:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2010-05-02 20:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2010-05-02 19:58:08 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010-05-02 19:57:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010-05-02 19:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010-04-25 18:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\DrumFlow
[2010-04-24 19:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\Proxima Controller
[2010-04-21 16:55:25 | 000,000,000 | ---D | C] -- C:\Program Files\ordrumbox
[2010-04-18 23:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARTIN\Application Data\Waves Audio
[2010-04-18 23:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\Waves
[2010-04-18 23:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Digidesign
[2010-04-17 16:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARTIN\Application Data\Lexicon PCM Native
[2010-04-17 16:17:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}
[2010-04-17 16:17:34 | 000,000,000 | ---D | C] -- C:\Program Files\Lexicon
[2010-04-17 15:12:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARTIN\Local Settings\Application Data\Xara
[2010-04-17 15:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2003-10-02 03:16:48 | 000,119,552 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\pnpshark.sys
[2003-09-27 14:37:16 | 000,005,504 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\st3shark.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010-06-22 00:12:57 | 000,000,968 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010-06-22 00:12:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-06-22 00:12:56 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-06-22 00:12:56 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010-06-22 00:12:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-06-22 00:12:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-06-22 00:12:44 | 3219,640,320 | -HS- | M] () -- C:\hiberfil.sys
[2010-06-22 00:00:42 | 008,388,608 | -H-- | M] () -- C:\Documents and Settings\MARTIN\NTUSER.DAT
[2010-06-22 00:00:39 | 000,000,288 | -HS- | M] () -- C:\Documents and Settings\MARTIN\ntuser.ini
[2010-06-21 23:55:32 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010-06-21 23:49:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010-06-21 23:49:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010-06-21 23:49:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010-06-21 23:49:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010-06-21 23:49:31 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010-06-21 07:25:05 | 000,001,042 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-06-20 09:11:33 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MARTIN\Bureaublad\OTL.exe
[2010-06-20 09:05:15 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\MARTIN\Bureaublad\Defogger.exe
[2010-06-20 09:00:09 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-06-17 10:21:51 | 000,000,253 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-06-17 10:21:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-06-17 10:14:00 | 000,000,281 | RHS- | M] () -- C:\Boot.bak
[2010-06-17 09:57:20 | 003,713,237 | R--- | M] () -- C:\Documents and Settings\MARTIN\Bureaublad\schrauber.exe
[2010-06-16 11:42:16 | 000,003,994 | ---- | M] () -- C:\Documents and Settings\MARTIN\Bureaublad\Attach.zip
[2010-06-16 10:05:07 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\MARTIN\Bureaublad\dds.scr
[2010-06-11 16:31:12 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\MARTIN\defogger_reenable
[2010-06-11 11:50:39 | 001,053,806 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-06-11 11:50:39 | 000,499,226 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2010-06-11 11:50:39 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-06-11 11:50:39 | 000,086,256 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2010-06-11 11:50:39 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-06-11 11:37:01 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\MARTIN\Bureaublad\AIMP2.lnk
[2010-06-11 00:14:48 | 000,138,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-06-10 23:52:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-06-03 16:55:30 | 000,068,383 | ---- | M] () -- C:\Documents and Settings\MARTIN\Mijn documenten\Reisgegevens MB.pdf
[2010-05-31 10:41:12 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\MARTIN\Bureaublad\TDSSKiller.exe
[2010-05-28 17:30:32 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
[2010-05-28 16:05:57 | 041,783,824 | ---- | M] () -- C:\Documents and Settings\MARTIN\Bureaublad\5yfakv42.exe
[2010-05-28 11:32:51 | 000,001,688 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\SUPERAntiSpyware Free Edition.lnk
[2010-05-28 11:30:39 | 008,924,856 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\MARTIN\Bureaublad\SUPERAntiSpyware.exe
[2010-05-23 15:28:21 | 000,023,184 | ---- | M] () -- C:\WINDOWS\hpqins15.dat
[2010-05-23 02:33:56 | 000,001,925 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Google Earth.lnk
[2010-05-16 21:25:01 | 000,000,037 | ---- | M] () -- C:\WINDOWS\DAOCONV.T1C
[2010-05-03 11:11:23 | 000,022,376 | ---- | M] () -- C:\Documents and Settings\MARTIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010-05-02 20:13:33 | 001,639,420 | -H-- | M] () -- C:\Documents and Settings\MARTIN\Local Settings\Application Data\IconCache.db
[2010-05-02 19:38:10 | 000,000,010 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010-05-02 17:44:56 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\REAPER.lnk
[2010-04-30 21:21:29 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
[2010-04-30 17:07:49 | 000,393,104 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100525-191325.backup
[2010-04-30 15:41:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2010-04-26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010-04-25 18:35:20 | 000,001,572 | ---- | M] () -- C:\Documents and Settings\MARTIN\Bureaublad\DrumFlow v1.70.lnk
[2010-04-24 20:31:47 | 000,001,584 | ---- | M] () -- C:\Documents and Settings\MARTIN\Bureaublad\ordrumbox.lnk
[2010-04-24 20:26:48 | 000,000,713 | ---- | M] () -- C:\WINDOWS\Massiva.ini
[2010-04-22 15:36:08 | 000,021,816 | ---- | M] () -- C:\Documents and Settings\MARTIN\Application Data\GDIPFONTCACHEV1.DAT
[2010-04-22 12:06:31 | 000,000,768 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-04-17 15:51:08 | 000,000,049 | ---- | M] () -- C:\WINDOWS\SamControlpanel95.INI
[2010-04-17 15:12:28 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Samplitude 11.lnk
[2010-04-07 11:31:00 | 000,208,896 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010-04-07 11:30:44 | 000,155,648 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2010-04-07 11:30:32 | 000,026,112 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010-04-07 11:30:24 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010-04-07 11:27:44 | 000,471,136 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010-04-07 11:27:40 | 000,887,724 | ---- | M] () -- C:\WINDOWS\System32\ativva6x.dat
[2010-04-07 11:27:40 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System32\ativva5x.dat
[2010-04-07 11:26:52 | 000,038,400 | ---- | M] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010-04-01 19:34:28 | 000,020,862 | ---- | M] () -- C:\WINDOWS\atiogl.xml
[2010-03-30 12:57:00 | 001,731,481 | ---- | M] () -- C:\Documents and Settings\MARTIN\Mijn documenten\David Jetski Trailer.pdf
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-06-20 09:09:57 | 000,000,453 | ---- | C] () -- C:\Documents and Settings\MARTIN\mbr.log
[2010-06-20 09:09:57 | 000,000,453 | ---- | C] () -- C:\Documents and Settings\MARTIN\log.txt
[2010-06-17 10:14:00 | 000,000,281 | RHS- | C] () -- C:\Boot.bak
[2010-06-17 10:13:58 | 000,261,936 | RHS- | C] () -- C:\cmldr
[2010-06-17 10:10:42 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-06-17 10:10:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-06-17 10:10:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-06-17 10:10:42 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-06-17 10:10:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-06-17 10:00:18 | 003,713,237 | R--- | C] () -- C:\Documents and Settings\MARTIN\Bureaublad\schrauber.exe
[2010-06-16 11:42:16 | 000,003,994 | ---- | C] () -- C:\Documents and Settings\MARTIN\Bureaublad\Attach.zip
[2010-06-16 11:17:11 | 3219,640,320 | -HS- | C] () -- C:\hiberfil.sys
[2010-06-16 10:05:03 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\MARTIN\Bureaublad\dds.scr
[2010-06-11 16:31:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\MARTIN\defogger_reenable
[2010-06-11 16:25:14 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\MARTIN\Bureaublad\Defogger.exe
[2010-06-03 16:55:29 | 000,068,383 | ---- | C] () -- C:\Documents and Settings\MARTIN\Mijn documenten\Reisgegevens MB.pdf
[2010-05-28 12:34:33 | 041,783,824 | ---- | C] () -- C:\Documents and Settings\MARTIN\Bureaublad\5yfakv42.exe
[2010-05-28 11:32:51 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\SUPERAntiSpyware Free Edition.lnk
[2010-05-23 15:26:57 | 000,023,184 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010-05-23 02:33:56 | 000,001,925 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Google Earth.lnk
[2010-05-16 21:26:17 | 000,270,344 | ---- | C] () -- C:\WINDOWS\System32\Btn32x10.ocx
[2010-05-16 21:25:01 | 000,000,037 | ---- | C] () -- C:\WINDOWS\DAOCONV.T1C
[2010-05-03 19:29:12 | 000,001,572 | ---- | C] () -- C:\Documents and Settings\MARTIN\Bureaublad\DrumFlow v1.70.lnk
[2010-05-02 22:40:06 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010-05-02 20:12:58 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-05-02 19:55:31 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010-05-02 19:55:25 | 000,007,167 | R--- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2010-05-02 19:55:23 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010-05-02 19:55:23 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010-05-02 19:55:22 | 000,202,234 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010-04-30 16:26:21 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010-04-30 15:41:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010-04-30 15:41:00 | 000,020,862 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2010-04-26 15:54:36 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\REAPER.lnk
[2010-04-24 20:31:47 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\MARTIN\Bureaublad\ordrumbox.lnk
[2010-04-24 19:33:37 | 000,000,713 | ---- | C] () -- C:\WINDOWS\Massiva.ini
[2010-04-17 15:51:08 | 000,000,049 | ---- | C] () -- C:\WINDOWS\SamControlpanel95.INI
[2010-04-17 15:12:28 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Samplitude 11.lnk
[2010-03-30 12:27:53 | 001,731,481 | ---- | C] () -- C:\Documents and Settings\MARTIN\Mijn documenten\David Jetski Trailer.pdf
[2010-02-06 01:30:59 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-08-31 22:33:38 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009-03-24 14:56:21 | 000,000,155 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-03-15 23:01:23 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2009-03-13 20:00:44 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2009-03-13 18:50:26 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-03-12 23:22:04 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2008-07-26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007-04-18 23:07:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2003-10-02 02:20:48 | 000,061,952 | ---- | C] () -- C:\WINDOWS\daemon.dll
[1996-04-04 05:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009-03-16 12:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010-03-04 23:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010-04-17 16:17:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}
[2009-10-27 11:40:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2010-04-15 13:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\AIMP
[2010-02-09 10:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\Auslogics
[2009-08-31 22:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\Leadertech
[2010-04-17 16:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\Lexicon PCM Native
[2010-04-26 15:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\REAPER
[2010-03-04 23:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\TomTom
[2009-09-17 22:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\Uniblue
[2010-02-11 12:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\uTorrent
[2009-05-14 22:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\VoipCheapCom
[2010-01-29 23:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\Vso
[2010-04-18 23:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARTIN\Application Data\Waves Audio
[2010-06-21 23:49:31 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010-06-21 23:49:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010-06-21 23:49:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010-06-21 23:49:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010-06-21 23:49:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004-08-04 10:14:26 | 018,788,859 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009-03-17 09:29:11 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009-03-17 09:29:11 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008-04-14 04:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008-04-14 04:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-14 04:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004-08-04 10:14:26 | 018,788,859 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009-03-17 09:29:11 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009-03-17 09:29:11 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008-04-14 04:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008-04-14 04:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-14 04:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004-08-04 07:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008-04-15 03:02:25 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=CA64B9406EEDA4FFA2DAEAE1DABCCE42 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008-04-15 03:02:25 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=CA64B9406EEDA4FFA2DAEAE1DABCCE42 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-15 03:02:25 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=CA64B9406EEDA4FFA2DAEAE1DABCCE42 -- C:\WINDOWS\system32\eventlog.dll
[2004-08-04 10:03:10 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=F1720914CAB06FDE4BE250E3767713CF -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004-08-04 10:03:18 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=B3FDAC7A518B6B684BEFE792DC1DC560 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008-04-15 03:02:33 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E6A7071DF6855AB7CCCC220AC3AAD087 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008-04-15 03:02:33 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E6A7071DF6855AB7CCCC220AC3AAD087 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008-04-15 03:02:33 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E6A7071DF6855AB7CCCC220AC3AAD087 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008-04-15 03:02:33 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E6A7071DF6855AB7CCCC220AC3AAD087 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008-04-15 03:02:39 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=0E3B585761E23C1E35442E972B7E45F9 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008-04-15 03:02:39 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=0E3B585761E23C1E35442E972B7E45F9 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008-04-15 03:02:39 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=0E3B585761E23C1E35442E972B7E45F9 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008-04-15 03:02:39 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=0E3B585761E23C1E35442E972B7E45F9 -- C:\WINDOWS\system32\scecli.dll
[2004-08-04 10:03:22 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=5AE934F6837B5A583DED535C4BE5A804 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010-04-07 11:46:42 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009-03-13 06:39:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009-03-13 06:39:46 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009-03-13 06:39:46 | 000,425,984 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemdrive%\*.sys /90 /md5 >
[2010-06-22 00:12:44 | 3219,640,320 | -HS- | M] () Unable to obtain MD5 -- C:\hiberfil.sys
[2010-06-22 00:12:42 | 2145,386,496 | -HS- | M] () Unable to obtain MD5 -- C:\pagefile.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\MARTIN\Bureaublad\5yfakv42.exe:SummaryInformation
< End of report >



#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:29 AM

Posted 23 June 2010 - 03:37 PM

Hi,

Please delete your copy of Combofix and download a fresh one, let it run and post back with the logfile.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 SoleX

SoleX
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 24 June 2010 - 06:12 AM

Hi Tom,

Hope you are well.
Had a message "Combofix found a rootkit, system needs restart" or something like that.
Windows is telling me it has updates ready to install, should I wait with that until we're done?

Here is the log.

Thanks again, good luck with the Mannschaft if you follow sports!

Martin



ComboFix 10-06-23.03 - MARTIN 24-06-2010 20:48:05.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3070.2665 [GMT 10:00]
Gestart vanuit: c:\documents and settings\MARTIN\Bureaublad\schrauber.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2010-05-24 to 2010-06-24 ))))))))))))))))))))))))))))))
.

2010-06-17 00:10 . 2010-06-17 00:23 -------- d-----w- C:\schrauber
2010-06-10 12:38 . 2010-05-06 10:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-07 10:11 . 2010-05-23 07:50 73216 ----a-w- c:\documents and settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
2010-06-07 10:11 . 2010-04-18 04:33 307200 ----a-w- c:\documents and settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2010-06-07 10:11 . 2010-04-18 04:33 172032 ----a-w- c:\documents and settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2010-06-05 02:36 . 2010-06-05 02:36 -------- d-----w- c:\documents and settings\MARTIN\Application Data\HPAppData
2010-05-28 11:43 . 2010-05-28 11:43 -------- d-sh--w- c:\documents and settings\Administrator.FREBATIN\PrivacIE
2010-05-28 07:36 . 2010-05-28 08:18 -------- d-----w- c:\documents and settings\Administrator.FREBATIN\DoctorWeb
2010-05-28 06:13 . 2010-06-11 05:37 63488 ----a-w- c:\documents and settings\Administrator.FREBATIN\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-28 06:13 . 2010-05-28 06:13 52224 ----a-w- c:\documents and settings\Administrator.FREBATIN\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-28 06:13 . 2010-06-11 05:37 117760 ----a-w- c:\documents and settings\Administrator.FREBATIN\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-28 06:13 . 2010-05-28 06:13 -------- d-----w- c:\documents and settings\Administrator.FREBATIN\Application Data\SUPERAntiSpyware.com
2010-05-28 06:02 . 2010-05-28 06:02 22376 ----a-w- c:\documents and settings\Administrator.FREBATIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-28 01:35 . 2010-06-07 11:19 63488 ----a-w- c:\documents and settings\MARTIN\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-28 01:35 . 2010-05-28 01:35 52224 ----a-w- c:\documents and settings\MARTIN\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-28 01:35 . 2010-06-07 11:19 117760 ----a-w- c:\documents and settings\MARTIN\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-28 01:32 . 2010-05-28 01:32 -------- d-----w- c:\documents and settings\MARTIN\Application Data\SUPERAntiSpyware.com
2010-05-28 01:32 . 2010-05-28 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-28 01:32 . 2010-06-11 05:40 -------- d-----w- c:\program files\SUPERAntiSpyware

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-21 14:14 . 2009-03-13 08:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-19 23:00 . 2010-05-02 10:12 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-11 14:53 . 2009-03-13 02:34 -------- d-----w- c:\program files\Drive Image 5.0
2010-06-11 01:50 . 2002-09-11 12:00 86256 ----a-w- c:\windows\system32\perfc013.dat
2010-06-11 01:50 . 2002-09-11 12:00 499226 ----a-w- c:\windows\system32\perfh013.dat
2010-06-11 01:37 . 2010-02-06 12:58 -------- d-----w- c:\program files\AIMP2
2010-05-31 04:01 . 2009-09-02 07:01 -------- d-----w- c:\documents and settings\MARTIN\Application Data\HpUpdate
2010-05-28 07:30 . 2009-03-13 08:05 -------- d-----w- c:\program files\Norton SystemWorks
2010-05-25 07:34 . 2009-03-16 13:33 -------- d-----w- c:\documents and settings\MARTIN\Application Data\AdobeUM
2010-05-23 05:28 . 2010-05-23 05:26 23184 ----a-w- c:\windows\hpqins15.dat
2010-05-23 05:27 . 2009-03-15 13:19 -------- d-----w- c:\program files\HP
2010-05-23 02:13 . 2010-05-23 02:13 503808 ----a-w- c:\documents and settings\MARTIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5255b16a-n\msvcp71.dll
2010-05-23 02:13 . 2010-05-23 02:13 499712 ----a-w- c:\documents and settings\MARTIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5255b16a-n\jmc.dll
2010-05-23 02:13 . 2010-05-23 02:13 348160 ----a-w- c:\documents and settings\MARTIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5255b16a-n\msvcr71.dll
2010-05-23 02:13 . 2010-05-23 02:13 61440 ----a-w- c:\documents and settings\MARTIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6cd83a72-n\decora-sse.dll
2010-05-23 02:13 . 2010-05-23 02:13 12800 ----a-w- c:\documents and settings\MARTIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6cd83a72-n\decora-d3d.dll
2010-05-22 16:33 . 2009-05-15 14:24 -------- d-----w- c:\program files\Google
2010-05-16 12:10 . 2010-05-16 11:26 -------- d-----w- c:\program files\HT Audio
2010-05-06 10:37 . 2004-08-04 00:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-03 01:48 . 2010-05-03 01:48 503808 ----a-w- c:\documents and settings\MARTIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-100ccb30-n\msvcp71.dll
2010-05-03 01:48 . 2010-05-03 01:48 499712 ----a-w- c:\documents and settings\MARTIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-100ccb30-n\jmc.dll
2010-05-03 01:48 . 2010-05-03 01:48 348160 ----a-w- c:\documents and settings\MARTIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-100ccb30-n\msvcr71.dll
2010-05-03 01:48 . 2010-05-03 01:48 61440 ----a-w- c:\documents and settings\MARTIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-30cd5a2d-n\decora-sse.dll
2010-05-03 01:48 . 2010-05-03 01:48 12800 ----a-w- c:\documents and settings\MARTIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-30cd5a2d-n\decora-d3d.dll
2010-05-03 01:48 . 2010-05-03 01:48 -------- d-----w- c:\program files\Common Files\Java
2010-05-03 01:47 . 2009-05-15 13:40 -------- d-----w- c:\program files\Java
2010-05-03 01:11 . 2009-03-12 13:00 22376 ----a-w- c:\documents and settings\MARTIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-03 00:31 . 2010-05-03 00:31 -------- d-----w- c:\program files\MSBuild
2010-05-03 00:31 . 2010-05-03 00:31 -------- d-----w- c:\program files\Reference Assemblies
2010-05-02 12:39 . 2010-05-02 09:55 -------- d-----w- c:\program files\ATI Technologies
2010-05-02 12:39 . 2010-05-02 12:39 -------- d-----w- c:\program files\ATI
2010-05-02 10:32 . 2010-05-02 10:32 -------- d-----w- c:\documents and settings\MARTIN\Application Data\ATI
2010-05-02 10:32 . 2010-05-02 10:32 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-05-02 10:01 . 2010-05-02 10:01 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-05-02 09:55 . 2009-03-12 13:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-02 08:10 . 2004-08-03 23:56 1851392 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 07:44 . 2009-04-09 04:04 -------- d-----w- c:\program files\REAPER
2010-04-30 05:41 . 2010-04-30 05:41 0 ----a-w- c:\windows\ativpsrm.bin
2010-04-26 05:55 . 2009-04-09 04:04 -------- d-----w- c:\documents and settings\MARTIN\Application Data\REAPER
2010-04-24 09:57 . 2010-04-24 09:57 45056 ----a-r- c:\documents and settings\MARTIN\Application Data\Microsoft\Installer\{9764B950-8667-4297-AF52-93D9A3354801}\ProximaController.ex_9764B95086674297AF5293D9A3354801.exe
2010-04-24 09:57 . 2010-04-24 09:57 45056 ----a-r- c:\documents and settings\MARTIN\Application Data\Microsoft\Installer\{9764B950-8667-4297-AF52-93D9A3354801}\ARPPRODUCTICON.exe
2010-04-20 05:35 . 2004-08-04 00:01 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-14 09:00 . 2009-03-15 13:25 271704 ----a-w- c:\windows\system32\hpzids01.dll
2010-04-12 07:29 . 2010-05-03 01:47 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-07 02:42 . 2009-03-14 11:25 4687872 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-04-07 02:02 . 2009-10-02 02:27 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-04-07 02:02 . 2009-10-02 02:26 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-04-07 02:01 . 2010-05-02 09:55 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-04-07 02:00 . 2009-10-02 02:25 3981312 ----a-w- c:\windows\system32\aticaldd.dll
2010-04-07 01:52 . 2009-10-02 02:56 14356480 ----a-w- c:\windows\system32\atioglxx.dll
2010-04-07 01:46 . 2010-05-02 09:55 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-04-07 01:45 . 2008-04-14 17:02 300544 ----a-w- c:\windows\system32\ati2dvag.dll
2010-04-07 01:41 . 2008-04-14 17:02 3620288 ----a-w- c:\windows\system32\ati3duag.dll
2010-04-07 01:31 . 2009-10-02 03:17 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-04-07 01:30 . 2009-10-02 03:16 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-04-07 01:30 . 2009-10-02 03:16 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-04-07 01:30 . 2009-10-02 03:16 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-04-07 01:30 . 2009-10-02 03:16 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-04-07 01:28 . 2009-10-02 03:15 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-04-07 01:28 . 2008-04-14 17:02 2220928 ----a-w- c:\windows\system32\ativvaxx.dll
2010-04-07 01:27 . 2010-05-02 09:55 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-04-07 01:27 . 2010-05-02 09:55 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-04-07 01:27 . 2009-10-02 03:13 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-04-07 01:26 . 2010-05-02 12:40 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-04-07 01:23 . 2009-10-02 02:28 585728 ----a-w- c:\windows\system32\atikvmag.dll
2010-04-07 01:21 . 2009-10-02 02:24 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-04-07 01:21 . 2009-10-02 02:26 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-04-07 01:20 . 2009-10-02 02:25 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-04-07 01:15 . 2008-04-14 17:02 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-04-07 01:15 . 2009-10-02 02:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-04-07 01:14 . 2009-10-02 02:32 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-04-07 01:14 . 2009-10-02 02:32 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2003-10-01 16:20 . 2003-10-01 16:20 81920 ----a-w- c:\program files\daemon.exe
2002-05-23 01:55 . 2002-05-23 01:55 167936 ----a-w- c:\program files\pfctoc.dll
2009-03-13 08:07 . 2009-03-13 08:07 32 --sha-w- c:\windows\{1667505B-C946-46A1-9AD4-5AB452470B97}.dat
2009-03-13 08:06 . 2009-03-13 08:06 32 --sha-w- c:\windows\{2321F833-295D-4630-81CD-D7FB56203A24}.dat
2009-03-13 08:06 . 2009-03-13 08:06 32 --sha-w- c:\windows\{362EB219-A053-41BF-85C8-BD4178E3194D}.dat
2009-03-13 08:05 . 2009-03-13 08:05 32 --sha-w- c:\windows\{5CF71B1C-1582-4B4B-ABDD-FF6C54CCDAF1}.dat
2009-03-13 08:07 . 2009-03-13 08:07 32 --sha-w- c:\windows\system32\{7B313D51-29E3-4C3E-AEAE-C3661286E587}.dat
2009-03-13 08:05 . 2009-03-13 08:05 32 --sha-w- c:\windows\system32\{9F877B23-55E6-4E65-BC85-0D70FBC619F7}.dat
2009-03-13 08:06 . 2009-03-13 08:06 32 --sha-w- c:\windows\system32\{BA5B34F0-99DD-4D74-A976-1D36E3980706}.dat
2009-03-13 08:06 . 2009-03-13 08:06 32 --sha-w- c:\windows\system32\{D67AC808-6DD0-4E25-B83F-A1B61908AC75}.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-06-17_00.21.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-24 10:46 . 2010-06-24 10:46 16384 c:\windows\Temp\Perflib_Perfdata_61c.dat
+ 2010-06-21 13:49 . 2010-06-21 13:49 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-12 12:55 . 2010-05-25 06:08 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"VoipCheapCom"="c:\program files\VoipCheapCom\VoipCheapCom.exe" [2010-01-18 9275704]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-15 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-11 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"DAEMON Tools-1033"="c:\program files\daemon.exe" [2003-10-01 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 50880]
"ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 34504]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-03-25 570664]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"RMETray"="digi96.exe" [2005-06-14 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-01 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-06 54936]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-15 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NP545 Wireless Client Utility.lnk - c:\program files\NetComm\NP545\Installer\WINXP\NP545 Wireless Client Utility.exe [2009-3-15 593920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"=digi96.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
m‘|\ü [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-02-26 04:08 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-03-25 04:33 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipCheapCom]
2010-01-18 08:33 9275704 ----a-w- c:\program files\VoipCheapCom\voipcheapcom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UPS"=3 (0x3)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"NeroRegInCDSrv"=2 (0x2)
"LightScribeService"=2 (0x2)
"InCDsrv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21-9-2009 11:58 64288]
R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [2-10-2003 3:16 119552]
R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [27-9-2003 14:37 5504]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [18-2-2010 4:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11-5-2010 4:41 67656]
R2 digi96;RME Digi Audio Device;c:\windows\system32\drivers\digi96.sys [11-9-2009 14:43 48768]
R2 NProtectService;Norton Unerase Protection;c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [13-3-2009 18:06 135168]
R2 sensorsview32;sensorsview32;c:\windows\system32\drivers\sensorsview32.sys [13-3-2009 19:49 14416]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13-11-2009 21:31 92008]
S2 gupdate1c9d56e4dfc7ca2;Google Updateservice (gupdate1c9d56e4dfc7ca2);c:\program files\Google\Update\GoogleUpdate.exe [16-5-2009 1:03 133104]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24-9-2009 21:17 1181328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 04:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map

2010-06-21 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 01:48]

2010-06-21 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 01:48]

2010-06-23 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 01:48]

2010-06-21 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 01:48]

2010-06-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 01:48]

2010-06-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-15 14:59]

2010-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-15 15:03]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-15 15:03]

2010-04-30 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NORTON~1\NAVW32.exe [2002-08-19 09:31]

2010-05-28 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2002-08-28 14:53]

2010-06-24 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2009-03-13 23:04]
.
.
------- Bijkomende Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.symbaloo.com/nl/#
FF - component: c:\documents and settings\MARTIN\Application Data\Mozilla\Firefox\Profiles\cwo8a2co.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-24 20:51
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A2E2138]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf735dcb8
\Driver\atapi -> 0x8a2e2138
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{04C61962-5FC5-7F82-5D9A-777B412E0332}\InProcServer32*]
"jabecckdgjclbmmlhdpa"=hex:6a,61,61,66,6f,6e,69,67,69,62,6d,69,6c,6b,64,6a,65,
65,62,63,00,fa
"iabeicpccgocefgfdc"=hex:6a,61,61,66,61,6f,63,67,61,61,6e,65,65,67,6d,6d,69,69,
6d,65,00,f8
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(544)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Voltooingstijd: 2010-06-24 20:52:27
ComboFix-quarantined-files.txt 2010-06-24 10:52

Pre-Run: 27.993.841.664 bytes beschikbaar
Post-Run: 27.785.940.992 bytes beschikbaar

- - End Of File - - E76E36BCC3432E09321E0002F959A361


#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:29 AM

Posted 25 June 2010 - 12:56 PM

Hi,


You must first verify that you can logon to the Windows Recovery Console.
To do so, you must have the Recovery Console installed or use the Windows XP installation cd.

How to install and use the Windows XP Recovery Console


Next, please download maxlook, saving the file to your desktop.
Double click maxlook.exe to run it. Note - you must run it only once!
As instructed when the tool runs, restart the computer and logon to the Recovery Console.
Execute the following bolded command at the x:\windows> prompt <--- the red x represents your operating system drive letter, usually C

batch look.bat

You will see many files copied then return to the x:\windows> prompt.
Type Exit then restart your computer and logon in normal mode.
Please run maxlook.exe again now. Note - you must run it only once!
It will produce looklog.txt on the desktop and open it.
Please post the results here.

NEXT:

Once back in Windows, go to Start > Run, and copy/paste the following then press Enter.

maxlook -sig


Post the log in your next reply
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 SoleX

SoleX
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 25 June 2010 - 07:31 PM

Hi Tom,
Here are the 2 logs.

Thanks!

Run from C:\Documents and Settings\MARTIN\Bureaublad\maxlook.exe on za 26-06-2010 at 10:21:06,43

No infected file found




CODE
Run from C:\Documents and Settings\MARTIN\Bureaublad\maxlook.exe on za 26-06-2010 at 10:23:34,78

--------- maxlook unsigned files ---------

c:\windows\maxdrive\AegisP.sys:
    Verified:    Unsigned
    File date:    23:01 15-3-2009
    Publisher:    Meetinghouse Data Communications
    Description:    IEEE 802.1X Protocol Driver
    Product:    AEGIS Client 3.4.3.0
    Version:    3.4.3.0
    File version:    3.4.3.0
c:\windows\maxdrive\digi96.sys:
    Verified:    Unsigned
    File date:    17:55 21-7-2005
    Publisher:    RME
    Description:    DIGI32, 96 and Hammerfall series
    Product:    DIGI32, 96 and Hammerfall series
    Version:    2.11
    File version:    2.11 built by: WinDDK
c:\windows\maxdrive\kbfilter.sys:
    Verified:    Unsigned
    File date:    13:35 27-8-1999
    Publisher:    Waytech Development,inc.
    Description:    Keyboard filter driver
    Product:    NT5 Keyboard filter driver
    Version:    1.00
    File version:    1.00
c:\windows\maxdrive\NPDRIVER.SYS:
    Verified:    Unsigned
    File date:    6:03 14-8-2002
    Publisher:    Symantec Corporation
    Description:    Norton Protection Driver
    Product:    Norton Utilities
    Version:    16.00.0.22
    File version:    16.00.0.22
c:\windows\maxdrive\pcouffin.sys:
    Verified:    Unsigned
    File date:    23:22 29-1-2010
    Publisher:    VSO Software
    Description:    low level access layer for CD/DVD/BD devices
    Product:    Patin couffin engine
    Version:    1.37
    File version:    1.37
c:\windows\maxdrive\pnpshark.sys:
    Verified:    Unsigned
    File date:    3:16 2-10-2003
    Publisher:    
    Description:    PnP BIOS Extension
    Product:    
    Version:    3.41.0.0
    File version:    3.41.0.0 built by: WinDDK
c:\windows\maxdrive\PQNTDRV.sys:
    Verified:    Unsigned
    File date:    17:14 16-9-2002
    Publisher:    PowerQuest Corporation
    Description:    PowerQuest Boot Mode Driver.
    Product:    PowerQuest product
    Version:    8.00.000
    File version:    8.00.000
c:\windows\maxdrive\rt2500usb.SYS:
    Verified:    Unsigned
    File date:    19:50 17-10-2005
    Publisher:    Ralink Technology Inc.
    Description:    Sample Driver for Ralink 802.11g Wireless USB Adapters
    Product:    Ralink 802.11g Wireless USB Adapters
    Version:    2.01.00.0000
    File version:    2.01.00.0000
c:\windows\maxdrive\rt73.sys:
    Verified:    Unsigned
    File date:    19:46 12-1-2006
    Publisher:    Ralink Technology, Corp.
    Description:    Ralink 802.11 USB Wireless Adapter Driver
    Product:    Ralink 802.11 Wireless Adapters
    Version:    1.00.04.0000
    File version:    1.00.04.0000
c:\windows\maxdrive\st3shark.sys:
    Verified:    Unsigned
    File date:    14:37 27-9-2003
    Publisher:    
    Description:    SCSI miniport
    Product:    
    Version:    3.41.0.0
    File version:    3.41.0.0 built by: WinDDK

--------- system32\drivers unsigned files ---------

c:\windows\system32\drivers\AegisP.sys:
    Verified:    Unsigned
    File date:    23:01 15-3-2009
    Publisher:    Meetinghouse Data Communications
    Description:    IEEE 802.1X Protocol Driver
    Product:    AEGIS Client 3.4.3.0
    Version:    3.4.3.0
    File version:    3.4.3.0
c:\windows\system32\drivers\digi96.sys:
    Verified:    Unsigned
    File date:    17:55 21-7-2005
    Publisher:    RME
    Description:    DIGI32, 96 and Hammerfall series
    Product:    DIGI32, 96 and Hammerfall series
    Version:    2.11
    File version:    2.11 built by: WinDDK
c:\windows\system32\drivers\kbfilter.sys:
    Verified:    Unsigned
    File date:    13:35 27-8-1999
    Publisher:    Waytech Development,inc.
    Description:    Keyboard filter driver
    Product:    NT5 Keyboard filter driver
    Version:    1.00
    File version:    1.00
c:\windows\system32\drivers\NPDRIVER.SYS:
    Verified:    Unsigned
    File date:    6:03 14-8-2002
    Publisher:    Symantec Corporation
    Description:    Norton Protection Driver
    Product:    Norton Utilities
    Version:    16.00.0.22
    File version:    16.00.0.22
c:\windows\system32\drivers\pcouffin.sys:
    Verified:    Unsigned
    File date:    23:22 29-1-2010
    Publisher:    VSO Software
    Description:    low level access layer for CD/DVD/BD devices
    Product:    Patin couffin engine
    Version:    1.37
    File version:    1.37
c:\windows\system32\drivers\pnpshark.sys:
    Verified:    Unsigned
    File date:    3:16 2-10-2003
    Publisher:    
    Description:    PnP BIOS Extension
    Product:    
    Version:    3.41.0.0
    File version:    3.41.0.0 built by: WinDDK
c:\windows\system32\drivers\PQNTDRV.sys:
    Verified:    Unsigned
    File date:    17:14 16-9-2002
    Publisher:    PowerQuest Corporation
    Description:    PowerQuest Boot Mode Driver.
    Product:    PowerQuest product
    Version:    8.00.000
    File version:    8.00.000
c:\windows\system32\drivers\rt2500usb.SYS:
    Verified:    Unsigned
    File date:    19:50 17-10-2005
    Publisher:    Ralink Technology Inc.
    Description:    Sample Driver for Ralink 802.11g Wireless USB Adapters
    Product:    Ralink 802.11g Wireless USB Adapters
    Version:    2.01.00.0000
    File version:    2.01.00.0000
c:\windows\system32\drivers\rt73.sys:
    Verified:    Unsigned
    File date:    19:46 12-1-2006
    Publisher:    Ralink Technology, Corp.
    Description:    Ralink 802.11 USB Wireless Adapter Driver
    Product:    Ralink 802.11 Wireless Adapters
    Version:    1.00.04.0000
    File version:    1.00.04.0000
c:\windows\system32\drivers\st3shark.sys:
    Verified:    Unsigned
    File date:    14:37 27-9-2003
    Publisher:    
    Description:    SCSI miniport
    Product:    
    Version:    3.41.0.0
    File version:    3.41.0.0 built by: WinDDK






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users