Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with malware str.sys?


  • This topic is locked This topic is locked
9 replies to this topic

#1 Bugge

Bugge

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 29 October 2010 - 03:11 PM

Hello!

I was reading on this forum and I believe you guys give wonderful input. Thanks for all your help in front.

I got stock somehow with some malicious software lately. Got a restart for unknown reason and since then pc does weird stuff. Tried to do several scans with Adware, Spybot s&d, malwarebytes anti malware etc etc etc...

Following is suspicous;

* Got an unwanted reboot
* pc startup is about 15 seconds longer then normal
* Sometimes firefox refuses to start the first time I click the icon
* Firefox redirects me to sites like 'Click-n-go' and soms fake windows scan site. Ad-aware that I have installed gives message he blocked suspicious site sometimes.
* Malwarebytes anti Malware found a file str.sys., scanned in safe mode. Found on the internet this is malware/trojan.


Below my logs like requested in the preperation guide;
For some reason the boxes in the 'gmer' application were grayed out, so I could not set up any options except for ' Services,Registery, Files (c:\ d:\) and ADS.


DDS (Ver_10-10-21.02) - NTFS_AMD64
Run by Bugge at 21:48:09,47 on vr 29-10-2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.4095.2677 [GMT 2:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\lxbkcoms.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Bugge\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [DAT809B.tmp.exe] "C:\Windows\TEMP\DAT809B.tmp.exe" /run
dRun: [DAT47F8.tmp.exe] "C:\Windows\TEMP\DAT47F8.tmp.exe" /run
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
mRun-x64: [RivaTunerStartupDaemon] "C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /S
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Bugge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Bugge\AppData\Roaming\Mozilla\Firefox\Profiles\efyigg59.default\
FF - prefs.js: browser.startup.homepage - www.google.be
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Users\Bugge\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-10-24 69152]
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2010-10-29 254624]
R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2010-10-29 452872]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-20 202752]
R2 cpuz133;cpuz133;C:\Windows\System32\drivers\cpuz133_x64.sys [2010-4-18 20968]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-9-23 1357464]
R2 lxbk_device;lxbk_device;C:\Windows\system32\lxbkcoms.exe -service --> C:\Windows\system32\lxbkcoms.exe -service [?]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-4-20 6659072]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-4-20 195584]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-9-23 16928]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2008-3-13 27136]
R3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-13 136176]
S2 hasplms;HASP License Manager;C:\Windows\system32\hasplms.exe -run --> C:\Windows\system32\hasplms.exe -run [?]
S3 FlashUSB;FlashUSB;C:\Windows\System32\drivers\FlashUSB_x64.sys [2009-12-26 20480]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2010-10-29 366840]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2010-10-29 1145816]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-18 1255736]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-3-30 1823112]
S4 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-7-6 173352]

=============== Created Last 30 ================

2010-10-29 19:26:21 -------- d-----w- C:\Program Files (x86)\PC Tools Registry Tool
2010-10-29 19:22:00 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2010-10-29 19:22:00 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2010-10-29 19:21:59 329320 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2010-10-29 19:21:59 136168 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2010-10-29 19:21:57 254624 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2010-10-29 19:21:54 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2010-10-29 19:21:54 42968 ----a-w- C:\Windows\System32\drivers\pctNdis-DNS64.sys
2010-10-29 19:21:54 177904 ----a-w- C:\Windows\System32\drivers\pctplfw64.sys
2010-10-29 19:21:54 116616 ----a-w- C:\Windows\System32\drivers\pctNdis-PacketFilter64.sys
2010-10-29 19:21:49 -------- d-----w- C:\Users\Bugge\AppData\Roaming\PC Tools
2010-10-29 19:21:49 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2010-10-29 19:21:49 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2010-10-29 19:20:32 -------- d-----w- C:\PROGRA~3\PC Tools
2010-10-29 18:51:27 -------- d-----w- C:\Users\Bugge\AppData\Roaming\SUPERAntiSpyware.com
2010-10-29 18:51:27 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2010-10-29 18:51:22 -------- d-----w- C:\PROGRA~3\!SASCORE
2010-10-29 18:51:21 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2010-10-29 16:48:27 44800 ----a-w- C:\Windows\SysWow64\drivers\lvgvrddlwiaen.sys
2010-10-29 16:45:26 44800 ----a-w- C:\Windows\SysWow64\drivers\oiffdirvr.sys
2010-10-26 18:54:05 -------- d--h--w- C:\$AVG
2010-10-26 18:42:36 -------- d-----w- C:\Users\Bugge\AppData\Roaming\AVG10
2010-10-26 18:41:52 -------- d--h--w- C:\PROGRA~3\Common Files
2010-10-26 18:41:18 -------- d-----w- C:\PROGRA~3\AVG10
2010-10-26 18:40:58 -------- d-----w- C:\Program Files (x86)\AVG
2010-10-26 18:36:58 -------- d-----w- C:\PROGRA~3\MFAData
2010-10-24 20:59:56 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2010-10-24 20:51:30 69152 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2010-10-24 20:47:24 -------- d-----w- C:\Users\Bugge\AppData\Local\Sunbelt Software
2010-10-24 20:47:11 -------- dc-h--w- C:\PROGRA~3\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-10-24 20:47:09 -------- d-----w- C:\Program Files (x86)\Lavasoft
2010-10-23 20:51:27 7935824 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{9B1FC88B-DA83-4584-B998-8129C0AA86A4}\mpengine.dll
2010-10-23 20:06:39 -------- d-----w- C:\Users\Bugge\AppData\Roaming\iolo
2010-10-23 20:06:39 -------- d-----w- C:\PROGRA~3\iolo
2010-10-23 19:29:33 -------- d-----w- C:\Users\Bugge\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-10-23 19:28:22 -------- d-----w- C:\PROGRA~3\regid.1986-12.com.adobe
2010-10-23 19:23:06 -------- d-----w- C:\PROGRA~3\Norton
2010-10-23 19:22:39 -------- d-----w- C:\PROGRA~3\NortonInstaller
2010-10-14 20:50:50 -------- d-----w- C:\PROGRA~3\F-Secure
2010-10-14 20:38:00 -------- d-----w- C:\Users\Bugge\AppData\Roaming\VanDale
2010-10-14 20:37:27 -------- d-----w- C:\Program Files (x86)\Woordenboeken
2010-10-08 18:22:19 -------- d-----w- C:\Users\Bugge\AppData\Local\In The Money
2010-10-08 18:22:06 -------- d-----w- C:\Users\Bugge\AppData\Roaming\HEM Data
2010-10-05 19:03:40 -------- d-----w- C:\Users\Bugge\AppData\Local\LogMeIn Hamachi
2010-10-05 19:03:10 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2010-10-03 20:07:50 -------- d-----w- C:\Users\Bugge\AppData\Local\sabnzbd
2010-10-02 11:29:22 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

==================== Find3M ====================

2010-09-15 02:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-08-21 19:35:14 20992 ----a-w- C:\Windows\bw-uninstall.exe
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-20 19:55:13 59 ----a-w- C:\Windows\wpd99.drv
2009-12-06 13:41:57 254642 --sh--r- C:\Windows\Help.exe

============= FINISH: 21:48:41,16 ===============



Thanks for the help.

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:06 PM

Posted 07 November 2010 - 05:11 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Bugge

Bugge
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 07 November 2010 - 02:32 PM

Hello,

Thanks for you help Elise. Still malware on my pc, I'm sure of it as it opens new tabs and executes something.
Anyway, the Rootkit Unhooker link did not work in your post, do you have a mirror link? I can find the same software when I use google, but want to be sure I'm using the correct Rootkit Unhooker.

Here the two first logs requested;

OTL logfile created on: 7-11-2010 20:19:58 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Bugge\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 67,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 127,99 Gb Total Space | 37,63 Gb Free Space | 29,40% Space Free | Partition Type: NTFS
Drive D: | 803,52 Gb Total Space | 72,30 Gb Free Space | 9,00% Space Free | Partition Type: NTFS

Computer Name: BUGGE-PC | User Name: Bugge | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010-11-07 20:19:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bugge\Desktop\OTL.exe
PRC - [2010-10-31 09:42:06 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010-10-31 09:42:05 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010-07-22 18:09:42 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009-09-08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009-09-08 08:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe


========== Modules (SafeList) ==========

MOD - [2010-11-07 20:19:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bugge\Desktop\OTL.exe
MOD - [2010-08-21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009-07-14 02:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2009-07-14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010-06-29 18:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010-04-20 04:59:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008-02-19 09:12:32 | 000,565,928 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbkcoms.exe -- (lxbk_device)
SRV:64bit: - [2007-08-09 13:59:36 | 001,757,696 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Stopped] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2010-11-03 21:11:29 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010-08-30 07:03:22 | 001,145,816 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010-07-22 18:09:42 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010-07-06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010-03-30 10:16:14 | 001,823,112 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-03-15 12:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009-09-08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009-07-16 16:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-09-30 12:48:28 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008-02-19 09:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxbkcoms.exe -- (lxbk_device)
SRV - [2007-05-31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007-05-31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\ancmdagdb.sys -- (ttopsmqgsdao)
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\NSHE.SYS -- (NSHE)
DRV:64bit: - File not found [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\szykd.sys -- (aftsllozjvedy)
DRV:64bit: - [2010-09-23 08:46:09 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010-08-18 12:51:18 | 000,254,624 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010-06-29 09:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2010-04-20 06:27:50 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010-04-20 06:27:50 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010-04-20 04:23:12 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010-03-30 22:35:04 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2010-03-09 11:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010-02-17 19:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010-02-17 19:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010-02-03 14:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009-12-13 16:19:09 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009-09-23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009-09-23 02:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009-09-23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009-09-23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009-08-21 02:27:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2009-08-21 02:27:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2009-08-21 02:27:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009-06-10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-14 08:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009-05-12 15:53:12 | 000,020,480 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlashUSB_x64.sys -- (FlashUSB)
DRV:64bit: - [2008-03-13 08:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV - [2010-11-03 21:11:32 | 000,017,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2010-10-29 17:48:27 | 000,044,800 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\lvgvrddlwiaen.sys -- (pazvkimpbmf)
DRV - [2010-10-29 17:45:26 | 000,044,800 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\oiffdirvr.sys -- (izcynhgxxlygj)
DRV - [2009-12-06 14:56:29 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2009-05-12 15:53:12 | 000,020,480 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\FlashUsb_x64.sys -- (FlashUSB)
DRV - [2008-11-23 10:23:04 | 000,097,792 | ---- | M] (T0r0 2008) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\NSHE.SYS -- (NSHE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1707964747-1461057282-695979824-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1707964747-1461057282-695979824-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKU\S-1-5-21-1707964747-1461057282-695979824-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 61 F3 FF 91 7B CB 01 [binary data]
IE - HKU\S-1-5-21-1707964747-1461057282-695979824-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1707964747-1461057282-695979824-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1707964747-1461057282-695979824-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKU\S-1-5-21-1707964747-1461057282-695979824-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C9 B8 19 9E 7B D2 CA 01 [binary data]
IE - HKU\S-1-5-21-1707964747-1461057282-695979824-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.be"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-10-31 09:42:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-10-31 09:42:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009-12-06 19:53:08 | 000,000,000 | ---D | M] -- C:\Users\Bugge\AppData\Roaming\Mozilla\Extensions
[2009-12-06 19:53:08 | 000,000,000 | ---D | M] -- C:\Users\Bugge\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010-11-06 19:57:54 | 000,000,000 | ---D | M] -- C:\Users\Bugge\AppData\Roaming\Mozilla\Firefox\Profiles\efyigg59.default\extensions
[2010-07-03 21:22:57 | 000,000,000 | ---D | M] (Minimeter) -- C:\Users\Bugge\AppData\Roaming\Mozilla\Firefox\Profiles\efyigg59.default\extensions\{08ab63e1-c4bc-4fb7-a0b2-55373b596eb7}
[2010-11-06 19:57:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010-05-22 23:14:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-08-28 17:20:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-10-16 13:41:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010-09-15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-10-29 19:44:40 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010-10-29 19:44:40 | 000,004,558 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010-10-29 19:44:40 | 000,001,111 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010-10-29 19:44:40 | 000,001,049 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2010-10-29 19:44:40 | 000,001,106 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1707964747-1461057282-695979824-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1707964747-1461057282-695979824-1003..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1707964747-1461057282-695979824-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.131.132 195.130.130.4
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{fa1eb7f5-777b-11df-818d-00235419de3b}\Shell - "" = AutoRun
O33 - MountPoints2\{fa1eb7f5-777b-11df-818d-00235419de3b}\Shell\AutoRun\command - "" = G:\start.exe -- File not found
O33 - MountPoints2\{fe778747-e7fa-11de-993d-00235419de3b}\Shell - "" = AutoRun
O33 - MountPoints2\{fe778747-e7fa-11de-993d-00235419de3b}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-11-07 20:19:31 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Bugge\Desktop\OTL.exe
[2010-11-04 21:14:32 | 000,000,000 | ---D | C] -- C:\Users\Bugge\DoctorWeb
[2010-11-03 21:19:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010-11-03 21:16:16 | 000,000,000 | ---D | C] -- C:\Users\Bugge\AppData\Local\Adobe
[2010-11-03 21:11:33 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010-11-01 13:10:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity
[2010-10-29 20:50:31 | 000,000,000 | ---D | C] -- C:\Users\Bugge\Desktop\gmer
[2010-10-29 20:26:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Registry Tool
[2010-10-29 20:22:00 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2010-10-29 20:22:00 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2010-10-29 20:21:59 | 000,329,320 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010-10-29 20:21:59 | 000,136,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010-10-29 20:21:57 | 000,254,624 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010-10-29 20:21:54 | 000,177,904 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplfw64.sys
[2010-10-29 20:21:54 | 000,116,616 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys
[2010-10-29 20:21:54 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010-10-29 20:21:54 | 000,042,968 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-DNS64.sys
[2010-10-29 20:21:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2010-10-29 20:21:49 | 000,000,000 | ---D | C] -- C:\Users\Bugge\AppData\Roaming\PC Tools
[2010-10-29 20:21:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010-10-29 20:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010-10-29 19:56:35 | 093,214,024 | ---- | C] (Norman ASA) -- C:\Users\Bugge\Desktop\Norman_Malware_Cleaner.exe
[2010-10-29 19:51:27 | 000,000,000 | ---D | C] -- C:\Users\Bugge\AppData\Roaming\SUPERAntiSpyware.com
[2010-10-29 19:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010-10-29 19:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010-10-29 19:51:21 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010-10-29 19:48:43 | 009,705,656 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Bugge\Desktop\SUPERAntiSpyware.exe
[2010-10-26 19:54:05 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010-10-26 19:42:36 | 000,000,000 | ---D | C] -- C:\Users\Bugge\AppData\Roaming\AVG10
[2010-10-26 19:41:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010-10-26 19:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010-10-26 19:40:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010-10-26 19:36:58 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010-10-24 22:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010-10-24 21:59:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2010-10-24 21:51:30 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010-10-24 21:51:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010-10-24 21:47:24 | 000,000,000 | ---D | C] -- C:\Users\Bugge\AppData\Local\Sunbelt Software
[2010-10-24 21:47:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010-10-24 21:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010-10-24 21:47:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010-10-23 22:22:46 | 000,000,000 | ---D | C] -- C:\Users\Bugge\Desktop\ProcessMonitor
[2010-10-23 21:30:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010-10-23 21:21:02 | 000,000,000 | ---D | C] -- C:\Users\Bugge\Desktop\backups
[2010-10-23 21:06:39 | 000,000,000 | ---D | C] -- C:\Users\Bugge\AppData\Roaming\iolo
[2010-10-23 21:06:39 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2010-10-23 20:29:33 | 000,000,000 | ---D | C] -- C:\Users\Bugge\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010-10-23 20:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010-10-23 20:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010-10-23 20:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010-10-23 20:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010-10-14 22:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010-10-14 21:50:50 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010-10-14 21:38:00 | 000,000,000 | ---D | C] -- C:\Users\Bugge\AppData\Roaming\VanDale
[2010-10-14 21:37:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Woordenboeken
[2010-10-10 16:40:53 | 000,000,000 | ---D | C] -- C:\Users\Bugge\Desktop\paarden
[2010-10-10 16:29:17 | 000,000,000 | ---D | C] -- C:\Users\Bugge\Desktop\zetel
[2010-10-09 21:06:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010-10-09 21:06:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2009-12-27 10:41:20 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkserv.dll
[2009-12-27 10:41:20 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkusb1.dll
[2009-12-27 10:41:20 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkhbn3.dll
[2009-12-27 10:41:20 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomc.dll
[2009-12-27 10:41:20 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpmui.dll
[2009-12-27 10:41:20 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbklmpm.dll
[2009-12-27 10:41:20 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomm.dll
[2009-12-27 10:41:20 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkinpa.dll
[2009-12-27 10:41:20 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkiesc.dll
[2009-12-27 10:41:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkprox.dll
[2009-12-27 10:41:20 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpplc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-11-07 20:22:01 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-11-07 20:22:01 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-11-07 20:21:11 | 001,661,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010-11-07 20:21:11 | 000,744,436 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2010-11-07 20:21:11 | 000,652,026 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010-11-07 20:21:11 | 000,152,420 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2010-11-07 20:21:11 | 000,120,958 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010-11-07 20:19:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bugge\Desktop\OTL.exe
[2010-11-07 20:16:03 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-11-07 20:14:22 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-11-07 20:14:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-11-07 20:14:04 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
[2010-11-06 19:46:34 | 000,289,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010-11-06 14:09:10 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010-11-06 13:02:44 | 000,004,797 | ---- | M] () -- C:\Users\Bugge\Desktop\pokerstatz.png
[2010-11-06 10:13:38 | 000,537,022 | ---- | M] () -- C:\Users\Bugge\Desktop\Foto0188.jpg
[2010-11-06 10:13:24 | 000,479,145 | ---- | M] () -- C:\Users\Bugge\Desktop\Foto0186.jpg
[2010-11-04 21:12:45 | 051,581,296 | ---- | M] () -- C:\Users\Bugge\Desktop\cureit.exe
[2010-11-03 21:19:57 | 000,002,975 | ---- | M] () -- C:\Users\Bugge\Desktop\HiJackThis.lnk
[2010-11-03 21:19:31 | 001,402,880 | ---- | M] () -- C:\Users\Bugge\Desktop\HiJackThis.msi
[2010-11-03 21:11:32 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010-11-01 23:42:50 | 000,133,463 | ---- | M] () -- C:\Users\Bugge\Desktop\las vegas s05e09.nzb
[2010-10-29 20:50:16 | 000,286,404 | ---- | M] () -- C:\Users\Bugge\Desktop\gmer.zip
[2010-10-29 20:47:00 | 000,545,280 | ---- | M] () -- C:\Users\Bugge\Desktop\dds.scr
[2010-10-29 20:26:21 | 000,001,198 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools File and Registry Tool.lnk
[2010-10-29 20:21:56 | 000,002,076 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010-10-29 20:21:05 | 000,238,080 | ---- | M] () -- C:\Users\Bugge\Desktop\Remove Fake Antivirus.exe
[2010-10-29 19:57:13 | 093,214,024 | ---- | M] (Norman ASA) -- C:\Users\Bugge\Desktop\Norman_Malware_Cleaner.exe
[2010-10-29 19:50:24 | 000,507,400 | ---- | M] () -- C:\Users\Bugge\Desktop\sdasetup.exe
[2010-10-29 19:50:00 | 009,705,656 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Bugge\Desktop\SUPERAntiSpyware.exe
[2010-10-29 17:48:27 | 000,044,800 | ---- | M] () -- C:\Windows\SysWow64\drivers\lvgvrddlwiaen.sys
[2010-10-29 17:45:26 | 000,044,800 | ---- | M] () -- C:\Windows\SysWow64\drivers\oiffdirvr.sys
[2010-10-27 20:56:25 | 000,236,032 | ---- | M] () -- C:\Users\Bugge\Desktop\Water_leak.doc
[2010-10-24 21:47:10 | 000,001,166 | ---- | M] () -- C:\Users\Bugge\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010-10-23 18:19:04 | 000,363,049 | ---- | M] () -- C:\Users\Bugge\Desktop\husng.xlsx
[2010-10-15 18:41:43 | 009,860,096 | ---- | M] () -- C:\Users\Bugge\Desktop\ASP10.doc
[2010-10-12 22:43:01 | 000,000,218 | ---- | M] () -- C:\Users\Bugge\AppData\Roaming\default.rss
[2010-10-12 22:42:49 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-11-06 13:02:44 | 000,004,797 | ---- | C] () -- C:\Users\Bugge\Desktop\pokerstatz.png
[2010-11-06 11:18:26 | 000,537,022 | ---- | C] () -- C:\Users\Bugge\Desktop\Foto0188.jpg
[2010-11-06 11:18:24 | 000,479,145 | ---- | C] () -- C:\Users\Bugge\Desktop\Foto0186.jpg
[2010-11-04 21:11:38 | 051,581,296 | ---- | C] () -- C:\Users\Bugge\Desktop\cureit.exe
[2010-11-03 21:19:57 | 000,002,975 | ---- | C] () -- C:\Users\Bugge\Desktop\HiJackThis.lnk
[2010-11-03 21:19:29 | 001,402,880 | ---- | C] () -- C:\Users\Bugge\Desktop\HiJackThis.msi
[2010-11-01 23:42:49 | 000,133,463 | ---- | C] () -- C:\Users\Bugge\Desktop\las vegas s05e09.nzb
[2010-10-29 20:50:15 | 000,286,404 | ---- | C] () -- C:\Users\Bugge\Desktop\gmer.zip
[2010-10-29 20:46:58 | 000,545,280 | ---- | C] () -- C:\Users\Bugge\Desktop\dds.scr
[2010-10-29 20:26:21 | 000,001,198 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools File and Registry Tool.lnk
[2010-10-29 20:21:56 | 000,002,076 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010-10-29 20:21:04 | 000,238,080 | ---- | C] () -- C:\Users\Bugge\Desktop\Remove Fake Antivirus.exe
[2010-10-29 19:51:22 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010-10-29 19:50:23 | 000,507,400 | ---- | C] () -- C:\Users\Bugge\Desktop\sdasetup.exe
[2010-10-29 17:48:27 | 000,044,800 | ---- | C] () -- C:\Windows\SysWow64\drivers\lvgvrddlwiaen.sys
[2010-10-29 17:45:26 | 000,044,800 | ---- | C] () -- C:\Windows\SysWow64\drivers\oiffdirvr.sys
[2010-10-27 20:56:24 | 000,236,032 | ---- | C] () -- C:\Users\Bugge\Desktop\Water_leak.doc
[2010-10-24 21:47:10 | 000,001,166 | ---- | C] () -- C:\Users\Bugge\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010-10-15 18:41:13 | 009,860,096 | ---- | C] () -- C:\Users\Bugge\Desktop\ASP10.doc
[2010-08-21 21:29:28 | 000,000,043 | ---- | C] () -- C:\Windows\wininit.ini
[2010-07-12 21:30:31 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010-07-12 21:30:31 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010-07-12 21:26:11 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010-07-12 21:26:11 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010-06-19 18:02:36 | 000,000,000 | ---- | C] () -- C:\Users\Bugge\AppData\Roaming\downloads.m3u
[2010-06-19 15:29:56 | 001,642,736 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010-06-12 17:51:17 | 000,175,104 | ---- | C] () -- C:\Users\Bugge\AppData\Roaming\SQLite3.dll
[2010-02-26 21:00:21 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2010-02-26 18:09:42 | 000,063,757 | ---- | C] () -- C:\Program Files (x86)\hminstalllog.txt
[2010-02-23 23:21:55 | 000,336,896 | ---- | C] () -- C:\Windows\SysWow64\ammppg.dll
[2010-02-23 23:21:55 | 000,233,472 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010-02-23 23:21:55 | 000,212,992 | ---- | C] () -- C:\Windows\SysWow64\amrdec.dll
[2010-02-23 23:21:55 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\qcpsdk.dll
[2010-02-23 23:21:55 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\a1.dll
[2010-02-20 14:12:56 | 000,000,218 | ---- | C] () -- C:\Users\Bugge\AppData\Roaming\default.rss
[2010-02-20 14:12:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010-02-14 21:42:57 | 000,004,608 | ---- | C] () -- C:\Users\Bugge\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-24 14:19:16 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2009-12-27 10:41:53 | 000,000,376 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009-12-27 10:41:20 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbkutil.dll
[2009-12-27 10:41:20 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBKinst.dll
[2009-12-27 10:41:20 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxbkinsr.dll
[2009-12-26 21:36:09 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2009-12-26 21:36:09 | 000,002,412 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2009-12-23 21:24:50 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\drivers\hardlock.sys
[2009-12-16 23:08:40 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2009-12-16 23:07:46 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2009-12-16 23:07:46 | 000,000,059 | ---- | C] () -- C:\Windows\wpd99.drv
[2009-12-06 18:43:52 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009-12-06 14:40:36 | 000,007,597 | ---- | C] () -- C:\Users\Bugge\AppData\Local\resmon.resmoncfg
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007-08-07 19:22:22 | 000,141,180 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2006-08-16 15:13:34 | 001,382,280 | ---- | C] () -- C:\Windows\SysWow64\fftw3.dll

========== LOP Check ==========

[2010-03-26 17:55:49 | 000,000,000 | ---D | M] -- C:\Users\Bugge\AppData\Roaming\Absolute Poker
[2010-09-07 16:59:26 | 000,000,000 | ---D | M] -- C:\Users\Bugge\AppData\Roaming\Ariane Software
[2010-11-01 14:34:00 | 000,000,000 | ---D | M] -- C:\Users\Bugge\AppData\Roaming\Audacity
[2010-10-26 19:42:36 | 000,000,000 | ---D | M] -- C:\Users\Bugge\AppData\Roaming\AVG10
[2010-06-12 18:00:34 | 000,000,000 | ---D | M] -- C:\Users\Bugge\AppData\Roaming\bizarre creations
[2010-10-23 20:29:33 | 000,000,000 | ---D | M] -- C:\Users\Bugge\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010-01-02 21:11:41 | 000,000,000 | ---D | M] -- C:\Users\Bugge\AppData\Roaming\Chief Architect X2 Trial Version
[2009-12-23 15:27:19 | 000,000,000 | ---D | M] -- C:\Users\Bugge\AppData\Roaming\DAEMON Tools Lite
[2010-05-01 20:52:11 | 000,000,000 | ---D | M] -- C:\Users\Bugge\AppData\Roaming\Forte
[2010-01-01 15:30:29 | 000,000,000 | ---D | M] -- C:\Users\Bugge\AppData\Roaming\GetRightToGo
[2010-02-28 14:55:54 | 000,000,000 | ---D | M] -- C:\Users\Bugge\AppData\Roaming\GoPal Assistant
[2010-11-07 00:41:01 | 000,000,000 | ---D | M] -- C:\Users\Bugge\AppData\Roaming\HEM Data
[2010-10-23 21:06:39 | 000,000,000 | ---D | M] -- C:\Users\Bugge\AppData\Roaming\iolo
[2009-12-06 18:44:43 | 000,000,000 | ---D | M] -- C:\Users\Bugge\AppData\Roaming\KeePass
[2009-12-27 14:07:38 | 000,000,000 | ---D | M] -- C:\Users\Bugge\AppData\Roaming\LG Electronics
[2010-10-09 13:11:29 | 000,000,000 | ---D | M] -- C:\Users\Bugge\AppData\Roaming\LimeWire
[2010-02-14 21:36:19 | 000,000,000 | ---D | M] -- C:\Users\Bugge\AppData\Roaming\ManyCam
[2010-10-04 20:36:30 | 000,000,000 | ---D | M] -- C:\Users\Bugge\AppData\Roaming\PacificPoker
[2009-12-16 23:08:40 | 000,000,000 | ---D | M] -- C:\Users\Bugge\AppData\Roaming\pdf995
[2010-08-30 19:23:41 | 000,000,000 | ---D | M] -- C:\Users\Bugge\AppData\Roaming\TeamViewer
[2010-01-10 23:10:29 | 000,000,000 | ---D | M] -- C:\Users\Bugge\AppData\Roaming\Ubisoft
[2010-10-14 21:39:17 | 000,000,000 | ---D | M] -- C:\Users\Bugge\AppData\Roaming\Van Dale
[2010-10-14 21:38:00 | 000,000,000 | ---D | M] -- C:\Users\Bugge\AppData\Roaming\VanDale
[2010-10-30 16:36:27 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >



OTL Extras logfile created on: 7-11-2010 20:19:58 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Bugge\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 67,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 127,99 Gb Total Space | 37,63 Gb Free Space | 29,40% Space Free | Partition Type: NTFS
Drive D: | 803,52 Gb Total Space | 72,30 Gb Free Space | 9,00% Space Free | Partition Type: NTFS

Computer Name: BUGGE-PC | User Name: Bugge | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1707964747-1461057282-695979824-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{2253CE44-3EDE-DFDD-FE5B-60B36199D24C}" = ATI Catalyst Install Manager
"{3884A495-9F51-8C35-0DE9-5B3397A0BFF6}" = ATI AVIVO64 Codecs
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Apparaatcentrum
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}" = HHD Software Free Hex Editor Neo 4.95
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Update voor het stuurprogramma voor Windows Mobile Apparaatcentrum
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F2AE9D59-1515-BA5F-7959-12902ECB8059}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"81AE60DDD229A248055515E311406D86F7E4012A" = Windows-stuurprogrammapakket - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6)
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"HoldemManager" = Holdem Manager
"Lexmark X1100 Series" = Lexmark X1100 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero BurningROM
"{0CB2A228-2E05-888C-3C38-FD242D66A37E}" = Catalyst Control Center InstallProxy
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20DEB77C-21D6-4D22-BB47-233E47613D57}" = Microsoft Games for Windows - LIVE Redistributable
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{25E44205-B25D-4512-5BF1-0D80040576C1}" = HydraVision
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 22
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55e952be-9720-4157-8064-918147252c52}" = Nero 9
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Activision®
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = The Saboteur™
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{902C9C8F-BFC8-4A70-BCE5-F311D6D9CFFD}" = JuicedTheGame
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1043-7B44-A94000000001}" = Adobe Reader 9.4.0 - Nederlands
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3FF356D-F48F-FC92-C525-D1C13AA4C2CF}" = Chief Architect X2 Trial Version
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3File" = AC3File 0.5b
"AC3Filter_is1" = AC3Filter 1.63b
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AutoHotkey" = AutoHotkey 1.0.48.05
"Avi2Dvd" = Avi2Dvd 0.4.4 beta
"AviSynth" = AviSynth 2.5
"bet365poker" = Poker at bet365
"CCleaner" = CCleaner
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"Cities XL" = Cities XL
"Forte Agent" = Forté Agent
"GOM Player" = GOM Player
"HoldemManager" = Holdem Manager
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Blur™
"Just Cause 2_is1" = Just Cause 2
"KeePass Password Safe_is1" = KeePass Password Safe 1.17
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LimeWire" = LimeWire PRO 5.2.8
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Medion GoPal Assistant" = Medion GoPal Assistant 4.00.0047
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Nano" = Nano 1.1.1
"NewsReactor" = NewsReactor (remove only)
"Pacific Poker" = Pacific Poker
"PC Tools File and Registry Tool_is1" = PC Tools Registry Tool
"Pdf995" = Pdf995
"Picasa 3" = Picasa 3
"PIXresizer_is1" = PIXresizer 2.0.4
"PokerStars" = PokerStars
"PostgreSQL 8.4" = PostgreSQL 8.4
"PunkBusterSvc" = PunkBuster Services
"QuickPar" = QuickPar 0.9
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"SABnzbd" = SABnzbd (remove only)
"Spyware Doctor" = Spyware Doctor met Antivirus 8.0
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Steam App 50280" = Mafia II - Demo
"SubtitleWorkshop" = Subtitle Workshop 2.51
"TeamViewer 5" = TeamViewer 5
"Telemeter" = Telemeter 3.5h
"VLC media player" = VLC media player 1.0.3
"WBFS Manager 3.0" = WBFS Manager 3.0
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"Worms Reloaded_is1" = Worms Reloaded
"XviD4PSP5" = XviD4PSP 5.0
"XviD4PSP60" = XviD4PSP 6.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1707964747-1461057282-695979824-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker" = Absolute Poker
"UnityWebPlayer" = Unity Web Player

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1707964747-1461057282-695979824-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker" = Absolute Poker
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6-11-2010 15:17:16 | Computer Name = Bugge-PC | Source = PostgreSQL | ID = 0
Description = 2010-11-06 20:17:16 CETERROR: duplicate key value violates unique
constraint "uniqueserial" 2010-11-06 20:17:16 CETSTATEMENT: EXECUTE PKHEXECUTE(25313147785,1,to_timestamp('11/06/2010
06:25:08','MM/DD/YYYY HH24:MI:SS'),744,25,6,3,3,0,0,2,49,21,50,10,0,58,2,15,30,0,0,0,32,-1,2,2,False,-1,0,0,0,11,11,-1,3,-1,-1,0);
select currval('pokerhands_pokerhand_id_seq')

Error - 6-11-2010 15:17:16 | Computer Name = Bugge-PC | Source = PostgreSQL | ID = 0
Description = 2010-11-06 20:17:16 CETERROR: duplicate key value violates unique
constraint "uniqueserial" 2010-11-06 20:17:16 CETSTATEMENT: EXECUTE PKHEXECUTE(25313148543,1,to_timestamp('11/06/2010
06:25:11','MM/DD/YYYY HH24:MI:SS'),744,25,6,3,2,2,2,6,45,27,36,23,37,70,5,15,35,45,75,0,32,32,2,2,False,3,0,0,0,14,14,14,4,-1,-1,0);
select currval('pokerhands_pokerhand_id_seq')

Error - 6-11-2010 15:17:16 | Computer Name = Bugge-PC | Source = PostgreSQL | ID = 0
Description = 2010-11-06 20:17:16 CETERROR: duplicate key value violates unique
constraint "uniqueserial" 2010-11-06 20:17:16 CETSTATEMENT: EXECUTE PKHEXECUTE(25313149268,1,to_timestamp('11/06/2010
06:25:14','MM/DD/YYYY HH24:MI:SS'),744,25,6,0,0,0,0,6,0,0,0,0,0,27,0,0,0,0,0,-1,-1,-1,-1,-1,False,-1,0,0,0,-1,-1,-1,-1,2,-1,0);
select currval('pokerhands_pokerhand_id_seq')

Error - 6-11-2010 15:17:16 | Computer Name = Bugge-PC | Source = PostgreSQL | ID = 0
Description = 2010-11-06 20:17:16 CETERROR: duplicate key value violates unique
constraint "uniqueserial" 2010-11-06 20:17:16 CETSTATEMENT: EXECUTE PKHEXECUTE(25313150073,1,to_timestamp('11/06/2010
06:25:18','MM/DD/YYYY HH24:MI:SS'),744,25,6,0,0,0,0,6,0,0,0,0,0,7,0,0,0,0,0,-1,-1,-1,-1,-1,False,-1,0,0,0,-1,-1,-1,-1,-1,-1,0);
select currval('pokerhands_pokerhand_id_seq')

Error - 6-11-2010 15:17:16 | Computer Name = Bugge-PC | Source = PostgreSQL | ID = 0
Description = 2010-11-06 20:17:16 CETERROR: duplicate key value violates unique
constraint "uniqueserial" 2010-11-06 20:17:16 CETSTATEMENT: EXECUTE PKHEXECUTE(25313151007,1,to_timestamp('11/06/2010
06:25:22','MM/DD/YYYY HH24:MI:SS'),744,25,6,0,0,0,0,1,0,0,0,0,0,7,0,0,0,0,0,-1,-1,-1,-1,-1,False,-1,0,0,0,-1,-1,-1,-1,-1,-1,0);
select currval('pokerhands_pokerhand_id_seq')

Error - 6-11-2010 15:17:16 | Computer Name = Bugge-PC | Source = PostgreSQL | ID = 0
Description = 2010-11-06 20:17:16 CETERROR: duplicate key value violates unique
constraint "uniqueserial" 2010-11-06 20:17:16 CETSTATEMENT: EXECUTE PKHEXECUTE(25313151908,1,to_timestamp('11/06/2010
06:25:26','MM/DD/YYYY HH24:MI:SS'),744,25,6,0,0,0,0,3,0,0,0,0,0,27,0,0,0,0,0,-1,-1,-1,-1,-1,False,-1,0,0,0,-1,-1,-1,-1,4,-1,0);
select currval('pokerhands_pokerhand_id_seq')

Error - 6-11-2010 15:17:16 | Computer Name = Bugge-PC | Source = PostgreSQL | ID = 0
Description = 2010-11-06 20:17:16 CETERROR: duplicate key value violates unique
constraint "uniqueserial" 2010-11-06 20:17:16 CETSTATEMENT: EXECUTE PKHEXECUTE(25313153972,1,to_timestamp('11/06/2010
06:25:36','MM/DD/YYYY HH24:MI:SS'),744,25,6,0,0,0,0,5,0,0,0,0,0,7,0,0,0,0,0,-1,-1,-1,-1,-1,False,-1,0,0,0,-1,-1,-1,-1,-1,-1,0);
select currval('pokerhands_pokerhand_id_seq')

Error - 6-11-2010 15:17:16 | Computer Name = Bugge-PC | Source = PostgreSQL | ID = 0
Description = 2010-11-06 20:17:16 CETERROR: duplicate key value violates unique
constraint "uniqueserial" 2010-11-06 20:17:16 CETSTATEMENT: EXECUTE PKHEXECUTE(25313154887,1,to_timestamp('11/06/2010
06:25:40','MM/DD/YYYY HH24:MI:SS'),744,25,6,3,2,2,2,6,42,24,36,21,25,1466,104,292,1570,1570,1570,0,0,0,1,2,False,3,0,0,0,11,11,12,2,3,1,0);
select currval('pokerhands_pokerhand_id_seq')

Error - 6-11-2010 15:17:16 | Computer Name = Bugge-PC | Source = PostgreSQL | ID = 0
Description = 2010-11-06 20:17:16 CETERROR: duplicate key value violates unique
constraint "uniqueserial" 2010-11-06 20:17:16 CETSTATEMENT: EXECUTE PKHEXECUTE(25313164046,1,to_timestamp('11/06/2010
06:26:21','MM/DD/YYYY HH24:MI:SS'),744,25,6,0,0,0,0,6,0,0,0,0,0,20,0,0,0,0,0,-1,-1,-1,-1,-1,False,-1,0,0,0,-1,-1,-1,-1,0,-1,0);
select currval('pokerhands_pokerhand_id_seq')

Error - 6-11-2010 15:17:16 | Computer Name = Bugge-PC | Source = PostgreSQL | ID = 0
Description = 2010-11-06 20:17:16 CETERROR: duplicate key value violates unique
constraint "uniqueserial" 2010-11-06 20:17:16 CETSTATEMENT: EXECUTE PKHEXECUTE(25313164827,1,to_timestamp('11/06/2010
06:26:24','MM/DD/YYYY HH24:MI:SS'),744,25,6,0,0,0,0,4,0,0,0,0,0,7,0,0,0,0,0,-1,-1,-1,-1,-1,False,-1,0,0,0,-1,-1,-1,-1,-1,-1,0);
select currval('pokerhands_pokerhand_id_seq')

[ System Events ]
Error - 1-7-2010 11:53:35 | Computer Name = Bugge-PC | Source = Service Control Manager | ID = 7003
Description = The Guardant Emulator Driver service depends the following service:
HARDLOCK. This service might not be installed.

Error - 2-7-2010 10:49:27 | Computer Name = Bugge-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HASP
License Manager service to connect.

Error - 2-7-2010 10:49:27 | Computer Name = Bugge-PC | Source = Service Control Manager | ID = 7000
Description = The HASP License Manager service failed to start due to the following
error: %%1053

Error - 2-7-2010 10:49:27 | Computer Name = Bugge-PC | Source = Service Control Manager | ID = 7003
Description = The Guardant Emulator Driver service depends the following service:
HARDLOCK. This service might not be installed.

Error - 2-7-2010 17:15:30 | Computer Name = Bugge-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HASP
License Manager service to connect.

Error - 2-7-2010 17:15:30 | Computer Name = Bugge-PC | Source = Service Control Manager | ID = 7000
Description = The HASP License Manager service failed to start due to the following
error: %%1053

Error - 2-7-2010 17:15:30 | Computer Name = Bugge-PC | Source = Service Control Manager | ID = 7003
Description = The Guardant Emulator Driver service depends the following service:
HARDLOCK. This service might not be installed.

Error - 3-7-2010 4:55:26 | Computer Name = Bugge-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HASP
License Manager service to connect.

Error - 3-7-2010 4:55:26 | Computer Name = Bugge-PC | Source = Service Control Manager | ID = 7000
Description = The HASP License Manager service failed to start due to the following
error: %%1053

Error - 3-7-2010 4:55:26 | Computer Name = Bugge-PC | Source = Service Control Manager | ID = 7003
Description = The Guardant Emulator Driver service depends the following service:
HARDLOCK. This service might not be installed.


< End of report >


Best Regards

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:06 PM

Posted 07 November 2010 - 04:36 PM

Hello again, RKU is indeed down, however, since you run a 64 bit system it won't run most likely anyway.

First of all, can you Start Firefox with the Safe mode option? This will start it without add-ons. If it works fine that way, one of the installed add-ons is causing problems.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Bugge

Bugge
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 07 November 2010 - 05:38 PM

OK,

I will try firefox safe mode...
I took my 5 times before it opened though (don't know if it's related to this malware, but sometimes takes 3-5 times to click the icon before firefox opens)

Some additional info, when 'it' opened a new tab (in firefox normal mode before) I got this malware link by clicking 'back' to following site as an exemple (removed the http so people don't c/p / click the link unintentionally)

"cornishrex.org/key/?qs=a285d69e2c3cdb9ecff79d783e5bca03408f0fb33a21c06fb05e632d42297a4b43642e41eee36dcbe2b76e82b4890669&t=tasso"

Tasso was a string I typed into google, so it's logging my input somehow?

Edited by Bugge, 07 November 2010 - 05:39 PM.


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:06 PM

Posted 08 November 2010 - 04:14 AM

Its quite normal that your input is used for a redirect.

Please let me know how the safe mode option worked.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Bugge

Bugge
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 08 November 2010 - 06:27 AM

Hello,

Same problem in safe mode. Got redirected today in a new tab in 'safe mode firefox' to

"houstonpressurewashers.com/default.pk?tsearch=Wii+Monster+Hunter+Tri+wii+review&search_button.x=0&search_button.y=0"

Greetz

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:06 PM

Posted 08 November 2010 - 07:09 AM

Can you please try Internet Explorer and see if that gets redirected as well.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Bugge

Bugge
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 10 November 2010 - 07:48 AM

I had the same problem in Internet Explorer.
I had an unexpected reboot again, after reboot my startupscreen in windows 'changed', had lines all over my screen similar to failing graphics hardware, virus alerts and a bluescreen.
So I did a 'hard' shutdown, and was lucky to be able to boot in safe mode and backup all my files.

Then I did a complete format and a reinstallation of Win7, so everything is fixed now :busy:

Thanks for all your help

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:06 PM

Posted 10 November 2010 - 08:14 AM

That is indeed the most fail-safe way to fix it. :)

I am glad to hear things are fine now.

I will now close this topic. If you need it reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users