Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with many Trojan horse


  • This topic is locked This topic is locked
26 replies to this topic

#1 anti-trojans

anti-trojans

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 18 August 2012 - 09:42 AM

AVG showed me that my PC is infected with more than 60 Trojans horse PSW agent ( AUET, ARMW, ASJX, UCX, ), but he fails to eliminate them.


These antimalware and anti-virus found nothing: Malwarebytes, Avast anti-virus, Microsoft forefront anti-virus, ComboFix, SUPERAntiSpyware, Hitmanpro, RogueKiller, TDSSkiller, f6bnhjcd.exe and Spybot Search en Destroy .

My PC is very slow and I get popups that my Outlook expres is not the default e-mail server.

Can someone please help me to get rid of this virus and malware?

Attached Files


Edited by anti-trojans, 18 August 2012 - 09:44 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:54 PM

Posted 23 August 2012 - 09:35 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    Lately the Microsoft site has not been available. If this is the case please ignore and continue.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
===

Please post the logs and let me know if the problem persists.

#3 anti-trojans

anti-trojans
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 24 August 2012 - 05:10 AM

.

Edited by anti-trojans, 24 August 2012 - 05:12 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:54 PM

Posted 25 August 2012 - 06:44 AM

Are you still with me?

#5 anti-trojans

anti-trojans
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 25 August 2012 - 07:34 AM

Combofix
1. Combofix detects that avg antivirus active is on my PC. But I have disabled and deleted avg from my PC.
2. During the installation of RECOVERY CONSOLE I, combofix shows the following message: " Boot Partition cannot be enumerated."

3. Combofix indicates that RECOVERY CONSOLE is not installed on my PC.
4. Combofix Log is in the Dutch language and therefore hard to understand for those who do not speak Dutch.

Here are other logs:

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:54 PM

Posted 25 August 2012 - 08:32 AM

We learned that the Microsoft Site is presently down. So the Recovery console cannot be installed at the moment.

Remove the AdWare.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
===

Your Security Screen is clean.

===

My PC is very slow and I get popups that my Outlook expres is not the default e-mail server.


Go to this Microsoft page.
http://support.microsoft.com/kb/306098

Execute the fix under the MORE INFORMATION section.

How is it now?

===

AVG is very agressive and does not let go easyly.
Lets try this.

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#7 anti-trojans

anti-trojans
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 25 August 2012 - 02:27 PM

Go to this Microsoft page.
http://support.microsoft.com/kb/306098

Execute the fix under the MORE INFORMATION section.

How is it now?

I have never used Outlook express. He was never installed as default email client / server. Previously I don’t got that message/alert. The popup is maybe a virus alert.

AdwCleaner[S1].txt

# AdwCleaner v1.801 - Logfile created 08/25/2012 at 20:19:06
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Admin - 9189D62C8
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Admin\Bureaublad\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Admin\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Admin\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Admin\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\qg0szubg.default\ConduitCommon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\qg0szubg.default\searchplugins\funmoods.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\user.js

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2865317
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={89F850C7-C022-4447-9837-12284EF6532F}&mid=&lang=nl&ds=AVG&pr=pr&d=2012-08-25 10:27:32&v=11.0.0.10&sap=nt --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\qg0szubg.default\prefs.js

C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\qg0szubg.default\user.js ... Deleted !

Deleted : user_pref("CT2865317..clientLogIsEnabled", false);
Deleted : user_pref("CT2865317..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2865317..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2865317.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2865317.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2865317.AppTrackingLastCheckTime", "Thu Mar 15 2012 13:40:50 GMT+0100");
Deleted : user_pref("CT2865317.CTID", "CT2865317");
Deleted : user_pref("CT2865317.CurrentServerDate", "15-3-2012");
Deleted : user_pref("CT2865317.DSInstall", false);
Deleted : user_pref("CT2865317.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2865317.DialogsGetterLastCheckTime", "Thu Mar 15 2012 13:40:33 GMT+0100");
Deleted : user_pref("CT2865317.DownloadReferralCookieData", "");
Deleted : user_pref("CT2865317.EMailNotifierPollDate", "Thu Mar 15 2012 13:40:34 GMT+0100");
Deleted : user_pref("CT2865317.FeedLastCount5397019970362056034", 182);
Deleted : user_pref("CT2865317.FeedPollDate2429156812186649977", "Thu Mar 15 2012 13:40:36 GMT+0100");
Deleted : user_pref("CT2865317.FeedPollDate2429156813040823546", "Thu Mar 15 2012 13:40:36 GMT+0100");
Deleted : user_pref("CT2865317.FeedPollDate2429156813130095866", "Thu Mar 15 2012 13:40:34 GMT+0100");
Deleted : user_pref("CT2865317.FeedPollDate2429156813224203613", "Thu Mar 15 2012 13:40:36 GMT+0100");
Deleted : user_pref("CT2865317.FeedPollDate2429156813230837251", "Thu Mar 15 2012 13:40:36 GMT+0100");
Deleted : user_pref("CT2865317.FeedPollDate2429156813454291735", "Thu Mar 15 2012 13:40:36 GMT+0100");
Deleted : user_pref("CT2865317.FeedPollDate2429156813729834876", "Thu Mar 15 2012 13:40:34 GMT+0100");
Deleted : user_pref("CT2865317.FeedPollDate2429156813860870021", "Thu Mar 15 2012 13:40:36 GMT+0100");
Deleted : user_pref("CT2865317.FeedPollDate2429156814264681793", "Thu Mar 15 2012 13:40:36 GMT+0100");
Deleted : user_pref("CT2865317.FeedPollDate2429156814863075366", "Thu Mar 15 2012 13:40:36 GMT+0100");
Deleted : user_pref("CT2865317.FeedPollDate2429156815257761081", "Thu Mar 15 2012 13:40:36 GMT+0100");
Deleted : user_pref("CT2865317.FeedTTL2429156813040823546", 15);
Deleted : user_pref("CT2865317.FeedTTL2429156813130095866", 10);
Deleted : user_pref("CT2865317.FeedTTL2429156813454291735", 5);
Deleted : user_pref("CT2865317.FeedTTL2429156814264681793", 5);
Deleted : user_pref("CT2865317.FirstServerDate", "15-3-2012");
Deleted : user_pref("CT2865317.FirstTime", true);
Deleted : user_pref("CT2865317.FirstTimeFF3", true);
Deleted : user_pref("CT2865317.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2865317.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2865317.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2865317.HPInstall", false);
Deleted : user_pref("CT2865317.HasUserGlobalKeys", true);
Deleted : user_pref("CT2865317.Initialize", true);
Deleted : user_pref("CT2865317.InitializeCommonPrefs", true);
Deleted : user_pref("CT2865317.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2865317.InstallationId", "ConduitXPEIntegration");
Deleted : user_pref("CT2865317.InstallationType", "ConduitXPEIntegration");
Deleted : user_pref("CT2865317.InstalledDate", "Thu Mar 15 2012 13:40:34 GMT+0100");
Deleted : user_pref("CT2865317.IsGrouping", false);
Deleted : user_pref("CT2865317.IsInitSetupIni", true);
Deleted : user_pref("CT2865317.IsMulticommunity", false);
Deleted : user_pref("CT2865317.IsOpenThankYouPage", true);
Deleted : user_pref("CT2865317.IsOpenUninstallPage", false);
Deleted : user_pref("CT2865317.LanguagePackLastCheckTime", "Thu Mar 15 2012 13:40:37 GMT+0100");
Deleted : user_pref("CT2865317.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2865317.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2865317.LastLogin_3.10.0.1", "Thu Mar 15 2012 13:40:36 GMT+0100");
Deleted : user_pref("CT2865317.LatestVersion", "3.10.0.1");
Deleted : user_pref("CT2865317.Locale", "nl");
Deleted : user_pref("CT2865317.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2865317.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2865317.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2865317.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2865317.OriginalFirstVersion", "3.10.0.1");
Deleted : user_pref("CT2865317.SearchCaption", "uTorrentBar_NL Customized Web Search");
Deleted : user_pref("CT2865317.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2865317.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT286[...]
Deleted : user_pref("CT2865317.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2865317.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2865317.SearchInNewTabLastCheckTime", "Thu Mar 15 2012 13:40:37 GMT+0100");
Deleted : user_pref("CT2865317.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2865317.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2865317.ServiceMapLastCheckTime", "Thu Mar 15 2012 13:40:33 GMT+0100");
Deleted : user_pref("CT2865317.SettingsLastCheckTime", "Thu Mar 15 2012 13:40:33 GMT+0100");
Deleted : user_pref("CT2865317.SettingsLastUpdate", "1325074971");
Deleted : user_pref("CT2865317.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2865317&SearchSource=13");
Deleted : user_pref("CT2865317.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2865317.ThirdPartyComponentsLastCheck", "Thu Mar 15 2012 13:40:33 GMT+0100");
Deleted : user_pref("CT2865317.ThirdPartyComponentsLastUpdate", "1256026239");
Deleted : user_pref("CT2865317.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2865317.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2865317");
Deleted : user_pref("CT2865317.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2865317.UserID", "UN58451090926111942");
Deleted : user_pref("CT2865317.WeatherNetwork", "");
Deleted : user_pref("CT2865317.WeatherPollDate", "Thu Mar 15 2012 13:40:37 GMT+0100");
Deleted : user_pref("CT2865317.WeatherUnit", "C");
Deleted : user_pref("CT2865317.alertChannelId", "1257316");
Deleted : user_pref("CT2865317.backendstorage.cbfirsttime", "546875204D617220313520323031322031333A34303A34312[...]
Deleted : user_pref("CT2865317.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2865317.globalFirstTimeInfoLastCheckTime", "Thu Mar 15 2012 13:40:34 GMT+0100");
Deleted : user_pref("CT2865317.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2865317.initDone", true);
Deleted : user_pref("CT2865317.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2865317.myStuffEnabled", true);
Deleted : user_pref("CT2865317.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2865317.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2865317.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2865317.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2865317.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2865317.oldAppsList", "129363015615025603,129363015615338104,1000234,129363015615494356[...]
Deleted : user_pref("CT2865317.revertSettingsEnabled", true);
Deleted : user_pref("CT2865317.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2865317.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2865317.testingCtid", "");
Deleted : user_pref("CT2865317.toolbarAppMetaDataLastCheckTime", "Thu Mar 15 2012 13:40:34 GMT+0100");
Deleted : user_pref("CT2865317.toolbarContextMenuLastCheckTime", "Thu Mar 15 2012 13:40:37 GMT+0100");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2865317/CT2865317[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2865317", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2865317",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=nl", "\"120[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Admin\\Application[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2865317");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2865317");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2865317");
Deleted : user_pref("CommunityToolbar.globalUserId", "9ff1279b-8052-44a6-8998-ba7fdd461a92");
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2865317");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://start.funmoods.com/?f=1&a=grupo");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("extensions.funmoods.admin", false);
Deleted : user_pref("extensions.funmoods.aflt", "grupo");
Deleted : user_pref("extensions.funmoods.cntry", "NL");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "FEB94D69AF2535941BC5D7E2AA1C6C33");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.id", "c81f041d0000000000000018716b0301");
Deleted : user_pref("extensions.funmoods.instlDay", "15413");
Deleted : user_pref("extensions.funmoods.instlRef", "");
Deleted : user_pref("extensions.funmoods.isDcmntCmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.11.1621:52:41");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=grupo");
Deleted : user_pref("extensions.funmoods.noFFXTlbr", false);
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.propectorlck", 70375305);
Deleted : user_pref("extensions.funmoods.prtkHmpg", 1);
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=grupo&q=")[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.11.16");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.11.1621:52:41");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.11.16");
Deleted : user_pref("extensions.funmoods_i.aflt", "grupo");
Deleted : user_pref("extensions.funmoods_i.dfltLng", "");
Deleted : user_pref("extensions.funmoods_i.dfltSrch", true);
Deleted : user_pref("extensions.funmoods_i.dnsErr", true);
Deleted : user_pref("extensions.funmoods_i.excTlbr", false);
Deleted : user_pref("extensions.funmoods_i.hmpg", true);
Deleted : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=grupo");
Deleted : user_pref("extensions.funmoods_i.id", "c81f041d0000000000000018716b0301");
Deleted : user_pref("extensions.funmoods_i.instlDay", "15413");
Deleted : user_pref("extensions.funmoods_i.instlRef", "");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=grupo");
Deleted : user_pref("extensions.funmoods_i.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods_i.tlbrId", "base");
Deleted : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=grupo&q=[...]
Deleted : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.1621:52:41");
Deleted : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [18718 octets] - [25/08/2012 14:30:58]
AdwCleaner[S1].txt - [19254 octets] - [25/08/2012 20:19:06]

########## EOF - C:\AdwCleaner[S1].txt - [19383 octets] ##########

Edited by anti-trojans, 25 August 2012 - 02:29 PM.


#8 anti-trojans

anti-trojans
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 25 August 2012 - 02:31 PM

OLT.Txt

OTL logfile created on: 25-8-2012 8:48:00 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\Admin\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1015,35 Mb Total Physical Memory | 680,32 Mb Available Physical Memory | 67,00% Memory free
2,39 Gb Paging File | 2,05 Gb Available in Paging File | 85,96% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 52,52 Gb Free Space | 70,48% Space Free | Partition Type: NTFS

Computer Name: 9189D62C8 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Admin\Bureaublad\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (vToolbarUpdater11.0.2) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe File not found
SRV - (ppasAgent-91) -- C:\dev\DBSERV~1\POSTGR~1\bin\pgagent.exe RUN ppasAgent-91 hostaddr=localhost port=5444 user=enterprisedb dbname=edb File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)


========== Driver Services (SafeList) ==========

DRV - (xpsec) -- C:\windows\system32\drivers\xpsec.sys File not found
DRV - (xcpip) -- C:\windows\system32\drivers\xcpip.sys File not found
DRV - (WDICA) -- File not found
DRV - (SBRE) -- C:\windows\system32\drivers\SBREdrv.sys File not found
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS File not found
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MpFilter) -- system32\DRIVERS\MpFilter.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (Bdfndisf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys File not found
DRV - (5n2teghb.sys) -- C:\windows\system32\drivers\5n2teghb.sys File not found
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (atapi) -- C:\WINDOWS\system32\drivers\atapi.sys ()
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)
DRV - (TR12386) -- C:\WINDOWS\system32\drivers\Tr12386.sys ( )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=chr-vmn&type=photopos2_0yach&q={searchTerms}
IE - HKCU\..\SearchScopes\{6E42CFA1-2E7F-49BD-860F-FE73C38A825A}: "URL" = http://start.funmoods.com/results.php?f=4&a=grupo&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.nl"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012-08-25 10:25:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-08-10 18:23:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011-09-04 12:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2012-08-14 11:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\qg0szubg.default\extensions
[2012-08-10 18:23:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-03-04 17:52:29 | 000,083,291 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QG0SZUBG.DEFAULT\EXTENSIONS\CLIENT@FDEBUG.DE.XPI
[2012-07-14 02:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-07-14 02:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-07-14 02:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com

O1 HOSTS File: ([2012-08-25 13:24:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\windows\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\windows\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] C:\windows\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\mswsock.dll File not found
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344008453281 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D4B6595-936C-42D0-BEA2-9849B312EAAB}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-08-31 11:03:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012-08-25 20:37:47 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Bureaublad\OTL.exe
[2012-08-25 14:09:01 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012-08-25 14:04:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012-08-25 10:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\AVG2012
[2012-08-25 10:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\AVG
[2012-08-25 10:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012-08-25 10:25:21 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\AVG
[2012-08-25 10:25:21 | 000,000,000 | ---D | C] -- C:\$AVG
[2012-08-25 10:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012-08-25 09:47:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-08-25 09:46:15 | 004,738,846 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin\Bureaublad\ComboFix.exe
[2012-08-16 21:15:21 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012-08-16 14:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\QuickScan
[2012-08-16 14:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\tamazghaino
[2012-08-16 14:15:48 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spmsgXP_2k3.dll
[2012-08-16 14:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2012-08-16 14:14:28 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\windows\capicom.dll
[2012-08-16 14:14:26 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WdfCoInstaller01009.dll
[2012-08-16 14:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\QuickScan
[2012-08-16 14:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012-08-16 13:52:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Onlangs geopend
[2012-08-16 12:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\ESET
[2012-08-15 20:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GFI Software
[2012-08-14 16:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus
[2012-08-11 08:22:59 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012-08-10 20:08:09 | 000,098,992 | ---- | C] (Kaspersky Lab, GERT) -- C:\windows\System32\drivers\43692060.sys
[2012-08-10 19:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Systweak
[2012-08-10 19:15:50 | 000,017,320 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\windows\System32\roboot.exe
[2012-08-10 18:49:29 | 000,098,992 | ---- | C] (Kaspersky Lab, GERT) -- C:\windows\System32\drivers\98216353.sys
[2012-08-10 18:27:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012-08-10 18:27:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012-08-10 18:27:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2012-08-10 18:27:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012-08-10 18:26:56 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012-08-10 18:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012-08-10 18:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012-08-10 16:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012-08-10 13:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\ParetoLogic
[2012-08-09 14:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2012-07-28 14:40:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\SpeedyPC Software
[2012-07-28 14:40:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\DriverCure
[2012-03-24 13:31:30 | 000,161,344 | ---- | C] (Altiris) -- C:\Documents and Settings\Admin\Unwise.exe
[2011-09-04 12:09:09 | 014,341,768 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 6.0.exe
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-08-25 20:40:15 | 000,000,940 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012-08-25 20:37:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Bureaublad\OTL.exe
[2012-08-25 20:23:44 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2012-08-25 20:21:10 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2012-08-25 20:19:54 | 104,853,765 | ---- | M] () -- C:\windows\System32\drivers\AVG\incavi.avm
[2012-08-25 14:30:27 | 000,618,227 | ---- | M] () -- C:\Documents and Settings\Admin\Bureaublad\adwcleaner.exe
[2012-08-25 13:24:16 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012-08-25 13:03:48 | 004,738,846 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin\Bureaublad\ComboFix.exe
[2012-08-25 12:22:13 | 000,037,575 | ---- | M] () -- C:\Documents and Settings\Admin\Bureaublad\infection.PNG
[2012-08-25 11:17:20 | 000,023,904 | ---- | M] () -- C:\windows\System32\drivers\AVG\iavichjg.avm
[2012-08-17 22:13:39 | 000,001,912 | ---- | M] () -- C:\windows\epplauncher.mif
[2012-08-16 20:27:33 | 000,000,477 | ---- | M] () -- C:\windows\System32\checkdnsid.xml
[2012-08-16 14:17:55 | 000,000,385 | ---- | M] () -- C:\Documents and Settings\Admin\Application Datauser_gensett.xml
[2012-08-16 14:16:02 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012-08-16 14:16:01 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012-08-16 11:18:27 | 000,355,992 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012-08-15 13:42:23 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012-08-15 13:42:22 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012-08-10 20:08:09 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\windows\System32\drivers\43692060.sys
[2012-08-10 18:49:29 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\windows\System32\drivers\98216353.sys
[2012-08-10 18:23:57 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-08-10 18:21:25 | 000,027,520 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\dt.dat
[2012-08-10 13:08:04 | 000,002,845 | ---- | M] () -- C:\windows\System32\CONFIG.NT
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-08-25 20:19:54 | 104,853,765 | ---- | C] () -- C:\windows\System32\drivers\AVG\incavi.avm
[2012-08-25 14:30:26 | 000,618,227 | ---- | C] () -- C:\Documents and Settings\Admin\Bureaublad\adwcleaner.exe
[2012-08-25 12:22:13 | 000,037,575 | ---- | C] () -- C:\Documents and Settings\Admin\Bureaublad\infection.PNG
[2012-08-25 11:17:20 | 000,023,904 | ---- | C] () -- C:\windows\System32\drivers\AVG\iavichjg.avm
[2012-08-17 14:59:14 | 000,001,912 | ---- | C] () -- C:\windows\epplauncher.mif
[2012-08-16 14:30:18 | 000,000,477 | ---- | C] () -- C:\windows\System32\checkdnsid.xml
[2012-08-16 14:17:55 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Admin\Application Datauser_gensett.xml
[2012-08-16 14:16:02 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012-08-16 14:16:01 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012-08-10 18:27:22 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012-08-10 18:27:22 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012-08-10 18:27:22 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012-08-10 18:27:22 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012-08-10 18:27:22 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012-08-10 18:23:57 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-08-10 18:23:55 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Mozilla Firefox.lnk
[2012-08-10 18:21:24 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\dt.dat
[2012-05-13 19:25:39 | 002,313,312 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012-04-07 19:45:06 | 000,004,443 | ---- | C] () -- C:\Documents and Settings\Admin\.recently-used.xbel
[2012-04-04 14:36:50 | 000,354,816 | ---- | C] () -- C:\windows\System32\psisdecd.dll
[2012-03-08 12:59:35 | 000,000,096 | -HS- | C] () -- C:\windows\WSYS049.SYS
[2012-03-08 12:59:35 | 000,000,022 | ---- | C] () -- C:\windows\System32\syoepk_lib0.dll
[2012-03-06 19:08:43 | 000,013,524 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\phpdesigner2007pe.xml
[2012-02-19 14:12:35 | 000,003,072 | ---- | C] () -- C:\windows\System32\iacenc.dll
[2011-10-31 15:26:31 | 000,000,000 | ---- | C] () -- C:\windows\Ui.INI
[2011-10-31 15:14:56 | 000,017,524 | ---- | C] ( ) -- C:\windows\System32\drivers\Tr12386.sys
[2011-10-19 13:57:29 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\alarms.ini
[2011-10-19 13:53:31 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\AtomicAlarmClock.ini
[2011-10-15 10:02:36 | 000,110,592 | ---- | C] () -- C:\windows\System32\FsUsbExDevice.Dll
[2011-10-15 10:02:36 | 000,036,608 | ---- | C] () -- C:\windows\System32\FsUsbExDisk.Sys
[2011-10-15 10:02:17 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\$_hpcst$.hpc
[2011-09-04 18:32:01 | 000,000,639 | ---- | C] () -- C:\windows\ULEAD32.INI
[2011-09-04 18:12:07 | 000,000,395 | ---- | C] () -- C:\windows\ODBC.INI
[2011-09-04 17:37:09 | 000,148,981 | ---- | C] () -- C:\windows\HPHins15.dat
[2011-09-04 17:37:08 | 000,002,828 | ---- | C] () -- C:\windows\hphmdl15.dat
[2011-08-31 12:54:51 | 000,004,205 | ---- | C] () -- C:\windows\ODBCINST.INI
[2011-08-31 12:52:31 | 000,355,992 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2011-08-31 11:05:39 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2011-08-31 11:00:43 | 000,021,748 | ---- | C] () -- C:\windows\System32\emptyregdb.dat

========== LOP Check ==========

[2012-08-25 10:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AVG2012
[2012-03-14 19:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Belastingdienst
[2012-05-22 18:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\BitTorrent
[2012-03-14 16:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\CheckPoint
[2012-04-04 15:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012-07-28 14:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\DriverCure
[2012-03-08 16:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\EmailNotifier
[2012-05-21 16:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Fighters
[2012-05-21 16:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\inkscape
[2012-02-19 18:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\MySQL
[2012-03-29 23:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Notepad++
[2011-09-03 15:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\OpenOffice.org
[2012-08-10 13:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ParetoLogic
[2011-10-15 10:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\PC Suite
[2012-03-15 14:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\photopos
[2012-03-08 12:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\PhotoposComtb
[2012-03-06 19:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\PHP Designer 2007
[2012-08-16 14:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\QuickScan
[2012-02-20 18:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Samsung
[2011-10-09 12:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Softland
[2012-07-28 14:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\SpeedyPC Software
[2012-03-04 19:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Summitsoft
[2012-08-10 19:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Systweak
[2012-04-25 15:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Thunderbird
[2011-10-11 14:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\XemiComputers
[2012-08-25 10:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012-08-16 14:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2012-03-14 16:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2011-09-03 15:32:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012-03-08 12:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2012-05-21 16:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fighters
[2012-08-24 12:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GFI Software
[2012-08-25 20:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012-02-20 18:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2011-10-15 10:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012-04-02 18:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Summitsoft

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\drivers\*.sys /90 >
[2012-08-10 20:08:09 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\windows\system32\drivers\43692060.sys
[2012-08-10 18:49:29 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\windows\system32\drivers\98216353.sys
[2012-07-04 16:05:21 | 000,139,784 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\drivers\rdpwd.sys

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-08-16 19:15:38

< MD5 for: AGP440.SYS >
[2004-08-04 14:00:00 | 018,788,859 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011-09-04 16:59:42 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011-09-04 16:59:42 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\erdnt\cache\agp440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004-08-04 14:00:00 | 018,788,859 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011-09-04 16:59:42 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] () MD5=C26D63C660C218CACF7427715999DB41 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2004-08-04 14:00:00 | 000,619,008 | ---- | M] (Microsoft Corporation) MD5=36A960DAB6879F5E0421CCF03137705F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
[2008-04-14 19:02:49 | 000,619,008 | ---- | M] (Microsoft Corporation) MD5=3C200120F6E86A1A42EDA2E1E2D17AEC -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008-04-14 19:02:49 | 000,619,008 | ---- | M] (Microsoft Corporation) MD5=3C200120F6E86A1A42EDA2E1E2D17AEC -- C:\WINDOWS\system32\autochk.exe

< MD5 for: BEEP.SYS >
[2004-08-04 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\erdnt\cache\beep.sys
[2004-08-04 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2004-08-04 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2009-12-20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\dev\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
[2008-04-14 19:02:25 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=CA64B9406EEDA4FFA2DAEAE1DABCCE42 -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2008-04-14 19:02:25 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=CA64B9406EEDA4FFA2DAEAE1DABCCE42 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-14 19:02:25 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=CA64B9406EEDA4FFA2DAEAE1DABCCE42 -- C:\WINDOWS\system32\eventlog.dll
[2004-08-04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=F1720914CAB06FDE4BE250E3767713CF -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2004-08-04 14:00:00 | 001,035,776 | ---- | M] (Microsoft Corporation) MD5=A1D7304A87FC3093150F5E3CC7B0F338 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008-04-14 19:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=AA04F042A820BF1868E643575887E1A6 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008-04-14 19:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=AA04F042A820BF1868E643575887E1A6 -- C:\WINDOWS\explorer.exe
[2008-04-14 19:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=AA04F042A820BF1868E643575887E1A6 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: KERNEL32.DLL >
[2008-04-14 19:02:29 | 001,030,656 | ---- | M] (Microsoft Corporation) MD5=09BCB7171F8172C2BA0189FE1F9C25CB -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008-04-14 19:02:29 | 001,030,656 | ---- | M] (Microsoft Corporation) MD5=09BCB7171F8172C2BA0189FE1F9C25CB -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2004-08-04 14:00:00 | 001,024,512 | ---- | M] (Microsoft Corporation) MD5=54379BD67780FDBBE1590EEC142A659C -- C:\WINDOWS\$NtUninstallKB959426_0$\kernel32.dll
[2009-03-21 15:59:14 | 001,030,144 | ---- | M] (Microsoft Corporation) MD5=67A29642EC9A1ADA0768605B21AA4552 -- C:\WINDOWS\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[2009-03-21 16:04:30 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=93E2307273AE7B2D5418E132902373A7 -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[2009-03-21 16:21:21 | 001,027,072 | ---- | M] (Microsoft Corporation) MD5=B30975B6B1B08A5A18AAC7E3577C7C53 -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009-03-21 16:09:59 | 001,030,656 | ---- | M] (Microsoft Corporation) MD5=CE7EFE07C7119C8CD09D953AD9ECA7CD -- C:\WINDOWS\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[2009-03-21 16:09:59 | 001,030,656 | ---- | M] (Microsoft Corporation) MD5=CE7EFE07C7119C8CD09D953AD9ECA7CD -- C:\WINDOWS\erdnt\cache\kernel32.dll
[2009-03-21 16:09:59 | 001,030,656 | ---- | M] (Microsoft Corporation) MD5=CE7EFE07C7119C8CD09D953AD9ECA7CD -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009-03-21 16:09:59 | 001,030,656 | ---- | M] (Microsoft Corporation) MD5=CE7EFE07C7119C8CD09D953AD9ECA7CD -- C:\WINDOWS\system32\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2004-08-04 14:00:00 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=0C53DB0671AB5A93D169DAFFC8DA11CF -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008-06-20 19:45:12 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=18740E8EC5BE4B6D66FA0E4CBFD3B9C6 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008-06-20 19:45:12 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=18740E8EC5BE4B6D66FA0E4CBFD3B9C6 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[2008-06-20 18:04:51 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=4522CBE00A9E9EEE36AA82ED4B319148 -- C:\WINDOWS\erdnt\cache\mswsock.dll
[2008-06-20 18:04:51 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=4522CBE00A9E9EEE36AA82ED4B319148 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008-06-20 18:04:51 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=4522CBE00A9E9EEE36AA82ED4B319148 -- C:\WINDOWS\system32\mswsock.dll
[2008-04-14 19:02:33 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=6BBC05038DF477F12E930A0F99F7D219 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008-04-14 19:02:33 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=6BBC05038DF477F12E930A0F99F7D219 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008-06-20 19:37:46 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=71AB52C70B9436C0A0B704FDE9D1A7CD -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2008-06-20 19:49:21 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=74816260AECBE87C473962A359007EEB -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008-06-20 19:49:21 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=74816260AECBE87C473962A359007EEB -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2008-06-20 19:43:23 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=FF59588E31F864FED9D0258969559A4B -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll

< MD5 for: NDIS.SYS >
[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\erdnt\cache\ndis.sys
[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004-08-04 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009-02-06 20:47:23 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=45AE58ACDD9B4A8767064544533F94E2 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009-02-06 20:47:23 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=45AE58ACDD9B4A8767064544533F94E2 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004-08-04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=B3FDAC7A518B6B684BEFE792DC1DC560 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008-04-14 19:02:33 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E6A7071DF6855AB7CCCC220AC3AAD087 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2008-04-14 19:02:33 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E6A7071DF6855AB7CCCC220AC3AAD087 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008-04-14 19:02:33 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E6A7071DF6855AB7CCCC220AC3AAD087 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NTFS.SYS >
[2008-04-13 21:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\erdnt\cache\ntfs.sys
[2008-04-13 21:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008-04-13 21:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004-08-04 14:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008-04-14 19:02:34 | 000,437,248 | ---- | M] (Microsoft Corporation) MD5=AC1A78237B53044735693633F8235468 -- C:\WINDOWS\erdnt\cache\ntmssvc.dll
[2008-04-14 19:02:34 | 000,437,248 | ---- | M] (Microsoft Corporation) MD5=AC1A78237B53044735693633F8235468 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008-04-14 19:02:34 | 000,437,248 | ---- | M] (Microsoft Corporation) MD5=AC1A78237B53044735693633F8235468 -- C:\WINDOWS\system32\ntmssvc.dll
[2004-08-04 14:00:00 | 000,437,248 | ---- | M] (Microsoft Corporation) MD5=AC75E028773CBBD7D8B1313F382E7C05 -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2004-08-04 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=775DB4FA0B99FE255DADB4D2AF179D06 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008-04-14 19:03:11 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=E360F9589B338FAC54E302C3D4D7A5D7 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008-04-14 19:03:11 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=E360F9589B338FAC54E302C3D4D7A5D7 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2008-04-14 19:02:38 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=5C0073A51C4873430FA8B262E92183FF -- C:\WINDOWS\erdnt\cache\qmgr.dll
[2008-04-14 19:02:38 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=5C0073A51C4873430FA8B262E92183FF -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008-04-14 19:02:38 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=5C0073A51C4873430FA8B262E92183FF -- C:\WINDOWS\system32\bits\qmgr.dll
[2008-04-14 19:02:38 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=5C0073A51C4873430FA8B262E92183FF -- C:\WINDOWS\system32\qmgr.dll
[2004-08-04 14:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=772027CC5FFAEA3E7D10AF2691EE7095 -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll

< MD5 for: SCECLI.DLL >
[2008-04-14 19:02:39 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=0E3B585761E23C1E35442E972B7E45F9 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2008-04-14 19:02:39 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=0E3B585761E23C1E35442E972B7E45F9 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008-04-14 19:02:39 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=0E3B585761E23C1E35442E972B7E45F9 -- C:\WINDOWS\system32\scecli.dll
[2004-08-04 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=5AE934F6837B5A583DED535C4BE5A804 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: SFCFILES.DLL >
[2008-04-14 19:02:39 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=328CBDD2445F5B3A047644567EEB557F -- C:\WINDOWS\erdnt\cache\sfcfiles.dll
[2008-04-14 19:02:39 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=328CBDD2445F5B3A047644567EEB557F -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008-04-14 19:02:39 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=328CBDD2445F5B3A047644567EEB557F -- C:\WINDOWS\system32\sfcfiles.dll
[2004-08-04 14:00:00 | 001,548,288 | ---- | M] (Microsoft Corporation) MD5=486594A19F7AEDEBEA600855FFD5E914 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2010-08-17 15:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010-08-17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\erdnt\cache\spoolsv.exe
[2010-08-17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010-08-17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2004-08-04 14:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=CCCB8B94B17466EFB9DC27F42625B0E5 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
[2008-04-14 19:03:15 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DB454135DE1A09FE7FEDA7B554B5CCA2 -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[2008-04-14 19:03:15 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DB454135DE1A09FE7FEDA7B554B5CCA2 -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2004-08-04 14:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=0B96A1E4252F663222C9C3BAC89F596C -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll
[2008-04-14 19:02:44 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=81CBF363C414620CAA61BD6843D8FDB9 -- C:\WINDOWS\erdnt\cache\srsvc.dll
[2008-04-14 19:02:44 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=81CBF363C414620CAA61BD6843D8FDB9 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008-04-14 19:02:44 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=81CBF363C414620CAA61BD6843D8FDB9 -- C:\WINDOWS\system32\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2004-08-04 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=AB8C6D89A897BACBA4657FDF00E344A6 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008-04-14 19:03:15 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E410EC73E2BE2A41D923B006F51C8427 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008-04-14 19:03:15 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E410EC73E2BE2A41D923B006F51C8427 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008-04-14 19:03:15 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E410EC73E2BE2A41D923B006F51C8427 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TERMSRV.DLL >
[2008-04-14 19:02:44 | 000,297,472 | ---- | M] (Microsoft Corporation) MD5=E0AEF86A594C9990D6321C5CA239C5B7 -- C:\WINDOWS\erdnt\cache\termsrv.dll
[2008-04-14 19:02:44 | 000,297,472 | ---- | M] (Microsoft Corporation) MD5=E0AEF86A594C9990D6321C5CA239C5B7 -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008-04-14 19:02:44 | 000,297,472 | ---- | M] (Microsoft Corporation) MD5=E0AEF86A594C9990D6321C5CA239C5B7 -- C:\WINDOWS\system32\termsrv.dll
[2004-08-04 14:00:00 | 000,297,472 | ---- | M] (Microsoft Corporation) MD5=E2CE999886A4636026F157DEB886AA94 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll

< MD5 for: USERINIT.EXE >
[2008-04-14 19:03:17 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6818A533ED3B2FA9936DF3DAF45352DF -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008-04-14 19:03:17 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6818A533ED3B2FA9936DF3DAF45352DF -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008-04-14 19:03:17 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6818A533ED3B2FA9936DF3DAF45352DF -- C:\WINDOWS\system32\userinit.exe
[2004-08-04 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=DE7A0EE4A6A28E6DFE3118EB22468DA6 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: XMLPROV.DLL >
[2004-08-04 14:00:00 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=F4C8D4B0A294AAF37FE50C407B6E03F9 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll
[2008-04-14 19:02:47 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FD3C38635808920F8235BF2FED642F54 -- C:\WINDOWS\erdnt\cache\xmlprov.dll
[2008-04-14 19:02:47 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FD3C38635808920F8235BF2FED642F54 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008-04-14 19:02:47 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FD3C38635808920F8235BF2FED642F54 -- C:\WINDOWS\system32\xmlprov.dll

< End of report >

#9 anti-trojans

anti-trojans
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 25 August 2012 - 02:33 PM

Extra.Txt

OTL Extras logfile created on: 25-8-2012 8:48:00 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\Admin\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1015,35 Mb Total Physical Memory | 680,32 Mb Available Physical Memory | 67,00% Memory free
2,39 Gb Paging File | 2,05 Gb Available in Paging File | 85,96% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 52,52 Gb Free Space | 70,48% Space Free | Partition Type: NTFS

Computer Name: 9189D62C8 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Hound] -- "C:\Documents and Settings\Admin\Menu Start\Programma's\Handige tools\hound.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\dev\xampp\MercuryMail\mercury.exe" = C:\dev\xampp\MercuryMail\mercury.exe:*:Enabled:Mercury/32 Core Processing Module v4.62 -- (David Harris)
"C:\dev\xampp\apache\bin\httpd.exe" = C:\dev\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Installer voor AVG -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Persoonlijke e-mailscanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000413-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03E66394-42F0-4745-85F7-0A2F8F35C09F}" = HP Deskjet Printer Driver Software 9.0
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext
"{1D803D4F-CE1E-4282-B4F2-0FCF28E68BCD}" = MySQL Workbench 5.2 CE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F467E6E-F7D2-43cc-91B9-4FCC105AE30D}" = D2400
"{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3F2E8044-BA23-4604-AB00-BB164410964C}" = FontManagementSystem
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{58BC2FF4-68A5-4D8A-B0B0-33C2CDCA2F2D}" = Logo Design Studio Pro
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9521B818-19CE-4d28-8200-DD26133E19E6}" = D2400_Help
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1043-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Nederlands
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B639110D-747F-40DC-9682-95D94EF73790}" = dj_sf_software
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3EC00B9-3FF4-4A73-9BD1-67BD03E891C1}" = MySQL Server 5.6
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom NetXtreme Ethernet Controller
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2012
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"Huur- en zorgtoeslag 2011" = Huur- en zorgtoeslag 2011
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Trust Compact Scan USB 19200 v1.2" = Trust Compact Scan USB 19200 v1.2
"WaveMaker-6.4.5GA" = WaveMaker-6.4.5GA
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 25-8-2012 4:32:48 AM | Computer Name = 9189D62C8 | Source = crypt32 | ID = 131080
Description = Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
opvragen van de automatische update van het basislijstvolgordenummer van derden
is mislukt met de fout: Deze bewerking is geretourneerd omdat de time-outperiode
verlopen is.

Error - 25-8-2012 4:32:48 AM | Computer Name = 9189D62C8 | Source = crypt32 | ID = 131080
Description = Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
opvragen van de automatische update van het basislijstvolgordenummer van derden
is mislukt met de fout: De opgegeven server kan de aangevraagde bewerking niet
uitvoeren.

Error - 25-8-2012 4:32:48 AM | Computer Name = 9189D62C8 | Source = crypt32 | ID = 131080
Description = Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
opvragen van de automatische update van het basislijstvolgordenummer van derden
is mislukt met de fout: De opgegeven server kan de aangevraagde bewerking niet
uitvoeren.

Error - 25-8-2012 4:32:48 AM | Computer Name = 9189D62C8 | Source = crypt32 | ID = 131080
Description = Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
opvragen van de automatische update van het basislijstvolgordenummer van derden
is mislukt met de fout: De opgegeven server kan de aangevraagde bewerking niet
uitvoeren.

Error - 25-8-2012 4:32:48 AM | Computer Name = 9189D62C8 | Source = crypt32 | ID = 131080
Description = Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
opvragen van de automatische update van het basislijstvolgordenummer van derden
is mislukt met de fout: De opgegeven server kan de aangevraagde bewerking niet
uitvoeren.

Error - 25-8-2012 4:32:48 AM | Computer Name = 9189D62C8 | Source = crypt32 | ID = 131080
Description = Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
opvragen van de automatische update van het basislijstvolgordenummer van derden
is mislukt met de fout: De opgegeven server kan de aangevraagde bewerking niet
uitvoeren.

Error - 25-8-2012 4:32:48 AM | Computer Name = 9189D62C8 | Source = crypt32 | ID = 131080
Description = Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
opvragen van de automatische update van het basislijstvolgordenummer van derden
is mislukt met de fout: De opgegeven server kan de aangevraagde bewerking niet
uitvoeren.

Error - 25-8-2012 4:32:48 AM | Computer Name = 9189D62C8 | Source = crypt32 | ID = 131080
Description = Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
opvragen van de automatische update van het basislijstvolgordenummer van derden
is mislukt met de fout: De opgegeven server kan de aangevraagde bewerking niet
uitvoeren.

Error - 25-8-2012 4:32:48 AM | Computer Name = 9189D62C8 | Source = crypt32 | ID = 131080
Description = Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
opvragen van de automatische update van het basislijstvolgordenummer van derden
is mislukt met de fout: De opgegeven server kan de aangevraagde bewerking niet
uitvoeren.

Error - 25-8-2012 4:32:49 AM | Computer Name = 9189D62C8 | Source = crypt32 | ID = 131080
Description = Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
opvragen van de automatische update van het basislijstvolgordenummer van derden
is mislukt met de fout: De opgegeven server kan de aangevraagde bewerking niet
uitvoeren.

[ System Events ]
Error - 25-8-2012 8:12:34 AM | Computer Name = 9189D62C8 | Source = Ftdisk | ID = 262193
Description = Het configureren van het paginabestand voor de crashdump is mislukt.
Zorg ervoor dat er zich een paginabestand op de opstartpartitie bevindt en dat deze
groot
genoeg is om het gehele fysieke geheugen te bevatten.

Error - 25-8-2012 8:15:00 AM | Computer Name = 9189D62C8 | Source = Service Control Manager | ID = 7000
Description = De SAS Core Service-service kan vanwege de volgende fout niet worden
gestart: %%3

Error - 25-8-2012 8:15:01 AM | Computer Name = 9189D62C8 | Source = Service Control Manager | ID = 7026
Description = De volgende opstartstuurprogramma's zijn niet geladen: SASDIFSV SASKUTIL
SBRE

Error - 25-8-2012 2:13:49 PM | Computer Name = 9189D62C8 | Source = Dhcp | ID = 1002
Description = De IP-adreslease 192.168.1.65 voor de netwerkkaart met netwerkadres
0018716B0301 is geweigerd door de DHCP-server 192.168.1.1. De DHCP-server heeft
een DHCPNACK-bericht gezonden.

Error - 25-8-2012 2:16:20 PM | Computer Name = 9189D62C8 | Source = Service Control Manager | ID = 7000
Description = De SAS Core Service-service kan vanwege de volgende fout niet worden
gestart: %%3

Error - 25-8-2012 2:16:21 PM | Computer Name = 9189D62C8 | Source = Service Control Manager | ID = 7026
Description = De volgende opstartstuurprogramma's zijn niet geladen: SASDIFSV SASKUTIL
SBRE

Error - 25-8-2012 2:21:11 PM | Computer Name = 9189D62C8 | Source = Dhcp | ID = 1002
Description = De IP-adreslease 192.168.1.65 voor de netwerkkaart met netwerkadres
0018716B0301 is geweigerd door de DHCP-server 192.168.1.1. De DHCP-server heeft
een DHCPNACK-bericht gezonden.

Error - 25-8-2012 2:23:39 PM | Computer Name = 9189D62C8 | Source = Service Control Manager | ID = 7000
Description = De SAS Core Service-service kan vanwege de volgende fout niet worden
gestart: %%3

Error - 25-8-2012 2:23:39 PM | Computer Name = 9189D62C8 | Source = Service Control Manager | ID = 7000
Description = De vToolbarUpdater11.0.2-service kan vanwege de volgende fout niet
worden gestart: %%2

Error - 25-8-2012 2:23:41 PM | Computer Name = 9189D62C8 | Source = Service Control Manager | ID = 7026
Description = De volgende opstartstuurprogramma's zijn niet geladen: SASDIFSV SASKUTIL
SBRE


< End of report >

#10 anti-trojans

anti-trojans
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 25 August 2012 - 02:34 PM

AFG LOG

Attached Files


Edited by anti-trojans, 25 August 2012 - 02:35 PM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:54 PM

Posted 26 August 2012 - 07:10 AM

Will clean these empty registry keys but I do not think that any are or were malicious.

Run OTL - Double-click OTL.exe Posted Image to start it.

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    
    SRV - (ppasAgent-91) -- C:\dev\DBSERV~1\POSTGR~1\bin\pgagent.exe RUN ppasAgent-91 hostaddr=localhost port=5444 user=enterprisedb dbname=edb File not found
    DRV - (xpsec) -- C:\windows\system32\drivers\xpsec.sys File not found
    DRV - (xcpip) -- C:\windows\system32\drivers\xcpip.sys File not found
    DRV - (WDICA) -- File not found
    DRV - (SBRE) -- C:\windows\system32\drivers\SBREdrv.sys File not found
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS File not found
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (MpFilter) -- system32\DRIVERS\MpFilter.sys File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (i2omgmt) -- File not found
    DRV - (Changer) -- File not found
    DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
    DRV - (Bdfndisf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys File not found
    DRV - (5n2teghb.sys) -- C:\windows\system32\drivers\5n2teghb.sys File not found
    
    :Commands
    [emptytemp]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

===

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Please let me know what problem persists.

#12 anti-trojans

anti-trojans
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 28 August 2012 - 10:46 AM

The problem still persists.

OLT.txt
OTL logfile created on: 28-8-2012 2:45:53 PM - Run 2
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\Admin\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1015,35 Mb Total Physical Memory | 530,65 Mb Available Physical Memory | 52,26% Memory free
2,39 Gb Paging File | 1,97 Gb Available in Paging File | 82,40% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 52,64 Gb Free Space | 70,64% Space Free | Partition Type: NTFS

Computer Name: 9189D62C8 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Admin\Bureaublad\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()


========== Win32 Services (SafeList) ==========

SRV - (vToolbarUpdater11.0.2) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)


========== Driver Services (SafeList) ==========

DRV - (xpsec) -- C:\windows\system32\drivers\xpsec.sys File not found
DRV - (xcpip) -- C:\windows\system32\drivers\xcpip.sys File not found
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (atapi) -- C:\WINDOWS\system32\drivers\atapi.sys ()
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)
DRV - (TR12386) -- C:\WINDOWS\system32\drivers\Tr12386.sys ( )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=chr-vmn&type=photopos2_0yach&q={searchTerms}
IE - HKCU\..\SearchScopes\{6E42CFA1-2E7F-49BD-860F-FE73C38A825A}: "URL" = http://start.funmoods.com/results.php?f=4&a=grupo&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.nl"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012-08-25 10:25:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-08-10 18:23:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011-09-04 12:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2012-08-14 11:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\qg0szubg.default\extensions
[2012-08-10 18:23:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-03-04 17:52:29 | 000,083,291 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QG0SZUBG.DEFAULT\EXTENSIONS\CLIENT@FDEBUG.DE.XPI
[2012-07-14 02:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-07-14 02:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-07-14 02:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com

O1 HOSTS File: ([2012-08-25 13:24:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\windows\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\windows\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] C:\windows\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\mswsock.dll File not found
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344008453281 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D4B6595-936C-42D0-BEA2-9849B312EAAB}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-08-31 11:03:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-08-28 14:38:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-08-25 20:37:47 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Bureaublad\OTL.exe
[2012-08-25 14:09:01 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012-08-25 14:04:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012-08-25 10:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\AVG2012
[2012-08-25 10:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\AVG
[2012-08-25 10:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012-08-25 10:25:21 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\AVG
[2012-08-25 10:25:21 | 000,000,000 | ---D | C] -- C:\$AVG
[2012-08-25 10:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012-08-25 09:47:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-08-25 09:46:15 | 004,738,846 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin\Bureaublad\ComboFix.exe
[2012-08-16 21:15:21 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012-08-16 14:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\QuickScan
[2012-08-16 14:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\tamazghaino
[2012-08-16 14:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2012-08-16 14:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\QuickScan
[2012-08-16 14:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012-08-16 13:52:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Onlangs geopend
[2012-08-16 12:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\ESET
[2012-08-15 20:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GFI Software
[2012-08-14 16:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus
[2012-08-11 08:22:59 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012-08-10 20:08:09 | 000,098,992 | ---- | C] (Kaspersky Lab, GERT) -- C:\windows\System32\drivers\43692060.sys
[2012-08-10 19:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Systweak
[2012-08-10 19:15:50 | 000,017,320 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\windows\System32\roboot.exe
[2012-08-10 18:49:29 | 000,098,992 | ---- | C] (Kaspersky Lab, GERT) -- C:\windows\System32\drivers\98216353.sys
[2012-08-10 18:27:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012-08-10 18:27:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012-08-10 18:27:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2012-08-10 18:27:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012-08-10 18:26:56 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012-08-10 18:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012-08-10 18:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012-08-10 16:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012-08-10 13:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\ParetoLogic
[2012-08-09 14:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2012-03-24 13:31:30 | 000,161,344 | ---- | C] (Altiris) -- C:\Documents and Settings\Admin\Unwise.exe
[2011-09-04 12:09:09 | 014,341,768 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 6.0.exe

========== Files - Modified Within 30 Days ==========

[2012-08-28 14:45:21 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2012-08-28 14:42:45 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2012-08-28 14:40:15 | 000,000,940 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012-08-28 14:35:55 | 105,136,162 | ---- | M] () -- C:\windows\System32\drivers\AVG\incavi.avm
[2012-08-27 19:17:14 | 000,038,046 | ---- | M] () -- C:\windows\System32\drivers\AVG\iavichjg.avm
[2012-08-25 20:37:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Bureaublad\OTL.exe
[2012-08-25 14:30:27 | 000,618,227 | ---- | M] () -- C:\Documents and Settings\Admin\Bureaublad\adwcleaner.exe
[2012-08-25 13:24:16 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012-08-25 13:03:48 | 004,738,846 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin\Bureaublad\ComboFix.exe
[2012-08-17 22:13:39 | 000,001,912 | ---- | M] () -- C:\windows\epplauncher.mif
[2012-08-16 20:27:33 | 000,000,477 | ---- | M] () -- C:\windows\System32\checkdnsid.xml
[2012-08-16 14:17:55 | 000,000,385 | ---- | M] () -- C:\Documents and Settings\Admin\Application Datauser_gensett.xml
[2012-08-16 14:16:02 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012-08-16 14:16:01 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012-08-16 11:18:27 | 000,355,992 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012-08-10 20:08:09 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\windows\System32\drivers\43692060.sys
[2012-08-10 18:49:29 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\windows\System32\drivers\98216353.sys
[2012-08-10 18:23:57 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-08-10 18:21:25 | 000,027,520 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\dt.dat
[2012-08-10 13:08:04 | 000,002,845 | ---- | M] () -- C:\windows\System32\CONFIG.NT

========== Files Created - No Company Name ==========

[2012-08-28 14:35:55 | 105,136,162 | ---- | C] () -- C:\windows\System32\drivers\AVG\incavi.avm
[2012-08-27 19:17:14 | 000,038,046 | ---- | C] () -- C:\windows\System32\drivers\AVG\iavichjg.avm
[2012-08-25 14:30:26 | 000,618,227 | ---- | C] () -- C:\Documents and Settings\Admin\Bureaublad\adwcleaner.exe
[2012-08-17 14:59:14 | 000,001,912 | ---- | C] () -- C:\windows\epplauncher.mif
[2012-08-16 14:30:18 | 000,000,477 | ---- | C] () -- C:\windows\System32\checkdnsid.xml
[2012-08-16 14:17:55 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Admin\Application Datauser_gensett.xml
[2012-08-16 14:16:02 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012-08-16 14:16:01 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012-08-10 18:27:22 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012-08-10 18:27:22 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012-08-10 18:27:22 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012-08-10 18:27:22 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012-08-10 18:27:22 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012-08-10 18:23:57 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-08-10 18:23:55 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Mozilla Firefox.lnk
[2012-08-10 18:21:24 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\dt.dat
[2012-05-13 19:25:39 | 002,313,312 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012-04-07 19:45:06 | 000,004,443 | ---- | C] () -- C:\Documents and Settings\Admin\.recently-used.xbel
[2012-04-04 14:36:50 | 000,354,816 | ---- | C] () -- C:\windows\System32\psisdecd.dll
[2012-03-08 12:59:35 | 000,000,096 | -HS- | C] () -- C:\windows\WSYS049.SYS
[2012-03-08 12:59:35 | 000,000,022 | ---- | C] () -- C:\windows\System32\syoepk_lib0.dll
[2012-03-06 19:08:43 | 000,013,524 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\phpdesigner2007pe.xml
[2012-02-19 14:12:35 | 000,003,072 | ---- | C] () -- C:\windows\System32\iacenc.dll
[2011-10-31 15:26:31 | 000,000,000 | ---- | C] () -- C:\windows\Ui.INI
[2011-10-31 15:14:56 | 000,017,524 | ---- | C] ( ) -- C:\windows\System32\drivers\Tr12386.sys
[2011-10-19 13:57:29 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\alarms.ini
[2011-10-19 13:53:31 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\AtomicAlarmClock.ini
[2011-10-15 10:02:36 | 000,110,592 | ---- | C] () -- C:\windows\System32\FsUsbExDevice.Dll
[2011-10-15 10:02:36 | 000,036,608 | ---- | C] () -- C:\windows\System32\FsUsbExDisk.Sys
[2011-10-15 10:02:17 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\$_hpcst$.hpc
[2011-09-04 18:32:01 | 000,000,639 | ---- | C] () -- C:\windows\ULEAD32.INI
[2011-09-04 18:12:07 | 000,000,395 | ---- | C] () -- C:\windows\ODBC.INI
[2011-09-04 17:37:09 | 000,148,981 | ---- | C] () -- C:\windows\HPHins15.dat
[2011-09-04 17:37:08 | 000,002,828 | ---- | C] () -- C:\windows\hphmdl15.dat
[2011-08-31 12:54:51 | 000,004,205 | ---- | C] () -- C:\windows\ODBCINST.INI
[2011-08-31 12:52:31 | 000,355,992 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2011-08-31 11:05:39 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2011-08-31 11:00:43 | 000,021,748 | ---- | C] () -- C:\windows\System32\emptyregdb.dat

========== LOP Check ==========

[2012-08-25 10:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AVG2012
[2012-03-14 19:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Belastingdienst
[2012-05-22 18:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\BitTorrent
[2012-03-14 16:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\CheckPoint
[2012-04-04 15:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012-07-28 14:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\DriverCure
[2012-03-08 16:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\EmailNotifier
[2012-05-21 16:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Fighters
[2012-05-21 16:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\inkscape
[2012-02-19 18:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\MySQL
[2012-03-29 23:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Notepad++
[2011-09-03 15:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\OpenOffice.org
[2012-08-10 13:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ParetoLogic
[2011-10-15 10:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\PC Suite
[2012-03-15 14:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\photopos
[2012-03-08 12:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\PhotoposComtb
[2012-03-06 19:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\PHP Designer 2007
[2012-08-16 14:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\QuickScan
[2012-02-20 18:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Samsung
[2011-10-09 12:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Softland
[2012-07-28 14:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\SpeedyPC Software
[2012-03-04 19:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Summitsoft
[2012-08-10 19:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Systweak
[2012-04-25 15:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Thunderbird
[2011-10-11 14:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\XemiComputers
[2012-08-25 10:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012-08-16 14:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2012-03-14 16:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2011-09-03 15:32:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012-03-08 12:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2012-05-21 16:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fighters
[2012-08-24 12:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GFI Software
[2012-08-28 14:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012-02-20 18:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2011-10-15 10:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012-04-02 18:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Summitsoft

========== Purity Check ==========



< End of report >

#13 anti-trojans

anti-trojans
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 28 August 2012 - 11:00 AM

After running a scan the following results are displayed:


But AVG stil detects many Trojan horse.

Attached Files



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:54 PM

Posted 28 August 2012 - 12:49 PM

Can you post the results of the AVG report.
It might help find the culprit it any.

#15 anti-trojans

anti-trojans
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 29 August 2012 - 06:34 AM

AVG scan results:
"Scan ""Whole computer scan"" completed."
"Infections;""35"";""15"";""20"""
"Warnings;""3"";""1"";""2"""
"Folders selected for scanning:;""Whole computer scan"""
"Scan started:;""woensdag, augustus 2012, 12:47:37"""
"Scan finished:;""woensdag, augustus 2012, 13:20:28 (32 minute(s) 51 second(s))"""
"Total object scanned:;""604819"""
"User who launched the scan:;""Admin"""

Infections
";""File"";""Infection"";""Result"""
";""C:\WINDOWS\system32\winlogon.exe (1152)"";""Trojan horse PSW.Agent.AUET"";""Deleted"""
";""C:\WINDOWS\system32\svchost.exe (3696)"";""Trojan horse PSW.Agent.ASJX"";""Deleted"""
";""C:\WINDOWS\system32\svchost.exe (1612)"";""Trojan horse PSW.Agent.ASJX"";""Deleted"""
";""C:\WINDOWS\system32\svchost.exe (1392)"";""Trojan horse PSW.Agent.ASJX"";""Deleted"""
";""C:\WINDOWS\system32\services.exe (1196)"";""Trojan horse PSW.Agent.ARMW"";""Deleted"""
";""C:\WINDOWS\system32\igfxtray.exe (1940)"";""Trojan horse PSW.Agent.ASJX"";""Deleted"""
";""C:\WINDOWS\system32\igfxpers.exe (1964)"";""Trojan horse PSW.Agent.ASJX"";""Deleted"""
";""C:\WINDOWS\system32\hkcmd.exe (1956)"";""Trojan horse PSW.Agent.ASJX"";""Deleted"""
";""C:\WINDOWS\explorer.exe (708)"";""Trojan horse PSW.Agent.ASJX"";""Deleted"""
";""C:\Program Files\Mozilla Firefox\firefox.exe (2968)"";""Trojan horse PSW.Agent.ASJX"";""Deleted"""
";""C:\Program Files\AVG\AVG2012\avgwdsvc.exe (3240)"";""Trojan horse PSW.Agent.ASJX"";""Deleted"""
";""C:\Program Files\AVG\AVG2012\avgui.exe (3316)"";""Trojan horse PSW.Agent.ASJX"";""Deleted"""
";""C:\Program Files\AVG\AVG2012\avgtray.exe (232)"";""Trojan horse PSW.Agent.ASJX"";""Deleted"""
";""C:\Program Files\AVG\AVG2012\avgidsagent.exe (4064)"";""Trojan horse PSW.Agent.ASJX"";""Deleted"""
";""C:\Program Files\AVG\AVG2012\avgfws.exe (3208)"";""Trojan horse PSW.Agent.ASJX"";""Deleted"""
";""C:\WINDOWS\system32\winlogon.exe (1152):\memory_01220000"";""Trojan horse PSW.Agent.AUET"";""Infected"""
";""C:\WINDOWS\system32\svchost.exe (3696):\memory_00c20000"";""Trojan horse PSW.Agent.AUET"";""Infected"""
";""C:\WINDOWS\system32\svchost.exe (3696):\memory_00b90000"";""Trojan horse PSW.Agent.ASJX"";""Infected"""
";""C:\WINDOWS\system32\svchost.exe (1612):\memory_01d50000"";""Trojan horse PSW.Agent.AUET"";""Infected"""
";""C:\WINDOWS\system32\svchost.exe (1612):\memory_017b0000"";""Trojan horse PSW.Agent.ASJX"";""Infected"""
";""C:\WINDOWS\system32\svchost.exe (1392):\memory_00b50000"";""Trojan horse PSW.Agent.AUET"";""Infected"""
";""C:\WINDOWS\system32\svchost.exe (1392):\memory_00ac0000"";""Trojan horse PSW.Agent.ASJX"";""Infected"""
";""C:\WINDOWS\system32\services.exe (1196):\memory_00d80000"";""Trojan horse PSW.Agent.ARMW"";""Infected"""
";""C:\WINDOWS\system32\igfxtray.exe (1940):\memory_00d40000"";""Trojan horse PSW.Agent.ASJX"";""Infected"""
";""C:\WINDOWS\system32\igfxpers.exe (1964):\memory_00ce0000"";""Trojan horse PSW.Agent.ASJX"";""Infected"""
";""C:\WINDOWS\system32\hkcmd.exe (1956):\memory_00cf0000"";""Trojan horse PSW.Agent.ASJX"";""Infected"""
";""C:\WINDOWS\explorer.exe (708):\memory_01a90000"";""Trojan horse PSW.Agent.AUET"";""Infected"""
";""C:\WINDOWS\explorer.exe (708):\memory_01a00000"";""Trojan horse PSW.Agent.ASJX"";""Infected"""
";""C:\Program Files\Mozilla Firefox\firefox.exe (2968):\memory_04320000"";""Trojan horse PSW.Generic9.UCX"";""Infected"""
";""C:\Program Files\Mozilla Firefox\firefox.exe (2968):\memory_03dd0000"";""Trojan horse PSW.Agent.ASJX"";""Infected"""
";""C:\Program Files\AVG\AVG2012\avgwdsvc.exe (3240):\memory_02210000"";""Trojan horse PSW.Agent.ASJX"";""Infected"""
";""C:\Program Files\AVG\AVG2012\avgui.exe (3316):\memory_03760000"";""Trojan horse PSW.Agent.ASJX"";""Infected"""
";""C:\Program Files\AVG\AVG2012\avgtray.exe (232):\memory_01d20000"";""Trojan horse PSW.Agent.ASJX"";""Infected"""
";""C:\Program Files\AVG\AVG2012\avgidsagent.exe (4064):\memory_01990000"";""Trojan horse PSW.Agent.ASJX"";""Infected"""
";""C:\Program Files\AVG\AVG2012\avgfws.exe (3208):\memory_00f90000"";""Trojan horse PSW.Agent.ASJX"";""Infected"""

Warnings
";""File"";""Infection"";""Result"""
";""HKLM\SYSTEM\CurrentControlSet\services\atapi"";""Found registry key with reference to infected file C:\WINDOWS\system32\DRIVERS\atapi.sys"";""Moved to Virus Vault"""
";""C:\WINDOWS\system32\DRIVERS\atapi.sys"";""Corrupted executable file"";""Object is white-listed (critical/system file that should not be removed)"""
";""C:\WINDOWS\system32\drivers\atapi.sys"";""Corrupted executable file"";""Object is white-listed (critical/system file that should not be removed)"""




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users