Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

flvdirect.iamwired.net


  • This topic is locked This topic is locked
23 replies to this topic

#1 Tragedy63

Tragedy63

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 30 January 2011 - 07:53 AM

Hi everyone!
These past few days, I'm having flvdirect.iamwired.net trouble. Every time I get on the internet, whether it be through Google Chrome, Internet Explorer or Mozilla Firefox, I get redirected to hxxp://flvdirect.iamwired.net/. Very annoying indeed. I tried the obvious things: resetting my internet start-up page and removing flvdirect from the program list, but both attempts proved unsuccessful. So I ran a McAfee scan in safe mode, but that said everything was fine. Then I tried to find help at the McAfee community, and they recommended running malwarebytes.org. I ran a quick scan, let it remove everything it found (around 30 malware files), but unfortunately, that didn't solve the problem. Then I ran a complete scan, but that came up empty - everything should be fine. Which it wasn't. At that point, McAfee community wasn't able to help me anymore and kindly referred me to your website. So here I am!
I went through all of the steps of your Preparation Guide (very clear guide, even for a computer nitwit such as me, so kudos for that!) and would appreciate any help you can give me. Many thanks in advance!


DDS log:

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Jeroen at 13:23:39,15 on zo 30-01-2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.8187.6278 [GMT 1:00]

AV: McAfee Antivirus en antispyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Antivirus en antispyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jeroen\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101111225054.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
{27B4851A-3207-45A2-B947-BE8AFE6163AB}
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\2m4rp15d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://flvdirect.iamwired.net/
FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Jeroen\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-11-2 529128]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-6-7 55856]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-11-2 75032]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-11-2 283360]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-11 202752]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [2010-6-16 203280]
R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-11-2 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-11-2 355440]
R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-11-2 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-11-2 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-11-2 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2010-11-2 149032]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-5-11 1403208]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-11-2 62800]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-11-2 190136]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-11-2 441328]
R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-11-2 94864]
R3 RTL8167;Realtek 8167 NT-stuurprogramma;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-28 1255736]

=============== Created Last 30 ================

2011-01-30 11:38:05 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-01-30 00:18:09 -------- d-----w- C:\Users\Jeroen\AppData\Roaming\Malwarebytes
2011-01-30 00:18:00 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-30 00:17:59 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-01-30 00:17:57 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-01-30 00:17:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-01-29 19:26:21 7604231 ----a-w- C:\Program Files (x86)\stinger10101347.exe
2011-01-25 22:32:47 -------- d-----w- C:\Users\Jeroen\AppData\Local\Apple Computer
2011-01-25 22:32:28 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-01-25 22:32:28 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-01-25 22:32:28 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-01-25 22:32:19 -------- d-----w- C:\Program Files\iTunes
2011-01-25 22:32:19 -------- d-----w- C:\Program Files\iPod
2011-01-25 22:32:19 -------- d-----w- C:\Program Files (x86)\iTunes
2011-01-25 22:32:19 -------- d-----w- C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-01-25 22:30:38 -------- d-----w- C:\Program Files\Bonjour
2011-01-25 22:30:38 -------- d-----w- C:\Program Files (x86)\Bonjour

==================== Find3M ====================

2010-11-29 16:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 16:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-22 23:29:39 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2010-11-22 23:29:39 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2010-11-12 17:53:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:21:51 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2010-11-02 05:18:59 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2010-11-02 05:18:59 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll
2010-11-02 05:18:58 470016 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:12:53 1133568 ----a-w- C:\Windows\System32\FntCache.dll
2010-11-02 05:12:25 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2010-11-02 05:12:08 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2010-11-02 05:12:07 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2010-11-02 05:12:06 902656 ----a-w- C:\Windows\System32\d2d1.dll
2010-11-02 05:12:06 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:59:08 144384 ----a-w- C:\Windows\System32\cdd.dll
2010-11-02 04:41:36 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2010-11-02 04:41:36 283648 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2010-11-02 04:41:36 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:35:51 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2010-11-02 04:35:35 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2010-11-02 04:35:34 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2010-11-02 04:35:34 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2010-11-02 04:35:34 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-11-02 02:50:58 258048 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

============= FINISH: 13:24:04,06 ===============

Attached Files


Edited by Orange Blossom, 31 January 2011 - 12:09 AM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:03:28 AM

Posted 04 February 2011 - 01:15 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Best Regards,
oneof4.

Best Regards,
oneof4.


#3 Tragedy63

Tragedy63
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 05 February 2011 - 08:35 AM

Hi oneof4,
no need to apologize for the delay, I'm grateful for you guys helping me out and was already aware of the fact that you're quite busy. Thanks again for your help!
I ran the scan as requested and these are my reports:

OTL logfile created on: 5-2-2011 14:26:23 - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Jeroen\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

8,00 Gb Total Physical Memory | 7,00 Gb Available Physical Memory | 82,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 685,80 Gb Free Space | 73,63% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 784,48 Gb Free Space | 84,22% Space Free | Partition Type: NTFS
Drive F: | 1862,89 Gb Total Space | 864,32 Gb Free Space | 46,40% Space Free | Partition Type: NTFS
Drive G: | 1862,89 Gb Total Space | 943,87 Gb Free Space | 50,67% Space Free | Partition Type: NTFS
Drive H: | 1863,01 Gb Total Space | 844,73 Gb Free Space | 45,34% Space Free | Partition Type: NTFS

Computer Name: PC-1 | User Name: Jeroen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-02-05 14:05:44 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Jeroen\Desktop\OTL.exe
PRC - [2011-01-05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010-06-03 01:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009-11-04 17:20:14 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009-10-24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009-01-23 09:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
PRC - [2007-09-10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007-09-10 23:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe


========== Modules (SafeList) ==========

MOD - [2011-02-05 14:05:44 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Jeroen\Desktop\OTL.exe
MOD - [2010-08-21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009-01-23 09:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010-10-13 22:28:54 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010-10-13 22:28:54 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010-10-07 21:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010-08-24 14:57:38 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010-05-11 18:42:34 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010-03-10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2010-03-10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010-03-10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010-03-10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010-03-10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010-03-10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2009-11-11 05:58:54 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011-01-05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010-11-10 21:12:31 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010-06-07 17:11:21 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-05-11 18:47:40 | 001,403,208 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010-05-11 18:42:26 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-10-24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-01-23 09:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2007-09-10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010-10-13 22:28:54 | 000,529,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010-10-13 22:28:54 | 000,441,328 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010-10-13 22:28:54 | 000,283,360 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010-10-13 22:28:54 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010-10-13 22:28:54 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010-10-13 22:28:54 | 000,094,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010-10-13 22:28:54 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010-10-13 22:28:54 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010-04-27 19:40:40 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009-11-11 06:34:52 | 006,108,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009-09-30 15:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009-06-10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009-10-14 07:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3845605111-541914887-3482892206-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3845605111-541914887-3482892206-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3845605111-541914887-3482892206-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKU\S-1-5-21-3845605111-541914887-3482892206-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 05 90 90 7A CB 05 CB 01 [binary data]
IE - HKU\S-1-5-21-3845605111-541914887-3482892206-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3845605111-541914887-3482892206-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "http://flvdirect.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://flvdirect.iamwired.net/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..keyword.URL: "http://flvdirect.iamwired.net/websearch.php?src=tops&search="


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010-06-16 17:36:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-11-23 00:29:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-01-25 23:31:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-01-25 23:31:46 | 000,000,000 | ---D | M]

[2010-06-08 20:47:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeroen\AppData\Roaming\mozilla\Extensions
[2010-06-08 20:47:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeroen\AppData\Roaming\mozilla\Firefox\Profiles\2m4rp15d.default\extensions
[2010-06-17 23:09:10 | 000,000,266 | ---- | M] () -- C:\Users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\2m4rp15d.default\searchplugins\Search.xml
[2011-01-07 22:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010-08-15 20:01:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-08-16 22:19:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-10-17 22:29:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011-01-07 22:49:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010-06-16 17:36:21 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
File not found (No name found) -- C:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\2.BIN
[2010-11-23 00:29:56 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010-10-13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
[2010-11-12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-04-01 18:27:57 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010-04-01 18:27:57 | 000,004,558 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010-04-01 18:27:57 | 000,001,111 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010-04-01 18:27:57 | 000,001,049 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2010-04-01 18:27:57 | 000,001,106 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101111225054.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101111225054.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3845605111-541914887-3482892206-1001..\Run: [RESTART_STICKY_NOTES] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.104.196 213.46.228.196
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a4a0edc6-085f-11e0-bee8-6cf04956b3e6}\Shell - "" = AutoRun
O33 - MountPoints2\{a4a0edc6-085f-11e0-bee8-6cf04956b3e6}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-02-05 14:06:03 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Jeroen\Desktop\OTL.exe
[2011-02-05 14:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011-02-02 15:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011-02-02 15:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011-02-02 15:38:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011-02-02 15:38:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011-01-30 12:38:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011-01-30 12:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011-01-30 03:40:15 | 000,000,000 | ---D | C] -- C:\Users\Jeroen\AppData\Roaming\vlc
[2011-01-30 03:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011-01-30 01:18:09 | 000,000,000 | ---D | C] -- C:\Users\Jeroen\AppData\Roaming\Malwarebytes
[2011-01-30 01:18:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011-01-30 01:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-01-30 01:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-01-30 01:17:57 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011-01-30 01:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011-01-29 20:26:21 | 007,604,231 | ---- | C] (McAfee Inc.) -- C:\Program Files (x86)\stinger10101347.exe
[2011-01-26 18:50:55 | 000,000,000 | ---D | C] -- C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011-01-25 23:32:47 | 000,000,000 | ---D | C] -- C:\Users\Jeroen\AppData\Roaming\Apple Computer
[2011-01-25 23:32:47 | 000,000,000 | ---D | C] -- C:\Users\Jeroen\AppData\Local\Apple Computer
[2011-01-25 23:32:28 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2011-01-25 23:32:28 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2011-01-25 23:32:28 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011-01-25 23:32:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011-01-25 23:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011-01-25 23:31:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011-01-25 23:31:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011-01-25 23:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011-01-25 23:30:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011-01-25 23:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011-01-25 23:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011-01-25 23:30:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011-01-13 17:29:32 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011-01-13 17:29:32 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011-01-13 17:29:32 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011-01-13 17:29:32 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011-01-13 17:29:32 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011-01-13 17:29:32 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011-01-13 17:29:32 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011-01-13 17:29:32 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011-01-13 17:29:32 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011-01-13 17:29:31 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011-01-13 17:29:31 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011-01-13 17:29:31 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011-01-13 17:29:31 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011-01-13 17:29:31 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011-01-13 17:29:31 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011-01-13 17:29:31 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011-01-13 17:29:31 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011-01-13 17:29:31 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011-01-13 17:29:31 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011-01-13 17:29:31 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011-01-13 17:29:31 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011-01-13 17:29:31 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011-01-13 17:29:31 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011-01-13 17:29:31 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011-01-13 17:29:31 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011-01-13 17:29:31 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011-01-13 17:29:31 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011-01-13 17:29:28 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011-01-13 17:29:28 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011-01-07 22:49:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011-01-07 22:49:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011-01-07 22:49:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

========== Files - Modified Within 30 Days ==========

[2011-02-05 14:25:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3845605111-541914887-3482892206-1001UA.job
[2011-02-05 14:09:29 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-02-05 14:09:29 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-02-05 14:05:44 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Jeroen\Desktop\OTL.exe
[2011-02-05 14:02:35 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2011-02-05 14:02:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-02-05 14:02:06 | 2143,936,511 | -HS- | M] () -- C:\hiberfil.sys
[2011-02-04 17:25:00 | 000,001,016 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3845605111-541914887-3482892206-1001Core.job
[2011-02-04 15:11:52 | 000,002,398 | ---- | M] () -- C:\Users\Jeroen\Desktop\Google Chrome.lnk
[2011-02-04 15:11:52 | 000,002,275 | ---- | M] () -- C:\Users\Jeroen\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011-02-02 15:38:29 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011-02-01 23:14:08 | 001,549,262 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-02-01 23:14:08 | 000,701,326 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2011-02-01 23:14:08 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-02-01 23:14:08 | 000,133,358 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2011-02-01 23:14:08 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-01-30 13:22:25 | 000,000,000 | ---- | M] () -- C:\Users\Jeroen\defogger_reenable
[2011-01-30 12:38:05 | 000,002,093 | ---- | M] () -- C:\Users\Jeroen\Desktop\HijackThis.lnk
[2011-01-30 03:40:07 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011-01-30 01:18:00 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-01-29 23:15:17 | 000,000,017 | ---- | M] () -- C:\Program Files (x86)\stinger10101347.opt
[2011-01-29 19:58:04 | 007,604,231 | ---- | M] (McAfee Inc.) -- C:\Program Files (x86)\stinger10101347.exe
[2011-01-25 23:31:42 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

========== Files Created - No Company Name ==========

[2011-02-02 15:38:29 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011-01-30 13:22:25 | 000,000,000 | ---- | C] () -- C:\Users\Jeroen\defogger_reenable
[2011-01-30 12:38:05 | 000,002,093 | ---- | C] () -- C:\Users\Jeroen\Desktop\HijackThis.lnk
[2011-01-30 03:40:07 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011-01-30 01:18:00 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-01-29 21:22:26 | 000,000,017 | ---- | C] () -- C:\Program Files (x86)\stinger10101347.opt
[2011-01-26 18:51:00 | 000,002,398 | ---- | C] () -- C:\Users\Jeroen\Desktop\Google Chrome.lnk
[2011-01-26 18:51:00 | 000,002,275 | ---- | C] () -- C:\Users\Jeroen\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011-01-25 23:31:42 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010-06-08 19:32:22 | 000,000,017 | ---- | C] () -- C:\Users\Jeroen\AppData\Local\resmon.resmoncfg
[2010-06-07 23:27:17 | 000,005,632 | ---- | C] () -- C:\Users\Jeroen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-06-07 17:08:51 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

< End of report >

OTL Extras logfile created on: 5-2-2011 14:26:23 - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Jeroen\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

8,00 Gb Total Physical Memory | 7,00 Gb Available Physical Memory | 82,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 685,80 Gb Free Space | 73,63% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 784,48 Gb Free Space | 84,22% Space Free | Partition Type: NTFS
Drive F: | 1862,89 Gb Total Space | 864,32 Gb Free Space | 46,40% Space Free | Partition Type: NTFS
Drive G: | 1862,89 Gb Total Space | 943,87 Gb Free Space | 50,67% Space Free | Partition Type: NTFS
Drive H: | 1863,01 Gb Total Space | 844,73 Gb Free Space | 45,34% Space Free | Partition Type: NTFS

Computer Name: PC-1 | User Name: Jeroen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3845605111-541914887-3482892206-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0BB92499-E07A-531D-D9DF-D85862F6EAAD}" = ATI Catalyst Install Manager
"{42822DCA-21E7-49C6-20DE-9FAC7A4980C2}" = ATI Problem Report Wizard
"{6B06B783-FEBA-944A-C1DE-26032C12AA7C}" = ccc-utility64
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2007
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
"{F2DEDF1D-AFB2-CCFD-54C4-05BED30C75ED}" = ATI AVIVO64 Codecs
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{038E0E55-9758-49A1-892D-5226FAED5395}" = CCC Help Italian
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{121C477C-5B7B-44E3-B621-BDDB542AE8FD}" = TuneUp Utilities Language Pack (en-GB)
"{12499C3D-9197-EF35-0499-2FD15F0B3750}" = CCC Help German
"{1695F36D-6501-8139-FCC4-C8EAEDD8CEE0}" = CCC Help Polish
"{1C5509E5-0217-8D75-AE02-29F492990EC6}" = Catalyst Control Center HydraVision Full
"{204F1BCA-E5C9-091E-797D-F1C89BC8EABC}" = CCC Help English
"{23D6C05C-E8BB-0812-7C96-33F0E25A6388}" = HydraVision
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 23
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2C85BCF9-4CD2-3428-F61F-DFC8120DA962}" = Catalyst Control Center Localization All
"{34EA290B-46FE-842B-570D-B7FD8DA524CE}" = CCC Help Finnish
"{36424AC9-1F0A-5F04-EE8A-AA67AFFF0E38}" = CCC Help Thai
"{37FF2633-E9CF-2BEA-07E5-5C7CEB95D19C}" = CCC Help Hungarian
"{3888AA11-8C88-75FE-C777-9091A30906F1}" = CCC Help Chinese Traditional
"{3FB5B60F-1DBE-4E41-D1B6-7725D2EB6C28}" = CCC Help Swedish
"{43787BBC-2502-F521-D190-4D0F3D3F577D}" = CCC Help Korean
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BA93046-491F-0DAF-BD71-6950CAB9C3B3}" = CCC Help Norwegian
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6FA1BBE7-C9C9-A690-B02B-DA870D870C85}" = ccc-core-static
"{793A82B9-A40A-24B2-64D2-E94861E2394E}" = Catalyst Control Center Graphics Previews Common
"{8213E9E7-AFAF-79B8-DB19-F86FA9461F65}" = CCC Help Chinese Standard
"{826BAFB7-04F7-FADE-9498-ADBCEBFE1BDB}" = CCC Help Greek
"{8792CEDD-7FFF-A9FC-430C-357D9277715D}" = Catalyst Control Center InstallProxy
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B03690C-8D38-FE9D-7018-69217FC80377}" = CCC Help French
"{8D4E9553-BCEB-6FEC-2792-49957375B43D}" = CCC Help Spanish
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0413-1000-0000000FF1CE}_HOMESTUDENTR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_HOMESTUDENTR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95C489A8-CB62-493C-8312-CA34ED2A3F12}" = CCC Help Dutch
"{9CA76423-9C56-0E19-0FAC-29312B65387C}" = CCC Help Turkish
"{A1F46482-7396-F8E7-305A-3D705A7118D2}" = CCC Help Portuguese
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A93F5A52-4BFB-FC4B-711B-A7DBF2D0B3D7}" = CCC Help Japanese
"{AC76BA86-7AD7-1043-7B44-A94000000001}" = Adobe Reader 9.4.1 - Nederlands
"{B365F570-2800-9F57-1E82-EC6F6C53BB3E}" = Catalyst Control Center Graphics Full Existing
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{BD9F9101-9120-4454-B186-CFD22C64856E}" = Google SketchUp 7
"{C1505E9E-C2EF-71EE-2440-2A47F909C2ED}" = CCC Help Czech
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C6B61052-2A15-1322-4EBD-1A8D6CCED0DA}" = CCC Help Russian
"{CAF9161C-0D5C-9C91-5A07-16C8AD61742B}" = Catalyst Control Center Graphics Full New
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D5F587D9-7C72-F53B-5463-B05E781315E1}" = CCC Help Danish
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DFB61AE1-6C02-5388-EABD-35F872D95018}" = Catalyst Control Center Graphics Light
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F1806FC2-13EE-A21F-F4A0-705D55BA47DE}" = Catalyst Control Center Core Implementation
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{FB366EEB-C608-0993-CB9E-54789A6107DC}" = Catalyst Control Center Graphics Previews Vista
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DivX Setup.divx.com" = DivX Setup
"ExtractNow_is1" = ExtractNow
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSC" = McAfee Internet Security
"RapidShare Manager" = RapidShare Manager
"RarZilla Free Unrar" = RarZilla Free Unrar
"RealPlayer 12.0" = RealPlayer
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 1.1.6

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3845605111-541914887-3482892206-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29-1-2011 14:28:38 | Computer Name = PC-1 | Source = SideBySide | ID = 16842815
Description = Kan activeringscontext voor 'C:\Program Files (x86)\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll' niet maken. Fout in manifest of beleidsbestand
'C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel
3. De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
van kenmerk version in element assemblyIdentity is ongeldig.

Error - 30-1-2011 9:33:31 | Computer Name = PC-1 | Source = SideBySide | ID = 16842815
Description = Kan activeringscontext voor 'C:\Program Files (x86)\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll' niet maken. Fout in manifest of beleidsbestand
'C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel
3. De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
van kenmerk version in element assemblyIdentity is ongeldig.

Error - 31-1-2011 13:32:13 | Computer Name = PC-1 | Source = SideBySide | ID = 16842785
Description = Kan activeringscontext voor 'c:\program files (x86)\real\realplayer\plugins\rmxrend.dll'
niet maken. Kan afhankelijke assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose.

Error - 31-1-2011 13:32:23 | Computer Name = PC-1 | Source = SideBySide | ID = 16842785
Description = Kan activeringscontext voor 'c:\program files (x86)\real\realplayer\plugins\rmxrend.dll'
niet maken. Kan afhankelijke assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose.

Error - 31-1-2011 16:12:10 | Computer Name = PC-1 | Source = SideBySide | ID = 16842815
Description = Kan activeringscontext voor 'C:\Program Files (x86)\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll' niet maken. Fout in manifest of beleidsbestand
'C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel
3. De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
van kenmerk version in element assemblyIdentity is ongeldig.

Error - 1-2-2011 16:02:18 | Computer Name = PC-1 | Source = SideBySide | ID = 16842815
Description = Kan activeringscontext voor 'C:\Program Files (x86)\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll' niet maken. Fout in manifest of beleidsbestand
'C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel
3. De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
van kenmerk version in element assemblyIdentity is ongeldig.

Error - 2-2-2011 10:59:39 | Computer Name = PC-1 | Source = SideBySide | ID = 16842815
Description = Kan activeringscontext voor 'C:\Program Files (x86)\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll' niet maken. Fout in manifest of beleidsbestand
'C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel
3. De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
van kenmerk version in element assemblyIdentity is ongeldig.

Error - 2-2-2011 15:18:50 | Computer Name = PC-1 | Source = SideBySide | ID = 16842815
Description = Kan activeringscontext voor 'C:\Program Files (x86)\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll' niet maken. Fout in manifest of beleidsbestand
'C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel
3. De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
van kenmerk version in element assemblyIdentity is ongeldig.

Error - 3-2-2011 16:41:45 | Computer Name = PC-1 | Source = SideBySide | ID = 16842815
Description = Kan activeringscontext voor 'C:\Program Files (x86)\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll' niet maken. Fout in manifest of beleidsbestand
'C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel
3. De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
van kenmerk version in element assemblyIdentity is ongeldig.

Error - 4-2-2011 9:25:14 | Computer Name = PC-1 | Source = SideBySide | ID = 16842785
Description = Kan activeringscontext voor 'c:\program files (x86)\real\realplayer\plugins\rmxrend.dll'
niet maken. Kan afhankelijke assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose.

[ System Events ]
Error - 29-1-2011 20:20:23 | Computer Name = PC-1 | Source = Service Control Manager | ID = 7001
Description = De Computer Browser-service is afhankelijk van de Server-service,
die vanwege de volgende fout niet kan worden gestart: %%1068

Error - 29-1-2011 20:20:23 | Computer Name = PC-1 | Source = Service Control Manager | ID = 7001
Description = De Computer Browser-service is afhankelijk van de Server-service,
die vanwege de volgende fout niet kan worden gestart: %%1068

Error - 29-1-2011 20:20:23 | Computer Name = PC-1 | Source = Service Control Manager | ID = 7001
Description = De Computer Browser-service is afhankelijk van de Server-service,
die vanwege de volgende fout niet kan worden gestart: %%1068

Error - 1-2-2011 20:18:59 | Computer Name = PC-1 | Source = volsnap | ID = 393252
Description = Bij de schaduwkopieŰn van volume C: zijn afgebroken omdat de schaduwkopieopslag
niet kan worden uitgebreid vanwege een door de gebruiker opgelegde limiet.

Error - 1-2-2011 20:23:47 | Computer Name = PC-1 | Source = DCOM | ID = 10010
Description =

Error - 2-2-2011 10:36:56 | Computer Name = PC-1 | Source = Service Control Manager | ID = 7031
Description = De Mobiel Apple apparaat-service is onverwacht gestopt. Dit is 1 keer
gebeurd. De volgende herstelbewerking zal over 60000 milliseconden worden uitgevoerd:
Service opnieuw starten.

Error - 2-2-2011 10:37:08 | Computer Name = PC-1 | Source = Service Control Manager | ID = 7031
Description = De Mobiel Apple apparaat-service is onverwacht gestopt. Dit is 2 keer
gebeurd. De volgende herstelbewerking zal over 60000 milliseconden worden uitgevoerd:
Service opnieuw starten.

Error - 2-2-2011 10:38:08 | Computer Name = PC-1 | Source = Service Control Manager | ID = 7032
Description = Servicebesturingsbeheer heeft na het onverwachte afsluiten van de
Mobiel Apple apparaat-service geprobeerd een herstelactie (Service opnieuw starten)
uit te voeren, maar deze actie is met de volgende fout mislukt: %%1056

Error - 4-2-2011 11:17:15 | Computer Name = PC-1 | Source = volsnap | ID = 393252
Description = Bij de schaduwkopieŰn van volume C: zijn afgebroken omdat de schaduwkopieopslag
niet kan worden uitgebreid vanwege een door de gebruiker opgelegde limiet.

Error - 4-2-2011 19:31:32 | Computer Name = PC-1 | Source = bowser | ID = 8003
Description =


< End of report >

#4 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:03:28 AM

Posted 05 February 2011 - 12:36 PM

Hello Tragedy63, and :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

As already stated, I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Watch Topic. If you click on this, another page will open. Please choose Immediate Notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

Please allow me some time to research your logs, and we will begin the process of restoring your joy in using your computer. :thumbup2:

Best Regards,
oneof4.

Best Regards,
oneof4.


#5 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:03:28 AM

Posted 08 February 2011 - 10:58 AM

Hello Tragedy63 :)


We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    FF - prefs.js..browser.search.defaultenginename: "Search"
    FF - prefs.js..browser.search.defaulturl: "http://flvdirect.iamwired.net/websearch.php?src=tops&search="
    FF - prefs.js..browser.search.selectedEngine: "Search"
    FF - prefs.js..browser.startup.homepage: "http://flvdirect.iamwired.net/"
    FF - prefs.js..keyword.URL: "http://flvdirect.iamwired.net/websearch.php?src=tops&search="
    [2010-06-17 23:09:10 | 000,000,266 | ---- | M] () -- C:\Users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\2m4rp15d.default\searchplugins\Search.xml
    FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.1
    File not found (No name found) -- C:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\2.BIN
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.


Best Regards,
oneof4.

Best Regards,
oneof4.


#6 Tragedy63

Tragedy63
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 11 February 2011 - 10:36 AM

Hi oneof4,

Thanks for your reply. I did as you asked (OTL did not ask to reboot the machine, by the way) and below are the results.
Thanks again for helping me out! :thumbsup:

Best regards,
Tragedy63


========== OTL ==========
Prefs.js: "Search" removed from browser.search.defaultenginename
Prefs.js: "http://flvdirect.iamwired.net/websearch.php?src=tops&search=" removed from browser.search.defaulturl
Prefs.js: "Search" removed from browser.search.selectedEngine
Prefs.js: "http://flvdirect.iamwired.net/" removed from browser.startup.homepage
Prefs.js: "http://flvdirect.iamwired.net/websearch.php?src=tops&search=" removed from keyword.URL
C:\Users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\2m4rp15d.default\searchplugins\Search.xml moved successfully.
Prefs.js: m3ffxtbr@mywebsearch.com:1.1 removed from extensions.enabledItems

OTL by OldTimer - Version 3.2.20.6 log created on 02112011_163116

#7 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:03:28 AM

Posted 11 February 2011 - 01:00 PM

Hello Tragedy63 :)

How are the redirects now? All three browsers behaving correctly?

Best Regards,
oneof4.


#8 Tragedy63

Tragedy63
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 11 February 2011 - 03:32 PM

Hi oneof4,

Nearly there! Mozilla and Internet Explorer are back to normal :thumbup2:
Unfortunately, my favorite browser Google is still being redirected.
So if you could spare me a little bit more of your time, it would be much appreciated!

Best regards,
Tragedy63

#9 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:03:28 AM

Posted 14 February 2011 - 09:11 PM

Hey Tragedy63 :)

Let's try this:

  • Open Google Chrome
  • Click the wrench icon on the browser toolbar.
  • Select Tools.
  • Select Clear browsing data.
  • In the dialog that appears, select the checkboxes for the types of information that you want to remove.
  • Use the "Clear data from this period" menu to select the amount of data that you want to delete.
  • Click Clear browsing data.
  • Close then reopen Google Chrome.

How is it now? Are you still being redirected?

Best Regards,
oneof4.


#10 Tragedy63

Tragedy63
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 15 February 2011 - 02:55 AM

Hey oneof4,

This is a tough one, I'm afraid. I did as you asked and it won't budge - I'm still being redirected. :huh:
Hope you can spare me a bit more of your time!

Thanks & best regards,
Tragedy63

#11 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:03:28 AM

Posted 15 February 2011 - 12:41 PM

Hello Tragedy63 :)

Try this:

Open MBAM (MalwareBytes Anti-Malware), Update it, Run a Quick Scan. Then please copy and paste the results log into your next reply.

Did that stop the redirects?

Best Regards,
oneof4.


#12 Tragedy63

Tragedy63
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 15 February 2011 - 05:56 PM

Hey oneof4,

Here are the results of my quick scan. Since it's in Dutch, let me translate that it found nothing out of order, but it didn't stop the redirects. :killcomp:
Thanks for your effort & hope you can spare me a bit more of your time!

Best regards,
Tragedy63


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Databaseversie: 5769

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15-2-2011 23:48:43
mbam-log-2011-02-15 (23-48-43).txt

Scantype: Snelle scan
Objecten gescand: 156443
Verstreken tijd: 1 minuut/minuten, 38 seconde(n)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 0
Registerwaarden ge´nfecteerd: 0
Registerdata ge´nfecteerd: 0
Mappen ge´nfecteerd: 0
Bestanden ge´nfecteerd: 0

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

#13 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:03:28 AM

Posted 16 February 2011 - 01:36 PM

Hey :)

We'll get it, just bear with me. :wink:

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.Link 1
Link 2
Link 3
  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

Best Regards,
oneof4.


#14 Tragedy63

Tragedy63
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 16 February 2011 - 02:48 PM

Hi oneof4,

Thanks for the continued support! :thumbup2:
Below are the results of my MBRCheck.exe
So glad you understand all this, 'cause I sure don't :blink:

Best regards,
Tragedy63



MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: P55A-UD4
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 189):
0x03005000 \SystemRoot\system32\ntoskrnl.exe
0x035E2000 \SystemRoot\system32\hal.dll
0x00BBA000 \SystemRoot\system32\kdcom.dll
0x00CB6000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CFA000 \SystemRoot\system32\PSHED.dll
0x00D0E000 \SystemRoot\system32\CLFS.SYS
0x00E2C000 \SystemRoot\system32\CI.dll
0x00EEC000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F90000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F9F000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FF6000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00E00000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00D6C000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E0A000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E17000 \SystemRoot\System32\drivers\partmgr.sys
0x00D9F000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00C5C000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00C63000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00C73000 \SystemRoot\System32\drivers\mountmgr.sys
0x00C8D000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00DB4000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00DDE000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0100A000 \SystemRoot\system32\drivers\fltmgr.sys
0x01056000 \SystemRoot\system32\drivers\fileinfo.sys
0x0106A000 \SystemRoot\system32\drivers\mfehidk.sys
0x010E9000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01208000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010F6000 \SystemRoot\System32\Drivers\msrpc.sys
0x013AB000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01154000 \SystemRoot\System32\Drivers\cng.sys
0x013C5000 \SystemRoot\System32\drivers\pcw.sys
0x013D6000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0144D000 \SystemRoot\system32\drivers\ndis.sys
0x0153F000 \SystemRoot\system32\drivers\NETIO.SYS
0x0159F000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01400000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x015CA000 \SystemRoot\System32\Drivers\spldr.sys
0x016AB000 \SystemRoot\System32\drivers\rdyboost.sys
0x016E5000 \SystemRoot\System32\Drivers\mup.sys
0x016F7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01700000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0173A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01750000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x017B6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x017E0000 \SystemRoot\System32\Drivers\Null.SYS
0x017E9000 \SystemRoot\System32\Drivers\Beep.SYS
0x017F0000 \SystemRoot\System32\drivers\vga.sys
0x01600000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01625000 \SystemRoot\System32\drivers\watchdog.sys
0x01635000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0163E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01647000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01650000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0165B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03C03000 \SystemRoot\System32\drivers\tcpip.sys
0x03ED8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x03F22000 \SystemRoot\system32\drivers\mfewfpk.sys
0x03F66000 \SystemRoot\system32\drivers\TDI.SYS
0x03F73000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03F91000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03E00000 \SystemRoot\system32\drivers\afd.sys
0x03E8A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03E93000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03EB9000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x03FD6000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0166C000 \SystemRoot\system32\DRIVERS\serial.sys
0x03FE5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x01689000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0402E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0407F000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0408B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04096000 \SystemRoot\System32\drivers\discache.sys
0x040A5000 \SystemRoot\System32\Drivers\dfsc.sys
0x040C3000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x040D4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x040FA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04670000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x04C95000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04D89000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04DCF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04DF3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04600000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04656000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04110000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04142000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04180000 \SystemRoot\system32\DRIVERS\serenum.sys
0x0418C000 \SystemRoot\system32\DRIVERS\parport.sys
0x041A9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04667000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x041B6000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x041C6000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x041DC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04000000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x011C7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0400C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x015D2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x013E0000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x00DE9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x00C96000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04027000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04E81000 \SystemRoot\system32\DRIVERS\ks.sys
0x04EC4000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04ED6000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04F30000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04F45000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x04F66000 \SystemRoot\system32\drivers\portcls.sys
0x04FA3000 \SystemRoot\system32\drivers\drmk.sys
0x04FC5000 \SystemRoot\system32\drivers\ksthunk.sys
0x04E00000 \SystemRoot\system32\drivers\HdAudio.sys
0x04FCB000 \SystemRoot\system32\drivers\mfeavfk.sys
0x05E40000 \SystemRoot\system32\drivers\mfefirek.sys
0x00080000 \SystemRoot\System32\win32k.sys
0x05EAA000 \SystemRoot\System32\drivers\Dxapi.sys
0x05EB6000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05EC4000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05ED0000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x05ED9000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05EEC000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005F0000 \SystemRoot\System32\TSDDD.dll
0x007B0000 \SystemRoot\System32\cdd.dll
0x05EFA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05F17000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05F19000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05F27000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05F40000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05F49000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05F57000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05F64000 \SystemRoot\system32\drivers\luafv.sys
0x05F87000 \SystemRoot\system32\drivers\WudfPf.sys
0x05FA8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05FBD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05FD5000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05E00000 \SystemRoot\System32\drivers\mpsdrv.sys
0x01780000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0449D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x044EB000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0450E000 \SystemRoot\system32\drivers\HTTP.sys
0x0681B000 \SystemRoot\system32\drivers\peauth.sys
0x068C1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x068CC000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x068F9000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0690B000 \SystemRoot\System32\DRIVERS\srv2.sys
0x04400000 \SystemRoot\System32\DRIVERS\srv.sys
0x0699F000 \??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
0x069A7000 \SystemRoot\system32\drivers\mfeapfk.sys
0x069C3000 \SystemRoot\system32\drivers\cfwids.sys
0x096C8000
0x09739000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x777D0000 \Windows\System32\ntdll.dll
0x483C0000 \Windows\System32\smss.exe
0xFFAF0000 \Windows\System32\apisetschema.dll
0xFFDF0000 \Windows\System32\autochk.exe
0xFFAD0000 \Windows\System32\lpk.dll
0xFFA00000 \Windows\System32\usp10.dll
0xFF880000 \Windows\System32\urlmon.dll
0xFF800000 \Windows\System32\shlwapi.dll
0xFF6F0000 \Windows\System32\msctf.dll
0xFF4E0000 \Windows\System32\ole32.dll
0xFF300000 \Windows\System32\setupapi.dll
0xFF260000 \Windows\System32\comdlg32.dll
0xFF130000 \Windows\System32\rpcrt4.dll
0x779A0000 \Windows\System32\normaliz.dll
0xFF0E0000 \Windows\System32\ws2_32.dll
0xFF0C0000 \Windows\System32\sechost.dll
0xFF020000 \Windows\System32\clbcatq.dll
0xFF000000 \Windows\System32\imagehlp.dll
0xFEFF0000 \Windows\System32\nsi.dll
0xFEF80000 \Windows\System32\gdi32.dll
0xFEF00000 \Windows\System32\difxapi.dll
0xFEED0000 \Windows\System32\imm32.dll
0x77990000 \Windows\System32\psapi.dll
0xFE140000 \Windows\System32\shell32.dll
0xFDEE0000 \Windows\System32\iertutil.dll
0xFDE00000 \Windows\System32\advapi32.dll
0xFDCD0000 \Windows\System32\wininet.dll
0xFDBF0000 \Windows\System32\oleaut32.dll
0xFDB50000 \Windows\System32\msvcrt.dll
0xFDB00000 \Windows\System32\Wldap32.dll
0x776B0000 \Windows\System32\kernel32.dll
0x775B0000 \Windows\System32\user32.dll
0xFD990000 \Windows\System32\crypt32.dll
0xFD970000 \Windows\System32\devobj.dll
0xFD8D0000 \Windows\System32\comctl32.dll
0xFD890000 \Windows\System32\wintrust.dll
0xFD820000 \Windows\System32\KernelBase.dll
0xFD7E0000 \Windows\System32\cfgmgr32.dll
0xFD7D0000 \Windows\System32\msasn1.dll
0x75580000 \Windows\SysWOW64\normaliz.dll

Processes (total 58):
0 System Idle Process
4 System
260 C:\Windows\System32\smss.exe
472 csrss.exe
536 C:\Windows\System32\wininit.exe
560 csrss.exe
592 C:\Windows\System32\services.exe
608 C:\Windows\System32\lsass.exe
616 C:\Windows\System32\lsm.exe
736 C:\Windows\System32\winlogon.exe
768 C:\Windows\System32\svchost.exe
844 C:\Windows\System32\svchost.exe
912 C:\Windows\System32\atiesrxx.exe
972 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
196 C:\Windows\System32\svchost.exe
548 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\atieclxx.exe
1064 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\svchost.exe
1316 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
1432 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1464 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1588 C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
1676 C:\Windows\System32\taskhost.exe
1756 C:\Windows\System32\mfevtps.exe
1764 C:\Windows\SysWOW64\rundll32.exe
1928 C:\Windows\System32\dwm.exe
1964 C:\Windows\explorer.exe
1240 C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
1188 C:\Windows\System32\svchost.exe
1476 C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
268 C:\Windows\System32\svchost.exe
664 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2020 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2192 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
2228 C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
2352 C:\Program Files\Windows Sidebar\sidebar.exe
2364 C:\Windows\System32\StikyNot.exe
2576 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
2592 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2636 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2664 C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
2672 C:\Program Files\McAfee.com\Agent\mcagent.exe
3272 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3660 C:\Windows\System32\svchost.exe
3784 C:\Windows\System32\svchost.exe
3948 C:\Program Files\Windows Media Player\wmpnetwk.exe
4368 C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\chrome.exe
4464 C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\chrome.exe
4600 C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
4568 C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\chrome.exe
4660 C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\chrome.exe
4736 C:\Users\Jeroen\AppData\Local\Google\Chrome\Application\chrome.exe
360 C:\Windows\System32\audiodg.exe
1212 C:\Users\Jeroen\Desktop\MBRCheck (1).exe
4076 C:\Windows\System32\conhost.exe
2088 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive2 at offset 0x00000000`06500000 (NTFS)
\\.\E: --> \\.\PhysicalDrive3 at offset 0x00000000`00100000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000000`08100000 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`08100000 (NTFS)
\\.\H: --> \\.\PhysicalDrive4 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive2 Model Number: SAMSUNGHD103SJ, Rev: 1AJ10001
PhysicalDrive3 Model Number: SAMSUNGHD103SJ, Rev: 1AJ10001
PhysicalDrive0 Model Number: WDCWD20EARS-00MVWB0, Rev: 51.0AB51
PhysicalDrive1 Model Number: WDCWD20EARS-00MVWB0, Rev: 51.0AB51
PhysicalDrive4 Model Number: WDCWD20EARS-00MVWB0, Rev: 51.0AB51

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive2 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
931 GB \\.\PhysicalDrive3 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
1863 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
1863 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
1863 GB \\.\PhysicalDrive4 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

#15 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:03:28 AM

Posted 17 February 2011 - 07:55 AM

Hello Tragedy63 :)

Please perform the following:

DNS Flush

  • Click Start > Run type in cmd and hit ENTER.
  • At the DOS prompt (C:\), type ipconfig /flushdns and hit ENTER.


Router Reset

  • On the back of your router there should be a "reset" button. This is usually a small recessed button, that is accessable with a small pointed object, such as a paper clip.
  • Press in on the button until all lights, except possibly the power light, go out on the router.
  • Give the router a minute or two, and it should be back up and running.
  • Using your router's instruction manual, perform the steps necessary to change your log in and password.

If you have a problem understanding how to change your login and password, provide the brand and model number of your router in your next reply, and I will try to research it.

Best Regards,
oneof4.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users