Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Probably infected


  • This topic is locked This topic is locked
10 replies to this topic

#1 jbw92

jbw92

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 30 June 2010 - 04:22 PM

As per description can somebody please have a look at the log files as i think my computer is "infected".
When clicking on a search result from Google both Firefox and Internet Explorer crash.
When using Google Chrome all works well.
Also regularly the famous Blue Screen appears.



DDS (Ver_10-03-17.01) - NTFSx86
Run by Joop at 23:09:10,40 on wo 30-06-2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.2039.1362 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Joop\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Joop\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Joop\Downloads\BleepingComputer\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = www.google.nl
uDefault_Page_URL = www.google.nl
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Google Update] "c:\users\joop\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\joop\appdata\roaming\mozilla\firefox\profiles\v5guxluz.default\
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\joop\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\windows.old\program files\mozilla firefox\plugins\np_gp.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R1 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2010-5-25 46176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

=============== Created Last 30 ================

2010-06-30 21:08:10 0 ----a-w- c:\users\joop\defogger_reenable
2010-06-22 21:25:24 0 d-----w- c:\temp\temp
2010-06-08 17:04:29 0 d-s---w- C:\Combo-Fix
2010-06-07 19:33:16 0 d-----w- c:\users\joop\appdata\roaming\Malwarebytes
2010-06-07 19:33:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-07 19:33:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-07 19:33:04 0 d-----w- c:\programdata\Malwarebytes
2010-06-07 19:33:04 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-07 19:28:02 98816 ----a-w- c:\windows\sed.exe
2010-06-07 19:28:02 77312 ----a-w- c:\windows\MBR.exe
2010-06-07 19:28:02 256512 ----a-w- c:\windows\PEV.exe
2010-06-07 19:28:02 161792 ----a-w- c:\windows\SWREG.exe
2010-06-06 13:44:22 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-04 20:40:37 0 d-----w- c:\program files\NirSoft

==================== Find3M ====================

2010-06-23 21:05:32 693522 ----a-w- c:\windows\system32\perfh013.dat
2010-06-23 21:05:32 130894 ----a-w- c:\windows\system32\perfc013.dat
2010-05-30 21:24:45 3488 ------w- C:\bootsqm.dat
2010-05-25 20:00:54 46176 ----a-w- c:\windows\system32\drivers\WMDrive.sys
2010-04-10 22:22:50 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-04-09 20:48:18 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-03-16 20:41:33 233760 ----a-w- c:\program files\KMPlayer.exe
2009-07-14 08:27:10 43068 ----a-w- c:\windows\inf\perflib\0413\perfd.dat
2009-07-14 08:27:10 43068 ----a-w- c:\windows\inf\perflib\0413\perfc.dat
2009-07-14 08:27:10 341322 ----a-w- c:\windows\inf\perflib\0413\perfi.dat
2009-07-14 08:27:10 341322 ----a-w- c:\windows\inf\perflib\0413\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-02-25 20:30:51 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-02-25 20:30:52 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-02-25 20:09:34 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat
2010-02-25 20:09:34 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat
2010-02-25 20:09:34 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 23:10:41,35 ===============


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-30 23:21:05
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Joop\AppData\Local\Temp\kgndypob.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302EAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302E104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302E3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83016634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83016898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302E1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302E958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302E6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302EF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302F1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 82C498E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C693B2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 9176EC9D 28 Bytes [CF, 5C, F2, ED, 9A, 21, AC, ...]
.text peauth.sys 9176ECC1 28 Bytes [CF, 5C, F2, ED, 9A, 21, AC, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtCreateFile + 6 77464A16 4 Bytes [28, 00, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtCreateFile + B 77464A1B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtOpenFile + 6 77465126 4 Bytes [68, 00, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtOpenFile + B 7746512B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtOpenProcess + 6 774651D6 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtOpenProcess + B 774651DB 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtOpenProcessToken + B 774651EB 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtOpenProcessTokenEx + 6 774651F6 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtOpenProcessTokenEx + B 774651FB 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtOpenThread + 6 77465256 4 Bytes [68, 01, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtOpenThread + B 7746525B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtOpenThreadToken + 6 77465266 4 Bytes [68, 02, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtOpenThreadToken + B 7746526B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtOpenThreadTokenEx + B 7746527B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtQueryAttributesFile + 6 77465386 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtQueryAttributesFile + B 7746538B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtQueryFullAttributesFile + B 7746543B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtSetInformationFile + 6 77465A86 4 Bytes [28, 01, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtSetInformationFile + B 77465A8B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtSetInformationThread + 6 77465AE6 4 Bytes [28, 02, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtSetInformationThread + B 77465AEB 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtCreateFile + 6 77464A16 4 Bytes [28, 00, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtCreateFile + B 77464A1B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtOpenFile + 6 77465126 4 Bytes [68, 00, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtOpenFile + B 7746512B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtOpenProcess + 6 774651D6 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtOpenProcess + B 774651DB 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtOpenProcessToken + B 774651EB 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtOpenProcessTokenEx + 6 774651F6 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtOpenProcessTokenEx + B 774651FB 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtOpenThread + 6 77465256 4 Bytes [68, 01, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtOpenThread + B 7746525B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtOpenThreadToken + 6 77465266 4 Bytes [68, 02, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtOpenThreadToken + B 7746526B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtOpenThreadTokenEx + B 7746527B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtQueryAttributesFile + 6 77465386 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtQueryAttributesFile + B 7746538B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtQueryFullAttributesFile + B 7746543B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtSetInformationFile + 6 77465A86 4 Bytes [28, 01, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtSetInformationFile + B 77465A8B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtSetInformationThread + 6 77465AE6 4 Bytes [28, 02, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtSetInformationThread + B 77465AEB 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtCreateFile + 6 77464A16 4 Bytes [28, 00, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtCreateFile + B 77464A1B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtOpenFile + 6 77465126 4 Bytes [68, 00, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtOpenFile + B 7746512B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtOpenProcess + 6 774651D6 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtOpenProcess + B 774651DB 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtOpenProcessToken + B 774651EB 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtOpenProcessTokenEx + 6 774651F6 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtOpenProcessTokenEx + B 774651FB 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtOpenThread + 6 77465256 4 Bytes [68, 01, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtOpenThread + B 7746525B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtOpenThreadToken + 6 77465266 4 Bytes [68, 02, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtOpenThreadToken + B 7746526B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtOpenThreadTokenEx + B 7746527B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtQueryAttributesFile + 6 77465386 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtQueryAttributesFile + B 7746538B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtQueryFullAttributesFile + B 7746543B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtSetInformationFile + 6 77465A86 4 Bytes [28, 01, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtSetInformationFile + B 77465A8B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtSetInformationThread + 6 77465AE6 4 Bytes [28, 02, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtSetInformationThread + B 77465AEB 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtCreateFile + 6 77464A16 4 Bytes [28, 00, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtCreateFile + B 77464A1B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenFile + 6 77465126 4 Bytes [68, 00, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenFile + B 7746512B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcess + 6 774651D6 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcess + B 774651DB 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcessToken + B 774651EB 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcessTokenEx + 6 774651F6 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcessTokenEx + B 774651FB 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThread + 6 77465256 4 Bytes [68, 01, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThread + B 7746525B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThreadToken + 6 77465266 4 Bytes [68, 02, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThreadToken + B 7746526B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThreadTokenEx + B 7746527B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtQueryAttributesFile + 6 77465386 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtQueryAttributesFile + B 7746538B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtQueryFullAttributesFile + B 7746543B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtSetInformationFile + 6 77465A86 4 Bytes [28, 01, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtSetInformationFile + B 77465A8B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtSetInformationThread + 6 77465AE6 4 Bytes [28, 02, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtSetInformationThread + B 77465AEB 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtCreateFile + 6 77464A16 4 Bytes [28, 00, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtCreateFile + B 77464A1B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenFile + 6 77465126 4 Bytes [68, 00, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenFile + B 7746512B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenProcess + 6 774651D6 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenProcess + B 774651DB 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenProcessToken + B 774651EB 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenProcessTokenEx + 6 774651F6 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenProcessTokenEx + B 774651FB 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenThread + 6 77465256 4 Bytes [68, 01, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenThread + B 7746525B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenThreadToken + 6 77465266 4 Bytes [68, 02, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenThreadToken + B 7746526B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenThreadTokenEx + B 7746527B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtQueryAttributesFile + 6 77465386 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtQueryAttributesFile + B 7746538B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtQueryFullAttributesFile + B 7746543B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtSetInformationFile + 6 77465A86 4 Bytes [28, 01, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtSetInformationFile + B 77465A8B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtSetInformationThread + 6 77465AE6 4 Bytes [28, 02, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtSetInformationThread + B 77465AEB 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtCreateFile + 6 77464A16 4 Bytes [28, 00, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtCreateFile + B 77464A1B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenFile + 6 77465126 4 Bytes [68, 00, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenFile + B 7746512B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcess + 6 774651D6 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcess + B 774651DB 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcessToken + B 774651EB 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcessTokenEx + 6 774651F6 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcessTokenEx + B 774651FB 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThread + 6 77465256 4 Bytes [68, 01, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThread + B 7746525B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThreadToken + 6 77465266 4 Bytes [68, 02, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThreadToken + B 7746526B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThreadTokenEx + B 7746527B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtQueryAttributesFile + 6 77465386 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtQueryAttributesFile + B 7746538B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtQueryFullAttributesFile + B 7746543B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtSetInformationFile + 6 77465A86 4 Bytes [28, 01, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtSetInformationFile + B 77465A8B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtSetInformationThread + 6 77465AE6 4 Bytes [28, 02, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtSetInformationThread + B 77465AEB 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtCreateFile + 6 77464A16 4 Bytes [28, 00, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtCreateFile + B 77464A1B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtOpenFile + 6 77465126 4 Bytes [68, 00, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtOpenFile + B 7746512B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtOpenProcess + 6 774651D6 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtOpenProcess + B 774651DB 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtOpenProcessToken + B 774651EB 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtOpenProcessTokenEx + 6 774651F6 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtOpenProcessTokenEx + B 774651FB 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtOpenThread + 6 77465256 4 Bytes [68, 01, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtOpenThread + B 7746525B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtOpenThreadToken + 6 77465266 4 Bytes [68, 02, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtOpenThreadToken + B 7746526B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtOpenThreadTokenEx + B 7746527B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtQueryAttributesFile + 6 77465386 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtQueryAttributesFile + B 7746538B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtQueryFullAttributesFile + B 7746543B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtSetInformationFile + 6 77465A86 4 Bytes [28, 01, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtSetInformationFile + B 77465A8B 1 Byte [E2]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtSetInformationThread + 6 77465AE6 4 Bytes [28, 02, 06, 00]
.text C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe[3736] ntdll.dll!NtSetInformationThread + B 77465AEB 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 [83B4E472] \SystemRoot\system32\DRIVERS\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort0 [83B4E472] \SystemRoot\system32\DRIVERS\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort1 [83B4E472] \SystemRoot\system32\DRIVERS\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 [83B4E472] \SystemRoot\system32\DRIVERS\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC9 0x74 0x2E 0x8B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5A 0x51 0x30 0x70 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x21 0xA4 0xD5 0x34 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xD1 0x48 0x40 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xFC 0x37 0xB7 0xF9 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC9 0x74 0x2E 0x8B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5A 0x51 0x30 0x70 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x21 0xA4 0xD5 0x34 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xD1 0x48 0x40 0x58 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xFC 0x37 0xB7 0xF9 ...

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


Thanks for your time.
Joop

Attached Files



BC AdBot (Login to Remove)

 


#2 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:08:20 PM

Posted 04 July 2010 - 01:40 PM

Hi jbw92,

Welcome to Bleeping Computer!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

STEP 1 - MBAM

Note: In the event that you already have MBAM installed, you do not need to reinstall it. Simply Updating it and doing a Quickscan is sufficient.

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 2 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

STEP 3 - OTL

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • In the Custom Scans box, copy and paste the following:
    CODE
    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the files, and post it with your next reply.
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • GMER Log
  • OTL Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#3 jbw92

jbw92
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 11 July 2010 - 04:24 PM

Hi mpascal,

Thanks for the reply.
Awaiting your reply i found similar problems to mine and followed the instructions from your fellow problem fixers.
Not yet 100 percent sure the problems is fixed so following your instructions.

MBAM log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Databaseversie: 4303

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11-7-2010 22:23:23
mbam-log-2010-07-11 (22-23-23).txt

Scantype: Snelle scan
Objecten gescand: 153750
Verstreken tijd: 8 minuut/minuten, 31 seconde(n)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 0
Registerwaarden ge´nfecteerd: 0
Registerdata ge´nfecteerd: 0
Mappen ge´nfecteerd: 0
Bestanden ge´nfecteerd: 0

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

GMER log
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-11 22:59:39
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Joop\AppData\Local\Temp\kgndypob.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C38AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C38104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C383F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C20634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C20898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C381DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C38958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C386F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C38F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C391A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 82C8A8E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82CAA3B2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys A8C2BC9D 28 Bytes [5E, 17, 80, 09, 19, 30, 8E, ...]
.text peauth.sys A8C2BCC1 28 Bytes [5E, 17, 80, 09, 19, 30, 8E, ...]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC9 0x74 0x2E 0x8B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5A 0x51 0x30 0x70 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x21 0xA4 0xD5 0x34 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xD1 0x48 0x40 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xFC 0x37 0xB7 0xF9 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC9 0x74 0x2E 0x8B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5A 0x51 0x30 0x70 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x21 0xA4 0xD5 0x34 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xD1 0x48 0x40 0x58 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xFC 0x37 0xB7 0xF9 ...
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\249@DoneAddingCrawlSeeds 0

---- EOF - GMER 1.0.15 ----


OTL log:

OTL logfile created on: 11-7-2010 23:10:53 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Joop\Downloads\BleepingComputer
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,53 Gb Total Space | 6,28 Gb Free Space | 6,12% Space Free | Partition Type: NTFS
Drive D: | 7,70 Gb Total Space | 0,73 Gb Free Space | 9,50% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,23% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEBRUIK-HF773WL
Current User Name: Joop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Joop\Downloads\BleepingComputer\OTL.exe (OldTimer Tools)
PRC - C:\Users\Joop\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\totalcmd\TOTALCMD.EXE (Ghisler Software GmbH)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Joop\Downloads\BleepingComputer\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16400_none_4209f94e2b866170\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (WMDrive) -- C:\Windows\System32\drivers\WMDrive.sys (WinMount International Inc)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (e1express) Stuurprogramma voor Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.nl
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010-07-03 23:57:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010-07-03 23:59:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-06-03 22:04:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-06-06 15:44:22 | 000,000,000 | ---D | M]

[2010-02-28 12:58:42 | 000,000,000 | ---D | M] -- C:\Users\Joop\AppData\Roaming\mozilla\Extensions
[2010-04-11 22:13:02 | 000,000,000 | ---D | M] -- C:\Users\Joop\AppData\Roaming\mozilla\Firefox\Profiles\v5guxluz.default\extensions
[2010-07-10 00:09:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-06-06 15:44:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-06-06 15:44:09 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-04-01 19:27:57 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010-04-01 19:27:57 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010-04-01 19:27:57 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010-04-01 19:27:57 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2010-04-01 19:27:57 | 000,001,106 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2010-07-01 23:15:22 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2010-07-01 23:15:22 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2010-07-01 23:15:22 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 [2010-07-01 23:15:22 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2010-07-01 23:15:22 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2010-07-01 23:15:22 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2010-07-01 23:15:22 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 [2010-07-03 23:52:29 | 000,000,000 | ---D | M]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004-04-30 18:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{9d0f3611-270a-11df-a1a9-001a4b8e259a}\Shell - "" = AutoRun
O33 - MountPoints2\{9d0f3611-270a-11df-a1a9-001a4b8e259a}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010-07-10 00:21:31 | 000,000,000 | ---D | C] -- C:\Users\Joop\AppData\Local\Apple Computer
[2010-07-07 21:36:19 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010-07-05 23:02:13 | 000,000,000 | ---D | C] -- C:\Users\Joop\AppData\Local\AVG Security Toolbar
[2010-07-03 23:59:30 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010-07-03 23:59:28 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010-07-03 23:59:21 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010-07-03 23:59:14 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010-07-03 23:59:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010-07-03 23:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010-07-03 23:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010-07-03 23:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9

========== Files - Modified Within 30 Days ==========

[2010-07-11 23:02:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-07-11 23:02:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-07-11 22:51:26 | 001,835,008 | -HS- | M] () -- C:\Users\Joop\NTUSER.DAT
[2010-07-11 22:48:06 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3186177757-1330613218-4159779167-1004UA.job
[2010-07-11 22:02:52 | 000,001,008 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3186177757-1330613218-4159779167-1004Core.job
[2010-07-11 16:45:50 | 001,523,502 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010-07-11 16:45:50 | 000,693,522 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2010-07-11 16:45:50 | 000,607,728 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-07-11 16:45:50 | 000,130,894 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2010-07-11 16:45:50 | 000,104,106 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-07-11 15:07:12 | 061,877,765 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010-07-10 22:14:44 | 002,119,833 | -H-- | M] () -- C:\Users\Joop\AppData\Local\IconCache.db
[2010-07-05 23:37:07 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-07-05 23:37:07 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-07-04 22:17:54 | 000,011,123 | ---- | M] () -- C:\Users\Joop\Documents\Visa Schotland.xlsx
[2010-07-04 21:48:13 | 000,002,407 | ---- | M] () -- C:\Users\Joop\Desktop\Google Chrome.lnk
[2010-07-04 21:48:13 | 000,002,284 | ---- | M] () -- C:\Users\Joop\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010-07-03 23:59:32 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010-07-03 23:59:32 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010-07-03 23:59:30 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010-07-03 23:59:21 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010-07-03 23:59:16 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010-07-03 23:59:14 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010-07-01 23:37:18 | 000,000,036 | ---- | M] () -- C:\Users\Joop\AppData\Local\housecall.guid.cache
[2010-06-30 23:08:10 | 000,000,000 | ---- | M] () -- C:\Users\Joop\defogger_reenable

========== Files Created - No Company Name ==========

[2010-07-04 22:17:53 | 000,011,123 | ---- | C] () -- C:\Users\Joop\Documents\Visa Schotland.xlsx
[2010-07-03 23:59:32 | 000,001,821 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010-07-03 23:59:14 | 061,877,765 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010-07-03 23:59:14 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010-07-01 23:37:18 | 000,000,036 | ---- | C] () -- C:\Users\Joop\AppData\Local\housecall.guid.cache
[2010-06-30 23:08:10 | 000,000,000 | ---- | C] () -- C:\Users\Joop\defogger_reenable
[2010-03-14 17:34:24 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010-02-28 20:18:16 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009-09-30 13:55:09 | 000,122,880 | ---- | C] () -- C:\Windows\System32\UpOneLevel_3.0.dll
[2009-09-30 13:55:09 | 000,122,880 | ---- | C] () -- C:\Windows\System32\SelectAll_3.0.dll
[2009-07-14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009-07-14 01:36:08 | 000,193,024 | ---- | C] () -- C:\Windows\System32\sppcomapi.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009-06-10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009-09-30 14:00:14 | 000,383,582 | RHS- | M] () -- C:\bootmgr
[2010-02-25 21:46:29 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010-02-25 22:09:45 | 000,008,192 | ---- | M] () -- C:\bootsect.lxe.bak
[2009-06-10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008-03-21 17:18:23 | 000,000,929 | -H-- | M] () -- C:\descript.ion
[2010-02-25 22:09:45 | 000,383,592 | RHS- | M] () -- C:\gdrop
[2008-02-28 22:42:36 | 000,001,323 | ---- | M] () -- C:\hdd.log
[2008-03-20 22:25:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008-03-20 22:25:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008-02-20 23:25:28 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2008-02-20 23:25:28 | 000,005,120 | -H-- | M] () -- C:\ntuser.dat.LOG1
[2008-02-20 23:25:27 | 000,000,000 | -H-- | M] () -- C:\ntuser.dat.LOG2
[2008-02-20 23:25:28 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{3d69bb41-dff3-11dc-a226-001a4b8e259a}.TM.blf
[2008-02-20 23:25:28 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{3d69bb41-dff3-11dc-a226-001a4b8e259a}.TMContainer00000000000000000001.regtrans-ms
[2008-02-20 23:25:28 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{3d69bb41-dff3-11dc-a226-001a4b8e259a}.TMContainer00000000000000000002.regtrans-ms
[2008-02-20 23:25:28 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{3d69bb4d-dff3-11dc-a226-001a4b8e259a}.TM.blf
[2008-02-20 23:25:28 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{3d69bb4d-dff3-11dc-a226-001a4b8e259a}.TMContainer00000000000000000001.regtrans-ms
[2008-02-20 23:25:28 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{3d69bb4d-dff3-11dc-a226-001a4b8e259a}.TMContainer00000000000000000002.regtrans-ms
[2010-07-11 23:02:29 | 2138,365,952 | -HS- | M] () -- C:\pagefile.sys
[2010-07-03 15:51:36 | 000,058,256 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_03.07.2010_15.51.24_log.txt
[2010-07-03 22:19:36 | 000,057,312 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_03.07.2010_22.19.21_log.txt
[2010-02-25 22:09:45 | 000,171,136 | RHS- | M] () -- C:\xeldr

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2009-07-14 06:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009-07-14 06:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009-07-14 06:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009-09-30 14:01:25 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009-06-10 23:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2009-07-14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006-10-26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2009-07-14 03:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009-07-14 03:16:15 | 000,193,024 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\sppcomapi.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2009-09-30 13:59:55 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=C7B21BEF09EC7249556BEE19F9D314CB -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2009-07-14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2009-07-14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\System32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >


OTL Extras logfile created on: 11-7-2010 23:10:53 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Joop\Downloads\BleepingComputer
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,53 Gb Total Space | 6,28 Gb Free Space | 6,12% Space Free | Partition Type: NTFS
Drive D: | 7,70 Gb Total Space | 0,73 Gb Free Space | 9,50% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,23% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEBRUIK-HF773WL
Current User Name: Joop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\Irfanview\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Open Command Prompt Here] -- cmd.exe /T:4F /K cd %1 (Microsoft Corporation)
Directory [Prullenbak Legen] -- EMPTYRB.EXE ()
Directory [Prullenbak Openen] -- OPENRB.EXE ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1 -- [2010-07-01 23:15:22 | 000,000,000 | ---D | M]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1 -- [2010-07-01 23:15:22 | 000,000,000 | ---D | M]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1 -- [2010-07-01 23:15:22 | 000,000,000 | ---D | M]

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{60CF5852-3F59-4435-B612-C43DD554EE80}" = Fietsplanner 2009
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{95120000-00AF-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Dutch)
"{9578C0CD-8108-4379-9026-4601F59859A0}" = Google Earth Pro
"{ACAF8758-8B7C-40C0-AF43-897B3BB7D009}" = Windows 7 Manager
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Digital Editions" = Adobe Digital Editions
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"Hema Album Software Advanced_is1" = Hema Album Software Advanced
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"QuickPar" = QuickPar 0.9
"The KMPlayer" = The KMPlayer (remove only)
"uTorrent" = ÁTorrent
"WinMount3_is1" = WinMount V3.3.0524
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11-7-2010 9:39:14 | Computer Name = GEBRUIK-HF773WL | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Het uitpakken van een basislijst uit het CAB-bestand voor automatische
updates is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
met de fout: Een benodigd certificaat valt niet binnen de geldigheidsduur als gekeken
wordt naar de huidige systeemklok of de tijdstempel in het ondertekende bestand.
.

Error - 11-7-2010 9:53:58 | Computer Name = GEBRUIK-HF773WL | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Het uitpakken van een basislijst uit het CAB-bestand voor automatische
updates is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
met de fout: Een benodigd certificaat valt niet binnen de geldigheidsduur als gekeken
wordt naar de huidige systeemklok of de tijdstempel in het ondertekende bestand.
.

Error - 11-7-2010 14:48:44 | Computer Name = GEBRUIK-HF773WL | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Het uitpakken van een basislijst uit het CAB-bestand voor automatische
updates is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
met de fout: Een benodigd certificaat valt niet binnen de geldigheidsduur als gekeken
wordt naar de huidige systeemklok of de tijdstempel in het ondertekende bestand.
.

Error - 11-7-2010 15:18:42 | Computer Name = GEBRUIK-HF773WL | Source = EventSystem | ID = 4621
Description =

Error - 11-7-2010 15:51:22 | Computer Name = GEBRUIK-HF773WL | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Het uitpakken van een basislijst uit het CAB-bestand voor automatische
updates is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
met de fout: Een benodigd certificaat valt niet binnen de geldigheidsduur als gekeken
wordt naar de huidige systeemklok of de tijdstempel in het ondertekende bestand.
.

Error - 11-7-2010 16:07:34 | Computer Name = GEBRUIK-HF773WL | Source = Application Hang | ID = 1002
Description = Het programma TOTALCMD.EXE, versie 7.5.0.0 reageert niet meer op Windows
en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar
is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in
het Configuratiescherm. Proces-id: ffc Starttijd: 01cb20f8b318a42f Eindtijd: 38 Toepassingspad:
C:\totalcmd\TOTALCMD.EXE Rapport-id:

[ Media Center Events ]
Error - 14-4-2010 0:48:26 | Computer Name = GEBRUIK-HF773WL | Source = MCUpdate | ID = 0
Description = 6:48:26 - Kan Directory niet ophalen (Fout: De onderliggende verbinding
is gesloten: Kan geen vertrouwde relatie met het beveiligde SSL/TLS-kanaal maken.)


Error - 14-4-2010 0:49:18 | Computer Name = GEBRUIK-HF773WL | Source = MCUpdate | ID = 0
Description = 6:49:10 - Kan MCEClientUX niet ophalen (Fout: De onderliggende verbinding
is gesloten: Kan geen vertrouwde relatie met het beveiligde SSL/TLS-kanaal maken.)


Error - 14-4-2010 0:49:42 | Computer Name = GEBRUIK-HF773WL | Source = MCUpdate | ID = 0
Description = 6:49:36 - Kan Broadband niet ophalen (Fout: De onderliggende verbinding
is gesloten: Kan geen vertrouwde relatie met het beveiligde SSL/TLS-kanaal maken.)


Error - 22-6-2010 16:52:43 | Computer Name = GEBRUIK-HF773WL | Source = MCUpdate | ID = 0
Description = 22:52:42 - Fout bij verbinden met internet. 22:52:43 - Kan geen
contact maken met server..

Error - 22-6-2010 16:53:00 | Computer Name = GEBRUIK-HF773WL | Source = MCUpdate | ID = 0
Description = 22:52:53 - Fout bij verbinden met internet. 22:52:53 - Kan geen
contact maken met server..

Error - 22-6-2010 17:53:05 | Computer Name = GEBRUIK-HF773WL | Source = MCUpdate | ID = 0
Description = 23:53:05 - Fout bij verbinden met internet. 23:53:05 - Kan geen
contact maken met server..

Error - 22-6-2010 17:53:12 | Computer Name = GEBRUIK-HF773WL | Source = MCUpdate | ID = 0
Description = 23:53:10 - Fout bij verbinden met internet. 23:53:10 - Kan geen
contact maken met server..

[ System Events ]
Error - 30-6-2010 17:25:55 | Computer Name = GEBRUIK-HF773WL | Source = EventLog | ID = 6008
Description = De vorige afsluiting van het systeem om 23:23:26 op ?30-?6-?2010 is
onverwacht gebeurd.

Error - 30-6-2010 17:26:13 | Computer Name = GEBRUIK-HF773WL | Source = BugCheck | ID = 1001
Description =

Error - 1-7-2010 1:03:54 | Computer Name = GEBRUIK-HF773WL | Source = DCOM | ID = 10010
Description =

Error - 4-7-2010 10:42:42 | Computer Name = GEBRUIK-HF773WL | Source = Service Control Manager | ID = 7011
Description = Time-out (30000 seconden) tijdens het wachten op een reactie op een
transactie van deze service: ShellHWDetection.

Error - 6-7-2010 1:32:06 | Computer Name = GEBRUIK-HF773WL | Source = DCOM | ID = 10010
Description =

Error - 10-7-2010 3:24:15 | Computer Name = GEBRUIK-HF773WL | Source = EventLog | ID = 6008
Description = De vorige afsluiting van het systeem om 9:22:14 op ?10-?7-?2010 is
onverwacht gebeurd.

Error - 10-7-2010 14:20:51 | Computer Name = GEBRUIK-HF773WL | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 11-7-2010 16:47:43 | Computer Name = GEBRUIK-HF773WL | Source = EventLog | ID = 6008
Description = De vorige afsluiting van het systeem om 22:41:17 op ?11-?7-?2010 is
onverwacht gebeurd.

Error - 11-7-2010 16:48:07 | Computer Name = GEBRUIK-HF773WL | Source = BugCheck | ID = 1001
Description =

Error - 11-7-2010 17:02:34 | Computer Name = GEBRUIK-HF773WL | Source = EventLog | ID = 6008
Description = De vorige afsluiting van het systeem om 22:59:40 op ?11-?7-?2010 is
onverwacht gebeurd.


< End of report >


Thanks for studying these loags,
jbw92

#4 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:08:20 PM

Posted 11 July 2010 - 09:43 PM

Hi there,

STEP 1 - TFC

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.



  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following log:
  • MBAM Log
  • Kaspersky Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#5 jbw92

jbw92
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 14 July 2010 - 04:15 PM

Thanks for the reply.

Ran TFC:

Getting user folders.

Stopping running processes.

Emptying Temp folders.

User: Administrator
->Temp folder emptied: 176988 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gebruiker
->Temp folder emptied: 162530 bytes
->Temporary Internet Files folder emptied: 1466236 bytes

User: Joop
->Temp folder emptied: 175563755 bytes
->Temporary Internet Files folder emptied: 57088964 bytes
->Java cache emptied: 724196 bytes
->FireFox cache emptied: 52844645 bytes
->Google Chrome cache emptied: 10928976 bytes
->Apple Safari cache emptied: 23731 bytes
->Flash cache emptied: 128093 bytes

User: Judith
->Temp folder emptied: 99183 bytes
->Temporary Internet Files folder emptied: 51191629 bytes
->Java cache emptied: 11602 bytes
->FireFox cache emptied: 38792528 bytes
->Flash cache emptied: 4767 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12214 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 0 bytes
Process complete!

MBAM Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Databaseversie: 4306

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12-7-2010 22:23:07
mbam-log-2010-07-12 (22-23-07).txt

Scantype: Snelle scan
Objecten gescand: 153695
Verstreken tijd: 9 minuut/minuten, 1 seconde(n)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 0
Registerwaarden ge´nfecteerd: 0
Registerdata ge´nfecteerd: 0
Mappen ge´nfecteerd: 0
Bestanden ge´nfecteerd: 0

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Kapersky log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, July 15, 2010
Operating system: Microsoft Professional (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, July 14, 2010 16:26:51
Records in database: 4221071
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 115987
Threats found: 12
Infected objects found: 20
Suspicious objects found: 0
Scan duration: 03:27:47


File name / Threat / Threats count
C:\Program Files\NirSoft\AppCrashView.exe Infected: not-a-virus:PSWTool.Win32.NetPass.ye 1
C:\Program Files\NirSoft\mzcv.exe Infected: not-a-virus:PSWTool.Win32.NetPass.lm 1
C:\Program Files\NirSoft\produkey.exe Infected: not-a-virus:PSWTool.Win32.ProductKey.ar 1
C:\Program Files\NirSoft\recentfilesview.exe Infected: not-a-virus:PSWTool.Win32.WinPassViewer.k 1
C:\Users\Joop\Downloads\GrabIt Downloads\portable\DVDFab_Portable_7.0.6.2_Multilingual\DVDFabPortable\App\DVDFab\DVDFab.exe Infected: Backdoor.Win32.Bifrose.cugl 1
C:\Users\Joop\Downloads\GrabIt Downloads\portable\DVDFab_Portable_7.0.6.2_Multilingual\DVDFab_Portable_7.0.6.2_Multilingual.paf.exe Infected: Backdoor.Win32.Bifrose.cugl 1
C:\Users\Joop\Downloads\GrabIt Downloads\portable\portable-2.rar Infected: Backdoor.Win32.Bifrose.cugl 2
C:\Users\Joop\Downloads\GrabIt Downloads\Quicktime\Apple QuickTime Pro v7.4.6\QuickTimeInstaller.exe Infected: Trojan.Win32.Chifrax.d 1
C:\Users\Joop\Downloads\GrabIt Downloads\Quicktime\Apple QuickTime Pro v7.4.6\QuickTimeInstaller.exe Infected: Trojan-Downloader.Win32.Agent.ciqh 1
C:\Users\Joop\Downloads\GrabIt Downloads\Quicktime\QuickTime v7.50.61.0 Professional +Keymakerfrom Betamaster.zip Infected: Trojan-PSW.Win32.Dybalom.cvn 1
C:\Users\Joop\Downloads\GrabIt Downloads\Windows PowerShell\Microsoft Windows PowerShell 2.0 Programming.zip Infected: Trojan-PSW.Win32.Dybalom.cvn 1
C:\Users\Joop\Downloads\NirSoft\appcrashview.zip Infected: not-a-virus:PSWTool.Win32.NetPass.ye 1
C:\Users\Joop\Downloads\NirSoft\nirsoft_package_beta_100.zip Infected: not-a-virus:PSWTool.Win32.Asterisk.c 1
C:\Users\Joop\Downloads\NirSoft\nirsoft_package_beta_100.zip Infected: not-a-virus:PSWTool.Win32.NetPass.lm 1
C:\Users\Joop\Downloads\NirSoft\nirsoft_package_beta_100.zip Infected: not-a-virus:PSWTool.Win32.ProductKey.ar 1
C:\Users\Joop\Downloads\NirSoft\nirsoft_package_beta_100.zip Infected: not-a-virus:PSWTool.Win32.WinPassViewer.k 1
C:\Users\Joop\Downloads\NirSoft\nirsoft_package_beta_100.zip Infected: not-a-virus:PSWTool.Win32.SniffPass.a 1
C:\Users\Joop\Downloads\PHP Architect\2003\code-200308.zip Infected: Virus.Win32.Parite.a 1
C:\Users\Judith\Downloads\Messenger.exe Infected: Hoax.Win32.ArchSMS.o 1

Selected area has been scanned.

Edited by jbw92, 15 July 2010 - 12:06 AM.


#6 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:08:20 PM

Posted 15 July 2010 - 04:47 PM

Hi there,

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    CODE
    :Files
    C:\Users\Joop\Downloads\GrabIt Downloads\portable\DVDFab_Portable_7.0.6.2_Multilingual\DVDFabPortable\App\DVDFab\DVDFab.exe
    C:\Users\Joop\Downloads\GrabIt Downloads\portable\DVDFab_Portable_7.0.6.2_Multilingual\DVDFab_Portable_7.0.6.2_Multilingual.paf.exe
    C:\Users\Joop\Downloads\GrabIt Downloads\portable\portable-2.rar
    C:\Users\Joop\Downloads\GrabIt Downloads\Quicktime\Apple QuickTime Pro v7.4.6\QuickTimeInstaller.exe
    C:\Users\Joop\Downloads\GrabIt Downloads\Quicktime\Apple QuickTime Pro v7.4.6\QuickTimeInstaller.exe
    C:\Users\Joop\Downloads\GrabIt Downloads\Quicktime\QuickTime v7.50.61.0 Professional +Keymakerfrom Betamaster.zip
    C:\Users\Joop\Downloads\GrabIt Downloads\Windows PowerShell\Microsoft Windows PowerShell 2.0 Programming.zip
    C:\Users\Joop\Downloads\PHP Architect\2003\code-200308.zip
    C:\Users\Judith\Downloads\Messenger.exe

    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Open up OTL and push the Quickscan button. Post the resulting log here in your next reply.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#7 jbw92

jbw92
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 17 July 2010 - 04:41 PM

Hi mpascal,

The quick scan results are:

OTL logfile created on: 17-7-2010 23:38:06 - Run 3
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Joop\Downloads\BleepingComputer
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,53 Gb Total Space | 5,54 Gb Free Space | 5,41% Space Free | Partition Type: NTFS
Drive D: | 7,70 Gb Total Space | 0,73 Gb Free Space | 9,50% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,23% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEBRUIK-HF773WL
Current User Name: Joop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Joop\Downloads\BleepingComputer\OTL.exe (OldTimer Tools)
PRC - C:\Users\Joop\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\Joop\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\totalcmd\TOTALCMD.EXE (Ghisler Software GmbH)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Joop\Downloads\BleepingComputer\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16400_none_4209f94e2b866170\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (WMDrive) -- C:\Windows\System32\drivers\WMDrive.sys (WinMount International Inc)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (e1express) Stuurprogramma voor Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.nl
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010-07-03 23:57:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010-07-03 23:59:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-07-13 22:06:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-13 22:06:05 | 000,000,000 | ---D | M]

[2010-02-28 12:58:42 | 000,000,000 | ---D | M] -- C:\Users\Joop\AppData\Roaming\mozilla\Extensions
[2010-04-11 22:13:02 | 000,000,000 | ---D | M] -- C:\Users\Joop\AppData\Roaming\mozilla\Firefox\Profiles\v5guxluz.default\extensions
[2010-07-15 22:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-06-06 15:44:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-06-06 15:44:09 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-07-13 22:06:00 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010-07-13 22:06:00 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010-07-13 22:06:00 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010-07-13 22:06:00 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2010-07-13 22:06:00 | 000,001,106 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2010-07-01 23:15:22 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2010-07-01 23:15:22 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2010-07-01 23:15:22 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 [2010-07-01 23:15:22 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2010-07-01 23:15:22 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2010-07-01 23:15:22 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2010-07-01 23:15:22 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 [2010-07-03 23:52:29 | 000,000,000 | ---D | M]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004-04-30 18:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{9d0f3611-270a-11df-a1a9-001a4b8e259a}\Shell - "" = AutoRun
O33 - MountPoints2\{9d0f3611-270a-11df-a1a9-001a4b8e259a}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010-07-17 23:33:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-07-10 00:21:31 | 000,000,000 | ---D | C] -- C:\Users\Joop\AppData\Local\Apple Computer
[2010-07-07 21:36:19 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010-07-05 23:02:13 | 000,000,000 | ---D | C] -- C:\Users\Joop\AppData\Local\AVG Security Toolbar
[2010-07-03 23:59:30 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010-07-03 23:59:28 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010-07-03 23:59:21 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010-07-03 23:59:14 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010-07-03 23:59:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010-07-03 23:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010-07-03 23:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010-07-03 23:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010-06-08 22:42:48 | 000,000,000 | ---D | C] -- C:\Users\Joop\AppData\Local\ElevatedDiagnostics
[2010-06-08 22:29:01 | 000,000,000 | ---D | C] -- C:\Users\Joop\AppData\Local\Apple
[2010-06-08 19:04:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010-06-07 21:33:16 | 000,000,000 | ---D | C] -- C:\Users\Joop\AppData\Roaming\Malwarebytes
[2010-06-07 21:33:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010-06-07 21:33:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010-06-07 21:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-06-07 21:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010-06-07 21:28:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010-06-07 21:28:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010-06-07 21:28:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010-06-07 21:27:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010-06-04 22:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2010-05-30 18:57:12 | 000,000,000 | ---D | C] -- C:\ProgramData\WinMount
[2010-05-26 21:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010-05-26 21:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010-05-26 21:58:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010-05-26 21:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010-05-26 21:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010-05-25 22:01:45 | 000,000,000 | ---D | C] -- C:\Users\Joop\AppData\Roaming\WinMount
[2010-05-25 22:00:54 | 000,046,176 | ---- | C] (WinMount International Inc) -- C:\Windows\System32\drivers\WMDrive.sys
[2010-05-25 22:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinMount
[2010-05-17 22:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\QuickPar
[2010-05-17 21:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010-05-10 21:16:07 | 000,000,000 | ---D | C] -- C:\Users\Joop\Documents\Hema Album Software Advanced
[2010-05-10 21:16:07 | 000,000,000 | ---D | C] -- C:\Users\Joop\AppData\Local\Hema Album Software Advanced
[2010-05-10 21:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Hema Album Software Advanced
[2010-05-10 21:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\Hema Album Software
[2010-05-08 21:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010-05-07 06:19:26 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010-05-04 22:38:06 | 001,188,864 | ---- | C] (Zeusoft) -- C:\Program Files\ZeuApp 1.5.exe
[2010-05-02 12:03:49 | 000,000,000 | ---D | C] -- C:\Users\Joop\AppData\Roaming\AccurateRip
[2010-05-02 12:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\Exact Audio Copy
[2010-04-22 21:59:33 | 000,000,000 | ---D | C] -- C:\Users\Joop\AppData\Roaming\dvdcss
[2010-04-19 22:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

========== Files - Modified Within 90 Days ==========

[2010-07-17 23:35:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-07-17 23:35:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-07-17 23:34:41 | 001,835,008 | -HS- | M] () -- C:\Users\Joop\NTUSER.DAT
[2010-07-17 23:27:21 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3186177757-1330613218-4159779167-1004UA.job
[2010-07-17 23:27:21 | 000,001,008 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3186177757-1330613218-4159779167-1004Core.job
[2010-07-17 19:59:32 | 062,072,201 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010-07-14 07:10:37 | 000,937,730 | -H-- | M] () -- C:\Users\Joop\AppData\Local\IconCache.db
[2010-07-13 04:13:28 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-07-13 04:13:28 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-07-12 22:25:38 | 000,032,551 | ---- | M] () -- C:\Users\Joop\Documents\STEP 2.docx
[2010-07-11 16:45:50 | 001,523,502 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010-07-11 16:45:50 | 000,693,522 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2010-07-11 16:45:50 | 000,607,728 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-07-11 16:45:50 | 000,130,894 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2010-07-11 16:45:50 | 000,104,106 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-07-04 22:17:54 | 000,011,123 | ---- | M] () -- C:\Users\Joop\Documents\Visa Schotland.xlsx
[2010-07-04 21:48:13 | 000,002,407 | ---- | M] () -- C:\Users\Joop\Desktop\Google Chrome.lnk
[2010-07-04 21:48:13 | 000,002,284 | ---- | M] () -- C:\Users\Joop\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010-07-03 23:59:32 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010-07-03 23:59:32 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010-07-03 23:59:30 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010-07-03 23:59:21 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010-07-03 23:59:16 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010-07-03 23:59:14 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010-07-01 23:37:18 | 000,000,036 | ---- | M] () -- C:\Users\Joop\AppData\Local\housecall.guid.cache
[2010-06-30 23:08:10 | 000,000,000 | ---- | M] () -- C:\Users\Joop\defogger_reenable
[2010-06-07 21:53:27 | 000,000,162 | -H-- | M] () -- C:\Users\Joop\Documents\~$x FF _IE crashes.docx
[2010-06-07 21:33:07 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-06-07 21:25:03 | 000,074,672 | ---- | M] () -- C:\Users\Joop\Documents\Fix FF _IE crashes.docx
[2010-06-06 20:52:56 | 000,007,680 | ---- | M] () -- C:\Users\Joop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-06-05 23:53:17 | 000,043,775 | ---- | M] () -- C:\Users\Joop\Desktop\Nieuw Rich Text-document.rtf
[2010-06-03 22:26:47 | 000,045,867 | ---- | M] () -- C:\Users\Joop\Documents\NK2Edit v107.docx
[2010-05-26 21:58:58 | 000,001,820 | ---- | M] () -- C:\Users\Joop\Desktop\QuickTime Player.lnk
[2010-05-25 22:00:56 | 000,000,979 | ---- | M] () -- C:\Users\Joop\Desktop\WinMount.lnk
[2010-05-25 22:00:54 | 000,046,176 | ---- | M] (WinMount International Inc) -- C:\Windows\System32\drivers\WMDrive.sys
[2010-05-21 23:46:28 | 000,033,688 | ---- | M] () -- C:\Users\Joop\Documents\FTD Database bestanden 657 v2.docx
[2010-05-19 21:25:35 | 000,014,572 | ---- | M] () -- C:\Users\Joop\Documents\AFSCHRIJVING HET SPUI 19 APRIL.TIF
[2010-05-17 22:02:35 | 000,000,974 | ---- | M] () -- C:\Users\Joop\Desktop\QuickPar.lnk
[2010-05-17 21:34:38 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010-05-14 22:24:59 | 000,021,144 | ---- | M] () -- C:\Users\Joop\Documents\Isle of Lewis.docx
[2010-05-12 08:47:04 | 001,077,332 | ---- | M] () -- C:\Users\Joop\Documents\Within Temptation Discografie.docx
[2010-05-10 21:15:55 | 000,001,826 | ---- | M] () -- C:\Users\Joop\Desktop\Hema Album Software Advanced.lnk
[2010-05-04 22:38:06 | 001,188,864 | ---- | M] (Zeusoft) -- C:\Program Files\ZeuApp 1.5.exe
[2010-05-04 14:34:02 | 000,010,565 | ---- | M] () -- C:\Program Files\ZeuApp 1.5.exe.config
[2010-05-02 12:03:42 | 000,000,999 | ---- | M] () -- C:\Users\Joop\Desktop\Exact Audio Copy.lnk
[2010-05-02 10:39:01 | 000,001,097 | ---- | M] () -- C:\Users\Joop\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010-05-02 10:39:01 | 000,001,073 | ---- | M] () -- C:\Users\Joop\Desktop\Picasa 3.lnk
[2010-04-29 21:36:18 | 000,015,766 | ---- | M] () -- C:\Users\Joop\Documents\Uw betaalbevestiging 0020-0002-4331-0941 Opus.docx
[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010-04-26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010-04-23 07:20:27 | 000,013,483 | ---- | M] () -- C:\Users\Joop\Documents\Top 1000 1964 - 1974.xlsx

========== Files Created - No Company Name ==========

[2010-07-12 22:08:35 | 000,032,551 | ---- | C] () -- C:\Users\Joop\Documents\STEP 2.docx
[2010-07-04 22:17:53 | 000,011,123 | ---- | C] () -- C:\Users\Joop\Documents\Visa Schotland.xlsx
[2010-07-03 23:59:32 | 000,001,821 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010-07-03 23:59:14 | 062,072,201 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010-07-03 23:59:14 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010-07-01 23:37:18 | 000,000,036 | ---- | C] () -- C:\Users\Joop\AppData\Local\housecall.guid.cache
[2010-06-30 23:08:10 | 000,000,000 | ---- | C] () -- C:\Users\Joop\defogger_reenable
[2010-06-07 21:53:27 | 000,000,162 | -H-- | C] () -- C:\Users\Joop\Documents\~$x FF _IE crashes.docx
[2010-06-07 21:33:07 | 000,000,988 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-06-07 21:28:02 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010-06-07 21:28:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010-06-07 21:28:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010-06-07 21:28:02 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010-06-07 21:28:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010-06-07 21:22:24 | 000,074,672 | ---- | C] () -- C:\Users\Joop\Documents\Fix FF _IE crashes.docx
[2010-06-03 22:26:46 | 000,045,867 | ---- | C] () -- C:\Users\Joop\Documents\NK2Edit v107.docx
[2010-05-26 21:58:58 | 000,001,820 | ---- | C] () -- C:\Users\Joop\Desktop\QuickTime Player.lnk
[2010-05-25 22:00:56 | 000,000,979 | ---- | C] () -- C:\Users\Joop\Desktop\WinMount.lnk
[2010-05-21 23:46:27 | 000,033,688 | ---- | C] () -- C:\Users\Joop\Documents\FTD Database bestanden 657 v2.docx
[2010-05-19 21:25:34 | 000,014,572 | ---- | C] () -- C:\Users\Joop\Documents\AFSCHRIJVING HET SPUI 19 APRIL.TIF
[2010-05-17 22:02:35 | 000,000,974 | ---- | C] () -- C:\Users\Joop\Desktop\QuickPar.lnk
[2010-05-17 21:34:38 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010-05-14 22:24:58 | 000,021,144 | ---- | C] () -- C:\Users\Joop\Documents\Isle of Lewis.docx
[2010-05-12 08:47:02 | 001,077,332 | ---- | C] () -- C:\Users\Joop\Documents\Within Temptation Discografie.docx
[2010-05-10 21:15:55 | 000,001,826 | ---- | C] () -- C:\Users\Joop\Desktop\Hema Album Software Advanced.lnk
[2010-05-04 14:34:02 | 000,010,565 | ---- | C] () -- C:\Program Files\ZeuApp 1.5.exe.config
[2010-05-02 12:03:42 | 000,000,999 | ---- | C] () -- C:\Users\Joop\Desktop\Exact Audio Copy.lnk
[2010-05-02 10:39:01 | 000,001,097 | ---- | C] () -- C:\Users\Joop\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010-05-02 10:39:01 | 000,001,073 | ---- | C] () -- C:\Users\Joop\Desktop\Picasa 3.lnk
[2010-04-29 21:35:19 | 000,015,766 | ---- | C] () -- C:\Users\Joop\Documents\Uw betaalbevestiging 0020-0002-4331-0941 Opus.docx
[2010-04-23 07:20:26 | 000,013,483 | ---- | C] () -- C:\Users\Joop\Documents\Top 1000 1964 - 1974.xlsx
[2010-03-14 17:34:24 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010-02-28 20:18:16 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009-09-30 13:55:09 | 000,122,880 | ---- | C] () -- C:\Windows\System32\UpOneLevel_3.0.dll
[2009-09-30 13:55:09 | 000,122,880 | ---- | C] () -- C:\Windows\System32\SelectAll_3.0.dll
[2009-07-14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009-07-14 01:36:08 | 000,193,024 | ---- | C] () -- C:\Windows\System32\sppcomapi.dll

========== LOP Check ==========

[2010-03-14 17:34:36 | 000,000,000 | ---D | M] -- C:\Users\Joop\AppData\Roaming\Canneverbe Limited
[2010-05-19 22:24:39 | 000,000,000 | ---D | M] -- C:\Users\Joop\AppData\Roaming\DAEMON Tools Lite
[2010-02-28 20:16:12 | 000,000,000 | ---D | M] -- C:\Users\Joop\AppData\Roaming\GHISLER
[2010-07-11 15:29:18 | 000,000,000 | ---D | M] -- C:\Users\Joop\AppData\Roaming\GrabIt
[2010-03-26 00:11:59 | 000,000,000 | ---D | M] -- C:\Users\Joop\AppData\Roaming\ImgBurn
[2010-03-05 19:23:13 | 000,000,000 | ---D | M] -- C:\Users\Joop\AppData\Roaming\TeamViewer
[2010-04-11 17:10:51 | 000,000,000 | ---D | M] -- C:\Users\Joop\AppData\Roaming\Thinstall
[2010-04-11 21:07:14 | 000,000,000 | ---D | M] -- C:\Users\Joop\AppData\Roaming\uTorrent
[2010-03-07 23:06:30 | 000,000,000 | ---D | M] -- C:\Users\Joop\AppData\Roaming\VUPlayer
[2010-05-25 22:06:47 | 000,000,000 | ---D | M] -- C:\Users\Joop\AppData\Roaming\WinMount
[2009-07-14 06:53:46 | 000,029,764 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >


#8 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:08:20 PM

Posted 18 July 2010 - 01:20 PM

Still having any problems?

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#9 jbw92

jbw92
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 19 July 2010 - 04:28 PM

Hi mpascal,

For now i've got to thank you. Another user on this computer was troubled by the issue more than me.
So ar so good.

Thanks very much.

jbw92

#10 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:08:20 PM

Posted 19 July 2010 - 11:31 PM

Hi there,

No problem, glad I was able to help you out. smile.gif

Now that your system appears to be clean, I'll give you some instructions to remove the tools we have used and I'll offer some advice to help prevent future infection.

STEP 1 - Clear Restore Points

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :Commands
    [CLEARALLRESTOREPOINTS]

  • Then click the Run Fix button at the top.
STEP 2 - Remove Tools

Run OTL
  • Click Clean Up in the upper right corner.
  • This will remove most if not all the tools we used while we were fixing your computer. Feel free to delete any others it leaves behind.
Now that you have a clean system, I would like to share with you some advice to help reduce the risk of future infection.

+++++++++++++++++++++++++++++++++++++++++++++++

I recommend that you install both of the following free programs if you haven''t already, as they can greatly increase the security of your system. It is not essential that you have these programs installed, but they do a very good job at preventing infection if your system is scanned regularly.+++++++++++++++++++++++++++++++++++++++++++++++

A good firewall is also useful for keeping a system infection free. You should only have ONE firewall installed on your computer - having more than one will not increase the security of your system. Here is a small list of some free firewallsAn antivirus program is also a program that should be installed on all computers. These will help reduce the risk that your computer gets infected by viruses or trojans in the future. Keep in mind that you only need ONE antivirus program installed on your computer. If you have more than one installed, they can often conflict and leave your system unprotected.Having up to date Antivirus and Firewall software is vital to keeping a healthy, infection free system

+++++++++++++++++++++++++++++++++++++++++++++++

To find out more information on how your system got infected, or how to protect yourself on the internet in the future, this article by Tony Klein provides some great information.

Good luck and safe surfing!

-mpascal

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#11 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:08:20 PM

Posted 25 July 2010 - 12:14 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users