Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Hacked by Ice-Q" in title bar


  • This topic is locked This topic is locked
65 replies to this topic

#1 michelle1977

michelle1977

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:45 AM

Posted 12 July 2010 - 02:06 PM

Hi,

My dad's having some issues with his computer and I said I'd help him out. The most obvious issue, is that in IE, it says "Hacked by Ice-Q" in the title bar. I tried to remove it via regedit, but it keeps appearing once the computer is restarted.

I ran DDS and have posted the log below and attached the Attach file. I tried to run a Gmer scan, but after 2.5 hours and bringing up loads of results the computer shut itself down and restarted.

I would really appreciate help in resolving this.

Thanks so much!

Michelle



DDS (Ver_10-03-17.01) - NTFSx86
Run by Dhr. Morret at 17:08:39,35 on ma 12-07-2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.503.163 [GMT 2:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe
C:\Documents and Settings\Dhr. Morret\Local Settings\Temporary Internet Files\Content.IE5\1M46KPOH\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hotmail.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uDefault_Search_URL = hxxp://www.google.com/ie
uWindow Title = Hacked by Ice-Q
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [gcasServ] "c:\program files\microsoft antispyware\gcasServ.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [xxicecubexx] c:\windows\xxicecubexx.dll.vbs
StartupFolder: c:\docume~1\dhr~1.mor\menust~1\progra~1\opstar~1\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\docume~1\dhr~1.mor\menust~1\progra~1\opstar~1\SNELKO~1.LNK -
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - hxxps://www.p3.postbank.nl/sesam/CAX.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.ca/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38190.4632175926
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp04.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft.AntiSpyware.ShellExecuteHook.1: {9ef34ff2-3396-4527-9d27-04c8c1c67806} - c:\program files\microsoft antispyware\shellextension.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 mchInjDrv;madCodeHook DLL injection driver;c:\windows\system32\drivers\mchInjDrv.sys [2007-9-29 2560]
S1 anftdird.sys;anftdird.sys;\??\c:\windows\system32\drivers\anftdird.sys --> c:\windows\system32\drivers\anftdird.sys [?]
S1 ctredr15.sys;ctredr15.sys;\??\c:\windows\system32\drivers\ctredr15.sys --> c:\windows\system32\drivers\ctredr15.sys [?]
S1 ctredrv.sys;ctredrv.sys;\??\c:\windows\system32\drivers\ctredrv.sys --> c:\windows\system32\drivers\ctredrv.sys [?]
S2 Asusio;Asusio;\??\c:\program files\asus\asus radio player v1.0\asusio.sys --> c:\program files\asus\asus radio player v1.0\Asusio.sys [?]
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-31 135664]
S3 AmeAtmPc;AmeAtmPc;c:\windows\system32\drivers\ameatmpc.sys --> c:\windows\system32\drivers\AmeAtmPc.sys [?]
S3 AtmElan;ATM geŽmuleerde LAN;c:\windows\system32\drivers\atmlane.sys [2003-4-8 55808]
S3 AtmLane;ATM LAN-emulatie;c:\windows\system32\drivers\atmlane.sys [2003-4-8 55808]

=============== Created Last 30 ================

2010-06-29 08:21:29 0 d-----w- c:\docume~1\dhr~1.mor\applic~1\HpUpdate
2010-06-29 08:20:32 0 d-----w- c:\windows\Hewlett-Packard
2010-06-15 10:19:33 0 d-----w- C:\??????????????????????????????e???????????????????????HPAppData
2010-06-15 09:43:50 0 d-----w- c:\docume~1\dhr~1.mor\applic~1\Uniblue
2010-06-14 19:31:49 763832 ----a-w- c:\windows\BDTSupport.dll.old
2010-06-14 19:31:48 1652664 ----a-w- c:\windows\PCTBDCore.dll.old
2010-06-14 19:22:10 0 d-----w- c:\program files\Spyware Doctor

==================== Find3M ====================

2010-07-12 15:05:26 3678 --sha-r- C:\xxicecubexx.dll.vbs
2010-07-12 15:05:26 3678 --sha-r- c:\windows\xxicecubexx.dll.vbs
2010-06-26 08:32:36 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-23 19:19:56 86022 ----a-w- c:\windows\system32\perfc013.dat
2010-06-23 19:19:56 498912 ----a-w- c:\windows\system32\perfh013.dat
2010-05-17 11:40:45 23212 ----a-w- c:\windows\hpqins15.dat
2010-05-06 10:37:06 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:10:36 1851392 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:35:02 285696 ----a-w- c:\windows\system32\atmfd.dll
2004-12-26 14:36:15 5243848 ----a-w- c:\program files\SetupDl.exe
2008-08-19 13:56:39 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012008081920080820\index.dat

============= FINISH: 17:09:32,56 ===============

Attached Files


Edited by michelle1977, 12 July 2010 - 02:07 PM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 AM

Posted 17 July 2010 - 06:35 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.

Since you're having issues with GMER< please try GMER in safe mode. If that doesn't work, try in safe mode, but uncheck 'devices'. If all else fails, try in safe mode and only check 'files' and 'sections'


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 michelle1977

michelle1977
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:45 AM

Posted 20 July 2010 - 01:02 PM

Hi etavares,

Thanks for your reply and sorry for the late reply on my end too - somehow I didn't receive the email topic reply and I hadn't checked the site in a few days.

The computer we're talking about is my dad's, so I have to drive my bike back and forth smile.gif I'll plan a trip first thing tomorrow morning and will reply when I have more info.

Thanks in advance for your help,

Michelle

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 AM

Posted 20 July 2010 - 08:11 PM

OK, sounds good. Just bought a bike myself yesterday. Can't wait until they complete the fit this week. :D


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 michelle1977

michelle1977
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:45 AM

Posted 21 July 2010 - 06:30 AM

QUOTE(etavares @ Jul 20 2010, 09:11 PM) View Post
Just bought a bike myself yesterday.


Okay... I was talking about a bicycle... feel like a complete dork now smile.gif

Anyway, I was at my dad's this morning but unfortunately I didn't get much further. The Geekstogo website appears to be offline so I couldn't download OTL. I didn't feel safe randomly trying to download it somewhere else so do you have an idea where I could find it?

I tried to run Gmer in safe mode by repeatedly hitting F8 when starting the computer up. Nothing happened though, and the computer started up as usual. Could it be that I need to install something first before it gives the option to be able to start in safe mode? I remember doing something like that on my own PC but that was a long time ago.

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 AM

Posted 21 July 2010 - 07:19 AM

Let me look in a bit...lots of things are suddenly giving 403 errors across multiple threads.

PS> I was talking about a bicycle too!


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 michelle1977

michelle1977
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:45 AM

Posted 21 July 2010 - 07:21 AM

QUOTE(etavares @ Jul 21 2010, 08:19 AM) View Post
PS> I was talking about a bicycle too!


Lol... that's good, then at least we're on the same page smile.gif

I'll await further instructions.


#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 AM

Posted 21 July 2010 - 04:02 PM

OK, this link for OTL should work.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 michelle1977

michelle1977
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:45 AM

Posted 22 July 2010 - 01:08 AM

Thanks for the OTL link. Do you have any tips for the following:

I tried to run Gmer in safe mode by repeatedly hitting F8 when starting the computer up. Nothing happened though, and the computer started up as usual. Could it be that I need to install something first before it gives the option to be able to start in safe mode? I remember doing something like that on my own PC but that was a long time ago.

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 AM

Posted 22 July 2010 - 05:17 PM

Is it a wireless keyboard? If so, try a wired one. You can also:

1. Go to START->RUN
2. Type 'msconfig' into the box (without the quote marks)
3. Click on the BOOT.INI tab
4. Check the little box that says /SAFEBOOT (then ensure that 'Minimal' is selected)
5. Click Apply and OK
6. Restart your computer.

To get back into normal mode, do this in Safe Mode, but in Step 4, UNcheck that box.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 AM

Posted 27 July 2010 - 06:15 PM

still with me?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 michelle1977

michelle1977
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:45 AM

Posted 28 July 2010 - 03:18 AM

Hi, yes, still here. Sorry, I didn't get an email reply for your answer on how to boot in safe mode. I'm at my dad's tomorrow and will run the scans then. To be continued!

#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 AM

Posted 28 July 2010 - 05:51 PM


Ok, the email functionality is about 95% reliable, but every so often it doesn't work or gets caught by a spam filter. It's best to take a peek every day or two. I'll keep an eye out; hopefully that trick will help get into safe mode.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 michelle1977

michelle1977
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:45 AM

Posted 29 July 2010 - 11:34 AM

Okay, here are the results of the OTL scan. It could just as well be Chinese to me, but hopefully you can make something of it. Off to do the Gmer scan now.

OTL Extras logfile created on: 29-7-2010 18:11:38 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Dhr. Morret\Bureaublad
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

503,00 Mb Total Physical Memory | 105,00 Mb Available Physical Memory | 21,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38,28 Gb Total Space | 16,40 Gb Free Space | 42,84% Space Free | Partition Type: NTFS
Drive D: | 652,32 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XP-HOME
Current User Name: Dhr. Morret
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1214440339-1965331169-682003330-1004\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ENABLE -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\IncrediMail\Bin\IncMail.exe" = C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\Bin\ImApp.exe" = C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\Bin\ImpCnt.exe" = C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000413-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{00120409-78E1-11D2-B60F-006097C998E7}" = Microsoft FrontPage 2000
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{1740151D-868B-49E7-84A7-6FA27538089B}" = RIE
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1ACF68E6-888C-4182-89F7-C10F8C8F3026}" = Sitecom USB EasyCam VP-001
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{536F7C74-844B-4683-B0C5-EA39E19A6FE3}" = Microsoft AntiSpyware
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{64483B2F-B09D-46E4-A2D7-52F3A56D76B5}" = ASUS Multimedia Card Reader
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
"{9816B8B8-4B53-4D3D-9235-AD931252001D}" = Windows Live Messenger
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B77AF57-F7B2-488F-8B75-1DDDCC447545}_is1" = Hitman Pro
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1043-7B44-A71000000002}" = Adobe Reader 7.1.0 - Nederlands
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B53671B5-D9A4-4554-9437-680533116875}" = SLOW-PCfighter
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D99B6D3B-9554-4D17-868F-E7FCA05A5A50}" = ArcSoft VideoImpression 1.6
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"7-Zip" = 7-Zip 4.57
"Aangifte inkomstenbelasting 2007" = Aangifte inkomstenbelasting 2007
"Aangifte inkomstenbelasting 2008" = Aangifte inkomstenbelasting 2008
"Aangifte inkomstenbelasting 2009" = Aangifte inkomstenbelasting 2009
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BIMPLite" = BIMP Lite 1.62
"Google Chrome" = Google Chrome
"Hema Album Software Advanced_is1" = Hema Album Software Advanced
"Hema Album Software_is1" = Hema Album Software
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{64483B2F-B09D-46E4-A2D7-52F3A56D76B5}" = ASUS Multimedia Card Reader
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"PhotoMail" = PhotoMail Maker
"Picasa2" = Picasa 2
"Shop for HP Supplies" = Shop for HP Supplies
"TellmeMoreV50" = TeLL me More
"TIRION_Solobridge" = TIRION Solobridge
"Verzoek voorlopige teruggaaf 2008" = Verzoek voorlopige teruggaaf 2008
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World Timetable" = World Timetable
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1214440339-1965331169-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30-6-2010 14:49:17 | Computer Name = XP-HOME | Source = Application Hang | ID = 1001
Description = Fout-bucket 1180947459.

Error - 30-6-2010 14:49:21 | Computer Name = XP-HOME | Source = Application Hang | ID = 1001
Description = Fout-bucket 1180947459.

Error - 6-7-2010 6:42:50 | Computer Name = XP-HOME | Source = MsiInstaller | ID = 1002
Description = Onverwachte of ontbrekende waarde (naam: PackageName, waarde: ) in
sleutel HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF\SourceList

Error - 14-7-2010 10:43:55 | Computer Name = XP-HOME | Source = crypt32 | ID = 131083
Description = Het uitpakken van een basislijst uit de cab voor automatische updates
is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
met de fout: Een vereist certificaat valt niet binnen de geldigheidsperiode als
gekeken wordt naar de huidige systeemklok of de tijdstempel in het ondertekende
bestand.

Error - 14-7-2010 10:43:55 | Computer Name = XP-HOME | Source = crypt32 | ID = 131083
Description = Het uitpakken van een basislijst uit de cab voor automatische updates
is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
met de fout: Een vereist certificaat valt niet binnen de geldigheidsperiode als
gekeken wordt naar de huidige systeemklok of de tijdstempel in het ondertekende
bestand.

Error - 14-7-2010 10:43:56 | Computer Name = XP-HOME | Source = MsiInstaller | ID = 1002
Description = Onverwachte of ontbrekende waarde (naam: PackageName, waarde: ) in
sleutel HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF\SourceList

Error - 21-7-2010 3:09:05 | Computer Name = XP-HOME | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: iexplore.exe, versie: 8.0.6001.18702, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 21-7-2010 3:09:19 | Computer Name = XP-HOME | Source = Application Hang | ID = 1001
Description = Fout-bucket 1180947459.

Error - 26-7-2010 16:33:22 | Computer Name = XP-HOME | Source = MsiInstaller | ID = 1002
Description = Onverwachte of ontbrekende waarde (naam: PackageName, waarde: ) in
sleutel HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF\SourceList

Error - 28-7-2010 4:44:23 | Computer Name = XP-HOME | Source = SecurityCenter | ID = 1802
Description = De Windows Security Center-service kan geen gebeurtenisaanvragen in
WMI maken om niet-Microsoft antivirus- en firewallprogramma's te controleren.

[ System Events ]
Error - 28-7-2010 14:09:53 | Computer Name = XP-HOME | Source = Service Control Manager | ID = 7000
Description = De Asusio-service kan vanwege de volgende fout niet worden gestart:
%%3

Error - 28-7-2010 14:09:56 | Computer Name = XP-HOME | Source = Service Control Manager | ID = 7026
Description = De volgende opstartstuurprogramma's zijn niet geladen: anftdird.sys
ctredr15.sys
ctredrv.sys

Error - 28-7-2010 15:37:30 | Computer Name = XP-HOME | Source = Service Control Manager | ID = 7000
Description = De Asusio-service kan vanwege de volgende fout niet worden gestart:
%%3

Error - 28-7-2010 15:37:34 | Computer Name = XP-HOME | Source = Service Control Manager | ID = 7026
Description = De volgende opstartstuurprogramma's zijn niet geladen: anftdird.sys
ctredr15.sys
ctredrv.sys

Error - 29-7-2010 6:36:18 | Computer Name = XP-HOME | Source = Service Control Manager | ID = 7000
Description = De Asusio-service kan vanwege de volgende fout niet worden gestart:
%%3

Error - 29-7-2010 6:36:18 | Computer Name = XP-HOME | Source = Service Control Manager | ID = 7026
Description = De volgende opstartstuurprogramma's zijn niet geladen: anftdird.sys
ctredr15.sys
ctredrv.sys

Error - 29-7-2010 8:12:35 | Computer Name = XP-HOME | Source = Service Control Manager | ID = 7000
Description = De Asusio-service kan vanwege de volgende fout niet worden gestart:
%%3

Error - 29-7-2010 8:12:37 | Computer Name = XP-HOME | Source = Service Control Manager | ID = 7026
Description = De volgende opstartstuurprogramma's zijn niet geladen: anftdird.sys
ctredr15.sys
ctredrv.sys

Error - 29-7-2010 11:50:50 | Computer Name = XP-HOME | Source = Service Control Manager | ID = 7000
Description = De Asusio-service kan vanwege de volgende fout niet worden gestart:
%%3

Error - 29-7-2010 11:50:53 | Computer Name = XP-HOME | Source = Service Control Manager | ID = 7026
Description = De volgende opstartstuurprogramma's zijn niet geladen: anftdird.sys
ctredr15.sys
ctredrv.sys


< End of report >


OTL logfile created on: 29-7-2010 18:11:38 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Dhr. Morret\Bureaublad
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

503,00 Mb Total Physical Memory | 105,00 Mb Available Physical Memory | 21,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38,28 Gb Total Space | 16,40 Gb Free Space | 42,84% Space Free | Partition Type: NTFS
Drive D: | 652,32 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XP-HOME
Current User Name: Dhr. Morret
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-07-29 17:57:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dhr. Morret\Bureaublad\OTL.exe
PRC - [2008-10-07 22:30:26 | 000,656,896 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GTray.exe
PRC - [2008-10-07 22:25:48 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
PRC - [2008-08-21 03:18:00 | 000,443,968 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2008-04-14 19:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005-11-15 13:12:14 | 000,756,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
PRC - [2003-12-31 17:39:04 | 000,040,960 | ---- | M] () -- C:\WINDOWS\vsnpstd.exe
PRC - [2003-11-26 13:56:04 | 000,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Multimedia Card Reader\shwicon2k.exe
PRC - [2002-09-20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010-07-29 17:57:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dhr. Morret\Bureaublad\OTL.exe
MOD - [2008-04-14 19:02:45 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll
MOD - [2008-04-14 19:02:44 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008-04-14 19:02:39 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtutils.dll
MOD - [2008-04-14 19:02:37 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\onex.dll
MOD - [2008-04-14 19:02:33 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008-04-14 19:02:28 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2008-04-14 19:02:25 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eappcfg.dll
MOD - [2008-04-14 19:02:25 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eappprxy.dll
MOD - [2008-04-14 19:02:24 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dot3api.dll
MOD - [2008-04-14 19:02:24 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dot3dlg.dll
MOD - [2008-04-14 19:02:23 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\credui.dll
MOD - [2008-04-14 19:01:18 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2008-08-29 10:00:30 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2007-01-19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2002-09-20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\ctredrv.sys -- (ctredrv.sys)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\ctredr15.sys -- (ctredr15.sys)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ASUS\ASUS Radio Player V1.0\Asusio.sys -- (Asusio)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\anftdird.sys -- (anftdird.sys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\AmeAtmPc.sys -- (AmeAtmPc)
DRV - [2008-04-13 20:51:30 | 000,055,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmlane.sys -- (AtmLane)
DRV - [2008-04-13 20:51:30 | 000,055,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmlane.sys -- (AtmElan)
DRV - [2008-04-13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008-04-13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Stuurprogramma voor USB-audio (WDM)
DRV - [2007-09-29 12:01:26 | 000,002,560 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mchInjDrv.sys -- (mchInjDrv)
DRV - [2004-03-22 21:52:12 | 000,301,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snpstd.sys -- (snpstd) USB PC Camera (SN9C102)
DRV - [2003-11-10 11:24:24 | 000,039,532 | R--- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sunkfilt.sys -- (SunkFilt)
DRV - [2003-07-31 08:18:49 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2003-04-08 14:00:00 | 000,352,256 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atmuni.sys -- (Atmuni)
DRV - [2003-04-08 14:00:00 | 000,034,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rawwan.sys -- (Rawwan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1214440339-1965331169-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1214440339-1965331169-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1214440339-1965331169-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-1214440339-1965331169-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={sea...ferrer:source?}
IE - HKU\S-1-5-21-1214440339-1965331169-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
IE - HKU\S-1-5-21-1214440339-1965331169-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1214440339-1965331169-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKU\S-1-5-21-1214440339-1965331169-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 EC D3 BC B2 2D CB 01 [binary data]
IE - HKU\S-1-5-21-1214440339-1965331169-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1214440339-1965331169-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1214440339-1965331169-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1214440339-1965331169-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-05-17 13:39:40 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009-08-09 16:06:08 | 000,320,579 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10992 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1214440339-1965331169-682003330-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [gcasServ] C:\Program Files\Microsoft AntiSpyware\gcasServ.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe ()
O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [xxicecubexx] C:\WINDOWS\xxicecubexx.dll.vbs ()
O4 - HKU\S-1-5-21-1214440339-1965331169-682003330-1004..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKU\S-1-5-21-1214440339-1965331169-682003330-1004..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-21-1214440339-1965331169-682003330-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Dhr. Morret\Menu Start\Programma's\Opstarten\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\Dhr. Morret\Menu Start\Programma's\Opstarten\Snelkoppeling naar Planet ADSL.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1965331169-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1214440339-1965331169-682003330-1004\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} https://www.p3.postbank.nl/sesam/CAX.cab (CryptoRSA Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab (Ofoto Upload Manager Class)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.ca/downloads/BUM/B..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8190.4632175926 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} http://asp04.photoprintit.de/microsite/8/d...geUploader3.cab (IP-Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 () - http://images.kodakgallery.com/servlet/Ima...r=1122839881628
O24 - Desktop Components:1 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Dhr. Morret\Mijn documenten\Mijn afbeeldingen\clubhuis.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dhr. Morret\Mijn documenten\Mijn afbeeldingen\clubhuis.bmp
O28 - HKLM ShellExecuteHooks: {9EF34FF2-3396-4527-9D27-04C8C1C67806} - C:\Program Files\Microsoft AntiSpyware\shellextension.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004-07-08 11:58:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-07-29 18:10:57 | 000,000,112 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{2f7437de-de02-11dc-afcf-000296054a50}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corp.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010-07-29 17:57:46 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dhr. Morret\Bureaublad\OTL.exe
[2010-07-29 15:18:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010-07-27 12:57:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
[2010-07-27 12:57:53 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoMail Maker
[2010-07-27 12:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dhr. Morret\Local Settings\Application Data\IM
[2010-07-27 12:55:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2010-07-27 12:55:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IM
[2010-06-29 10:21:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dhr. Morret\Application Data\HpUpdate
[2010-06-29 10:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2010-06-15 12:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dhr. Morret\Application Data\Mozilla
[2010-06-15 11:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dhr. Morret\Application Data\Uniblue
[2010-06-14 21:31:48 | 001,652,664 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010-06-14 21:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010-06-03 16:55:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dhr. Morret\Mijn documenten\Mijn scans
[2010-05-06 10:32:40 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010-05-06 10:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2005-04-07 15:46:44 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd.dll
[2005-04-07 15:46:43 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd.dll
[2005-04-07 15:46:43 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010-07-29 18:14:19 | 000,003,678 | RHS- | M] () -- C:\WINDOWS\xxicecubexx.dll.vbs
[2010-07-29 18:10:57 | 000,003,678 | RHS- | M] () -- C:\xxicecubexx.dll.vbs
[2010-07-29 18:10:57 | 000,000,112 | RHS- | M] () -- C:\autorun.inf
[2010-07-29 17:57:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dhr. Morret\Bureaublad\OTL.exe
[2010-07-29 17:51:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-07-29 17:50:38 | 000,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-07-29 17:50:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-07-29 17:50:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-07-29 15:25:13 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\Dhr. Morret\NTUSER.DAT
[2010-07-29 15:25:13 | 000,000,288 | -HS- | M] () -- C:\Documents and Settings\Dhr. Morret\ntuser.ini
[2010-07-29 15:20:00 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-07-29 15:17:28 | 010,940,416 | R--- | M] () -- C:\Documents and Settings\All Users\Documenten\ESBK.mbb
[2010-07-29 15:17:28 | 005,003,264 | R--- | M] () -- C:\Documents and Settings\All Users\Documenten\ESBK.mb
[2010-07-29 12:39:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-07-07 10:30:13 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Dhr. Morret\Mijn documenten\BobpaklijstZfr.doc
[2010-07-07 10:25:38 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Dhr. Morret\Mijn documenten\Reisplan Valbonne 9 en 10 juli 2010.doc
[2010-06-26 10:32:36 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010-06-23 21:19:56 | 001,052,890 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-06-23 21:19:56 | 000,498,912 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2010-06-23 21:19:56 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-06-23 21:19:56 | 000,086,022 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2010-06-23 21:19:56 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-06-21 21:15:35 | 000,483,616 | ---- | M] () -- C:\Documents and Settings\Dhr. Morret\Bureaublad\hippie 1.jpg
[2010-06-18 22:43:18 | 000,208,295 | ---- | M] () -- C:\Documents and Settings\Dhr. Morret\Bureaublad\Meurs-1585421446.pdf
[2010-06-14 15:47:04 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Dhr. Morret\Mijn documenten\Schenkingen aan kinderen.xls
[2010-06-12 20:07:27 | 000,566,748 | ---- | M] () -- C:\Documents and Settings\Dhr. Morret\Bureaublad\familiefoto 1.jpg
[2010-06-10 12:09:22 | 000,118,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-06-10 11:39:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-06-08 12:42:32 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Dhr. Morret\Mijn documenten\Brief ABN-AMRO verzekeringen 8 juni 2010.doc
[2010-06-08 04:16:01 | 000,763,832 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll.old
[2010-06-08 02:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010-06-07 13:40:53 | 002,306,178 | ---- | M] () -- C:\Documents and Settings\Dhr. Morret\Bureaublad\Margot neemt 850 zegel in ontvangst0001.pdf
[2010-06-02 22:05:20 | 000,034,389 | ---- | M] () -- C:\Documents and Settings\Dhr. Morret\Bureaublad\tromp4.jpg
[2010-06-02 22:05:18 | 000,067,821 | ---- | M] () -- C:\Documents and Settings\Dhr. Morret\Bureaublad\tromp3.jpg
[2010-06-02 22:02:42 | 000,070,079 | ---- | M] () -- C:\Documents and Settings\Dhr. Morret\Bureaublad\tromp1.jpg
[2010-06-02 22:02:40 | 000,051,421 | ---- | M] () -- C:\Documents and Settings\Dhr. Morret\Bureaublad\tromp2.jpg
[2010-05-31 21:19:16 | 001,854,402 | ---- | M] () -- C:\Documents and Settings\Dhr. Morret\Bureaublad\eerste postzegels juni 2010 Haren 850 bew.jpg
[2010-05-28 15:05:44 | 000,086,697 | ---- | M] () -- C:\Documents and Settings\Dhr. Morret\Bureaublad\Madeleine Hair.jpg
[2010-05-27 11:02:11 | 000,005,141 | ---- | M] () -- C:\Documents and Settings\Dhr. Morret\Bureaublad\37_100.jpg
[2010-05-26 11:12:56 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Dhr. Morret\Mijn documenten\Wijn uit de Pfalz 2010.xls
[2010-05-17 13:40:45 | 000,023,212 | ---- | M] () -- C:\WINDOWS\hpqins15.dat
[2010-05-17 10:27:04 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Dhr. Morret\Mijn documenten\Deelnemers 6 juni 2010.xls
[2010-05-06 10:33:32 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\QuickTime Player.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-06-21 21:15:35 | 000,483,616 | ---- | C] () -- C:\Documents and Settings\Dhr. Morret\Bureaublad\hippie 1.jpg
[2010-06-18 22:43:17 | 000,208,295 | ---- | C] () -- C:\Documents and Settings\Dhr. Morret\Bureaublad\Meurs-1585421446.pdf
[2010-06-14 21:31:49 | 000,763,832 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010-06-12 20:07:27 | 000,566,748 | ---- | C] () -- C:\Documents and Settings\Dhr. Morret\Bureaublad\familiefoto 1.jpg
[2010-06-09 10:28:12 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Dhr. Morret\Mijn documenten\Reisplan Valbonne 9 en 10 juli 2010.doc
[2010-06-08 20:25:40 | 000,003,678 | RHS- | C] () -- C:\xxicecubexx.dll.vbs
[2010-06-08 20:25:40 | 000,003,678 | RHS- | C] () -- C:\WINDOWS\xxicecubexx.dll.vbs
[2010-06-08 20:25:40 | 000,000,112 | RHS- | C] () -- C:\autorun.inf
[2010-06-08 12:13:15 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Dhr. Morret\Mijn documenten\Brief ABN-AMRO verzekeringen 8 juni 2010.doc
[2010-06-07 13:40:38 | 002,306,178 | ---- | C] () -- C:\Documents and Settings\Dhr. Morret\Bureaublad\Margot neemt 850 zegel in ontvangst0001.pdf
[2010-06-02 22:06:03 | 000,034,389 | ---- | C] () -- C:\Documents and Settings\Dhr. Morret\Bureaublad\tromp4.jpg
[2010-06-02 22:05:39 | 000,067,821 | ---- | C] () -- C:\Documents and Settings\Dhr. Morret\Bureaublad\tromp3.jpg
[2010-06-02 22:04:37 | 000,051,421 | ---- | C] () -- C:\Documents and Settings\Dhr. Morret\Bureaublad\tromp2.jpg
[2010-06-02 22:04:21 | 000,070,079 | ---- | C] () -- C:\Documents and Settings\Dhr. Morret\Bureaublad\tromp1.jpg
[2010-05-31 21:19:05 | 001,854,402 | ---- | C] () -- C:\Documents and Settings\Dhr. Morret\Bureaublad\eerste postzegels juni 2010 Haren 850 bew.jpg
[2010-05-28 15:06:25 | 000,086,697 | ---- | C] () -- C:\Documents and Settings\Dhr. Morret\Bureaublad\Madeleine Hair.jpg
[2010-05-27 11:02:21 | 000,005,141 | ---- | C] () -- C:\Documents and Settings\Dhr. Morret\Bureaublad\37_100.jpg
[2010-05-26 11:12:56 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Dhr. Morret\Mijn documenten\Wijn uit de Pfalz 2010.xls
[2010-05-17 13:38:04 | 000,023,212 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010-05-17 10:05:01 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Dhr. Morret\Mijn documenten\Deelnemers 6 juni 2010.xls
[2010-05-06 10:33:32 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\QuickTime Player.lnk
[2009-10-04 14:27:01 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2008-03-20 12:56:37 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007-09-29 12:01:26 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\mchInjDrv.sys
[2005-09-14 20:47:08 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005-07-03 10:46:57 | 000,000,145 | ---- | C] () -- C:\WINDOWS\Klmamsqo.ini
[2005-04-07 15:46:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd.dll
[2005-04-07 15:46:48 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd.ini
[2005-04-07 15:46:46 | 000,301,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd.sys
[2005-04-07 15:15:23 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005-04-07 15:15:13 | 000,000,730 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2004-11-09 15:42:33 | 000,000,645 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2004-07-09 12:12:20 | 000,000,746 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004-07-08 12:18:51 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004-07-08 12:16:33 | 000,003,297 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2004-07-08 12:16:29 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2000-09-08 18:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999-01-22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2004-11-09 15:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009-04-29 16:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2009-12-25 17:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fighters
[2009-02-21 17:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hema Album Software Advanced
[2009-10-04 14:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010-07-27 12:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2010-07-27 12:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2009-11-05 16:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010-07-27 12:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
[2007-12-01 17:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prevx
[2010-06-15 14:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008-11-20 11:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2010-04-11 16:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dhr. Morret\Application Data\Belastingdienst
[2009-04-29 16:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dhr. Morret\Application Data\eFax Messenger
[2009-04-29 16:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dhr. Morret\Application Data\j2 Global
[2007-06-24 11:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dhr. Morret\Application Data\MailWasherPro
[2007-04-03 15:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dhr. Morret\Application Data\SPAMfighter
[2010-06-15 11:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dhr. Morret\Application Data\Uniblue

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009-03-08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009-03-08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2005-11-15 13:12:08 | 000,126,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\GCCollection.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[2010-05-02 10:10:36 | 001,851,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004-07-08 13:47:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004-07-08 13:47:38 | 000,610,304 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004-07-08 13:47:38 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2004-07-08 11:58:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-07-29 18:14:19 | 000,000,112 | RHS- | M] () -- C:\autorun.inf
[2004-09-25 18:35:03 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2003-04-08 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2004-07-08 11:58:17 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004-07-22 19:45:58 | 000,000,663 | ---- | M] () -- C:\DSLTest.log
[2008-08-30 13:20:25 | 000,230,424 | ---- | M] () -- C:\img1-001.raw
[2006-08-19 16:03:12 | 000,000,532 | ---- | M] () -- C:\INSTALL.LOG
[2004-07-08 11:58:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2004-07-08 11:58:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-09-25 18:28:14 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-08-19 15:30:10 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2010-07-29 17:50:32 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2010-07-29 18:14:19 | 000,003,678 | RHS- | M] () -- C:\xxicecubexx.dll.vbs

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008-07-06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009-04-16 14:08:20 | 000,312,832 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp70v.dll
[2003-01-16 20:37:14 | 000,011,264 | ---- | M] (BVRP Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxprint2000.dll

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2004-09-25 18:24:19 | 022,286,121 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008-08-19 15:19:54 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004-09-25 18:24:19 | 022,286,121 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008-08-19 15:19:54 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004-08-04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003-04-08 14:00:00 | 010,181,758 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004-09-25 18:24:19 | 022,286,121 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008-08-19 15:19:54 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004-09-25 18:24:19 | 022,286,121 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008-08-19 15:19:54 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003-04-08 14:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008-04-14 19:02:25 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=CA64B9406EEDA4FFA2DAEAE1DABCCE42 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-14 19:02:25 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=CA64B9406EEDA4FFA2DAEAE1DABCCE42 -- C:\WINDOWS\system32\eventlog.dll
[2004-08-04 10:03:09 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=F1720914CAB06FDE4BE250E3767713CF -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004-08-04 10:03:17 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=B3FDAC7A518B6B684BEFE792DC1DC560 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008-04-14 19:02:33 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E6A7071DF6855AB7CCCC220AC3AAD087 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008-04-14 19:02:33 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E6A7071DF6855AB7CCCC220AC3AAD087 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008-04-14 19:02:39 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=0E3B585761E23C1E35442E972B7E45F9 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008-04-14 19:02:39 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=0E3B585761E23C1E35442E972B7E45F9 -- C:\WINDOWS\system32\scecli.dll
[2004-08-04 10:03:20 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=5AE934F6837B5A583DED535C4BE5A804 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: USER32.DLL >
[2005-03-02 20:21:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=0B62745CE93E8C6F56547F70269DBABC -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2003-04-08 14:00:00 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=2E8CEC28BE4D9B830BA0AFF73C9279F7 -- C:\WINDOWS\$NtUninstallKB826939$\user32.dll
[2008-04-14 19:02:44 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=4CF588D2F2363B73EB4AF57967D46DFF -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008-04-14 19:02:44 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=4CF588D2F2363B73EB4AF57967D46DFF -- C:\WINDOWS\system32\user32.dll
[1998-06-05 15:33:04 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=6FC162676F38A1AEBEFD23CD78493BB1 -- C:\Backup oude harddisk\C_oud\WINDOWS\SYSTEM\USER32.DLL
[2004-08-04 10:03:23 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=8E5D344FD717D35EE7ED1C8E0AD0CBE6 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2005-03-02 20:19:18 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=A9F2EBFC6EF9C1FB38CEDCF747162B6C -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2002-11-22 21:32:28 | 000,530,432 | ---- | M] (Microsoft Corporation) MD5=B7A7C40C3C8C9C155CD1D9952E82E833 -- C:\WINDOWS\$NtUninstallKB824141$\user32.dll
[2007-03-08 17:39:10 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=CB18F701A5D55A6308FAB8D18322C060 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2007-03-08 17:51:45 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=FA35431E333943F4B2A6D33FA4EE3CE9 -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll

< MD5 for: WS2_32.DLL >
[2004-08-04 10:03:24 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=06EBCBE58321E924980148B7E3DBD753 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[1998-06-05 15:33:14 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=0C884D37724C037110335F350B384E1F -- C:\Backup oude harddisk\C_oud\WINDOWS\SYSTEM\WS2_32.DLL
[2008-04-14 19:02:45 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=520391367546218929749612ABFE840C -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008-04-14 19:02:45 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=520391367546218929749612ABFE840C -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Files - Unicode (All) ==========
[2010-06-15 12:19:33 | 000,000,000 | ---D | M](C:\??????????????????????????????e???????????????????????HPAppData) -- C:\ѮհѮ楆敬屳慊慶橜敲尶楬屢硥屴呑慊慶種灩䌀䥌久乔䵁㵅潃獮汯e潃浭湯牐杯慲䙭汩獥䌽尺牐杯慲楆敬屳潃浭湯䘠汩HPAppData
[2010-06-15 12:19:33 | 000,000,000 | ---D | M](C:\??????????????????????????????e???????????????????????HPAppData) -- C:\ѮհѮ楆敬屳慊慶橜敲尶楬屢硥屴呑慊慶種灩䌀䥌久乔䵁㵅潃獮汯e潃浭湯牐杯慲䙭汩獥䌽尺牐杯慲楆敬屳潃浭湯䘠汩HPAppData
[2010-06-15 12:19:33 | 000,000,000 | ---D | C](C:\??????????????????????????????e???????????????????????HPAppData) -- C:\ѮհѮ楆敬屳慊慶橜敲尶楬屢硥屴呑慊慶種灩䌀䥌久乔䵁㵅潃獮汯e潃浭湯牐杯慲䙭汩獥䌽尺牐杯慲楆敬屳潃浭湯䘠汩HPAppData

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
< End of report >


#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 AM

Posted 29 July 2010 - 06:06 PM

Ok, I'll look for the GMER log. Speaking of Chinese...do you know what this directory is? Likely malware, but I wanted to check. It will likely look different in Windows Explorer. Does it mean anything to you? Malware often uses different characters to look different on a US Languague computer since you won't see this.

C:\ѮհѮ楆敬屳慊慶橜敲尶楬屢硥屴呑慊慶種灩䌀䥌久乔䵁㵅潃獮汯e潃浭湯牐杯慲䙭汩獥䌽尺牐杯慲楆敬屳潃浭湯䘠汩HPAppData


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users