|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
||||
|
||||
Antimalware has taken over
Hi all!
An adaware live popup warned that some malicious program was attempting to infiltrate and that a background scan was in progress. Popups appeared informing me that my system was heavily infected and that I should update my data files for Antimalware (which I did not consciously install). The program has disabled Macafee and Malwarebytes. All system restore points were deleted. No software will run - the IE browser starts up but freezes after a minute or so. I rebooted into safe mode and ran Housecall which found no threats. I am typing this from another computer. What should I do to begin the cleanup? |
#2
|
||||
|
||||
Hello, Bonksie
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems. Please take note of some guidelines for this fix:
Please download the following tools to the desktop of the non-infected system: Gmer OTL Burn it to a cd and move to the infected system, copy both to the desktop of the infected system and do this: Step 1
Step 2
|
#3
|
||||
|
||||
Hi Tom,
Thanks for responding. I could not get GMER to complete the scan. I tried four times, but after scanning for quite some time the system froze up. I have posted the log of the initial scan, however. GMER 1.0.15.15252 - http://www.gmer.net Rootkit quick scan 2009-12-05 16:33:41 Windows 5.1.2600 Service Pack 3 Running: 3f6so6fo.exe; Driver: C:\DOCUME~1\Dad\LOCALS~1\Temp\kwtcqpow.sys ---- System - GMER 1.0.15 ---- Code 89BEA250 ZwEnumerateKey Code 89BEA218 ZwFlushInstructionCache Code 89BEC816 IofCallDriver Code 89C6580E IofCompleteRequest ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\drivers\H8SRTsinxudpulh.sys (*** hidden *** ) [SYSTEM] H8SRTd.sys <-- ROOTKIT !!! ---- EOF - GMER 1.0.15 ---- Here are the OTL logs. OTL.txt ====== OTL logfile created on: 05/12/2009 16:35:22 - Run 1 OTL by OldTimer - Version 3.1.11.6 Folder = K:\cth Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: Verenigd Koninkrijk | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 84.91% Memory free 2.60 Gb Paging File | 2.48 Gb Available in Paging File | 95.19% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 108.52 Gb Total Space | 66.03 Gb Free Space | 60.85% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive J: | 74.53 Gb Total Space | 63.46 Gb Free Space | 85.15% Space Free | Partition Type: NTFS Drive K: | 963.70 Mb Total Space | 895.89 Mb Free Space | 92.96% Space Free | Partition Type: FAT Computer Name: GWJARDINE Current User Name: Dad Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009/12/05 14:00:34 | 00,536,064 | ---- | M] (OldTimer Tools) -- K:\cth\OTL.exe PRC - [2009/09/21 19:52:26 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2008/04/14 18:02:58 | 01,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2002/09/11 13:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe ========== Modules (SafeList) ========== MOD - [2009/12/05 14:00:34 | 00,536,064 | ---- | M] (OldTimer Tools) -- K:\cth\OTL.exe MOD - [2008/04/14 18:02:33 | 00,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll ========== Win32 Services (SafeList) ========== SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService) SRV - [2009/09/21 19:52:26 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2009/09/16 11:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2009/09/16 10:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield) SRV - [2009/09/16 09:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon) SRV - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc) SRV - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy) SRV - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc) SRV - [2009/01/23 09:46:14 | 00,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/06/05 12:59:18 | 00,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer) SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003/07/28 14:07:58 | 00,278,528 | R--- | M] (HP) -- C:\WINDOWS\system32\hpdj -- (hpdj) SRV - [2003/07/28 13:19:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - [2003/06/24 17:22:48 | 00,020,480 | ---- | M] (X10) -- C:\WINDOWS\system32\x10nets.exe -- (x10nets) SRV - [2001/05/01 16:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service) ========== Driver Services (SafeList) ========== DRV - [2009/09/16 10:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/09/16 10:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009/09/16 10:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009/09/16 10:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009/09/16 10:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk) DRV - [2009/08/30 19:33:49 | 00,082,380 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2009/07/16 12:32:26 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP) DRV - [2009/04/24 18:52:58 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2009/02/10 04:34:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2009/02/10 04:34:00 | 00,009,200 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k) DRV - [2009/02/10 04:34:00 | 00,009,072 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp) DRV - [2008/04/13 19:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx) DRV - [2008/04/13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) DRV - [2008/04/13 19:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 19:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2007/11/13 11:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2005/12/15 12:57:46 | 01,368,000 | ---- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda) DRV - [2005/08/30 00:49:38 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm) DRV - [2005/08/30 00:49:34 | 00,008,336 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl) DRV - [2005/08/30 00:47:38 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) DRV - [2005/04/29 02:05:58 | 00,026,672 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus) DRV - [2005/04/27 11:03:24 | 00,120,995 | ---- | M] () -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM) DRV - [2003/11/01 21:19:38 | 00,017,920 | ---- | M] (CEntrance, Inc.) -- C:\WINDOWS\system32\drivers\ceusbaud.sys -- (CEUSBAUD) DRV - [2003/09/19 07:34:06 | 00,759,050 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\P1120Vid.sys -- (P1120VID) DRV - [2003/09/16 03:16:00 | 00,126,352 | ---- | M] () -- C:\WINDOWS\system32\drivers\NVCAP.SYS -- (nvcap) nVidia WDM Video Capture (universal) DRV - [2003/09/16 03:16:00 | 00,022,644 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVTVSND.SYS -- (nvtvSND) DRV - [2003/09/16 03:16:00 | 00,020,580 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVTUNEP.SYS -- (nvTUNEP) DRV - [2003/09/16 03:16:00 | 00,013,330 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVXBAR.SYS -- (NVXBAR) DRV - [2003/07/28 13:19:00 | 01,341,339 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2003/06/12 18:31:46 | 00,075,904 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\viasraid.sys -- (viasraid) DRV - [2003/03/04 11:56:26 | 00,145,408 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R) DRV - [2003/02/11 18:38:58 | 00,064,384 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ulsata.sys -- (UlSata) DRV - [2002/10/21 19:40:04 | 00,006,016 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\SYSTEM32\DRIVERS\siside.sys -- (SiSide) DRV - [2002/10/01 08:22:32 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2002/09/11 13:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2002/09/11 13:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2002/09/11 13:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2002/09/11 13:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2002/09/11 13:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra) DRV - [2002/09/11 13:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2002/09/11 13:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2002/09/11 13:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2002/09/11 13:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc) DRV - [2002/09/11 13:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2002/09/11 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2002/09/11 13:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2002/09/11 13:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810) DRV - [2002/09/11 13:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2002/09/11 13:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2002/09/11 13:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde) DRV - [2002/05/22 06:29:04 | 00,026,112 | ---- | M] () -- C:\WINDOWS\system32\drivers\wdmwanmp.sys -- (WDMWANMP) DRV - [2002/05/22 06:26:52 | 00,587,776 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\WDMCAPI.sys -- (WDMCAPI) DRV - [2001/10/18 19:00:00 | 00,006,144 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\viaidexp.sys -- (viaide1) |
#4
|
||||
|
||||
========== Standard Registry (SafeList) ==========
========== Internet Explorer ========== IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\C urrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.standbyservice.nl IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hotsheet.com/ IE - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\S-1-5-21-1045052069-2688705137-1675932612-1006\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FA A-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/08/30 14:40:59 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/02 14:56:12 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008/06/28 12:46:03 | 00,000,000 | ---D | M] [2008/12/22 21:06:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Mozilla\Extensions [2008/12/22 21:06:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Mozilla\Extensions\home2@tomtom.com O1 HOSTS File: (776 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe (HP) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NVIDIA Remote Control Panel] File not found O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [WINSCHEDULER] C:\Program Files\InterVideo\WinDVR\WinScheduler.exe (InterVideo Inc.) O4 - HKU\.DEFAULT..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation) O4 - HKU\S-1-5-18..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation) O4 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe File not found O4 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006..\Run: [AntiMalware] C:\Program Files\AntiMalware\antimalware.exe File not found O4 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006..\Run: [richtx64.exe] C:\Documents and Settings\Dad\Local Settings\Temp\richtx64.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe File not found O4 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\Dad\Menu Start\Programma's\Opstarten\OneNote-inhoudsopgave.onetoc2 () O4 - Startup: C:\Documents and Settings\Joy\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoResolveSearch = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: CDRAutoRun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: LinkResolveIgnoreLinkInfo = 0 O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Recovery present O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: E&xporteren naar Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.) O9 - Extra Button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\..Trusted Domains: 34 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} Reg Error: Key error. (PCPitstop Utility) O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} http://www.errornuker.com/products/e...rInstaller.exe (Reg Error: Value error.) O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} Reg Error: Key error. (Trend Micro ActiveX Scan Agent 6.6) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} http://a01-b01.mypicturetown.com/P2P.../x/Upld_47.CAB (QuickUpload) O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003/11/17 21:46:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{7d5c4f6a-d28d-11dd-b49f-487444737531}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* |
#5
|
||||
|
||||
========== Files/Folders - Created Within 30 Days ==========
[2009/12/05 12:35:01 | 00,157,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys [2009/11/16 20:59:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Bureaublad\html [2009/11/15 15:01:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\FileZilla [2009/11/15 15:01:11 | 00,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client [2009/11/14 16:41:08 | 00,000,000 | ---D | C] -- J:\Documents and Settings\Dad\Mijn documenten\HTML [2008/01/28 20:50:41 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll [2006/04/28 10:41:32 | 00,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\capi2032.dll [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009/12/05 16:30:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/12/05 15:07:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/12/05 14:02:38 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\Dad\ntuser.ini [2009/12/05 14:02:37 | 07,077,888 | ---- | M] () -- C:\Documents and Settings\Dad\ntuser.dat [2009/12/05 14:02:31 | 04,768,656 | -H-- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\IconCache.db [2009/12/05 12:31:46 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\housecall.guid.cache [2009/12/05 12:29:06 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/12/05 10:44:23 | 00,015,357 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF [2009/12/05 10:44:23 | 00,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata [2009/12/04 19:52:30 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/12/04 16:59:52 | 00,000,108 | -H-- | M] () -- C:\WINDOWS\System32\x10prod.sys [2009/11/30 20:00:50 | 00,188,928 | ---- | M] () -- C:\Documents and Settings\Dad\Bureaublad\Kalender2009.xls [2009/11/28 22:31:08 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/11/22 09:44:47 | 00,298,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/12/05 12:31:46 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\housecall.guid.cache [2009/12/05 10:44:23 | 00,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata [2009/12/04 16:59:52 | 00,000,108 | -H-- | C] () -- C:\WINDOWS\System32\x10prod.sys [2009/11/30 20:00:49 | 00,188,928 | ---- | C] () -- C:\Documents and Settings\Dad\Bureaublad\Kalender2009.xls [2009/02/11 20:01:16 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\$_hpcst$.hpc [2008/08/03 11:51:26 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT [2008/08/03 11:20:46 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Piano Med [2008/08/03 11:20:46 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT [2008/08/03 11:17:54 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Piano [2008/08/03 11:17:54 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT [2008/04/20 20:06:27 | 00,081,920 | R--- | C] () -- C:\WINDOWS\System32\srctrl.dll [2008/04/20 20:01:45 | 02,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll [2007/09/05 15:50:45 | 00,000,125 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/04/07 13:55:10 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2007/04/07 13:55:07 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2007/04/07 13:55:07 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2007/04/07 13:55:07 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2007/04/07 13:55:07 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2007/04/07 13:55:07 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2007/02/18 13:21:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WinHDM.INI [2007/02/18 13:01:40 | 03,870,720 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll [2007/02/18 13:01:16 | 00,006,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys [2007/02/18 13:01:15 | 00,120,995 | ---- | C] () -- C:\WINDOWS\System32\drivers\Uim_IM.sys [2007/02/18 13:01:04 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\WnASPI32.dll [2006/12/09 21:38:51 | 00,050,176 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/11/05 14:13:06 | 00,000,063 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ts_infos.ini [2006/10/29 13:42:34 | 00,002,148 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2006/10/05 09:47:15 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll [2006/10/05 09:47:15 | 00,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll [2006/09/24 17:32:49 | 00,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/09/14 16:49:44 | 00,000,176 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006/08/28 06:46:16 | 00,000,003 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt [2006/06/16 15:32:48 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2006/05/22 15:14:47 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2006/05/21 21:36:59 | 00,000,021 | ---- | C] () -- C:\WINDOWS\VI_setup.ini [2006/05/21 21:35:22 | 00,000,021 | ---- | C] () -- C:\WINDOWS\GCC_setup.ini [2006/05/21 21:34:45 | 00,000,021 | ---- | C] () -- C:\WINDOWS\ME_setup.ini [2006/05/21 21:34:14 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PI_SETUP.ini [2006/05/20 10:42:41 | 00,000,049 | ---- | C] () -- C:\WINDOWS\wpd99.drv [2006/05/20 10:42:31 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini [2006/05/20 10:39:48 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll [2006/05/20 10:39:48 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2006/05/17 19:06:44 | 00,012,190 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini [2006/05/14 16:22:41 | 00,000,580 | ---- | C] () -- C:\WINDOWS\hegames.ini [2006/04/28 22:33:53 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\fusioncache.dat [2006/04/28 10:45:46 | 00,126,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\NVCAP.SYS [2006/04/28 10:41:33 | 01,900,544 | ---- | C] () -- C:\WINDOWS\System32\cmiwcnfg.dll [2006/04/28 10:41:33 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll [2006/04/28 10:41:32 | 00,587,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\WDMCAPI.sys [2006/04/28 10:41:32 | 00,038,667 | ---- | C] () -- C:\WINDOWS\System32\isdncoin.dll [2006/04/28 10:41:32 | 00,026,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\wdmwanmp.sys [2006/04/28 10:41:32 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll [2006/04/28 10:41:32 | 00,008,976 | ---- | C] () -- C:\WINDOWS\System32\capi20.dll [2006/04/28 10:41:25 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll [2003/11/17 23:31:41 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2003/11/17 23:00:46 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2003/11/17 22:32:39 | 00,000,979 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2003/11/17 21:56:34 | 00,000,818 | ---- | C] () -- C:\WINDOWS\orun32.ini [1998/08/16 05:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPD4DD9B9 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 < End of report > |
#6
|
||||
|
||||
Extras.txt
======== OTL Extras logfile created on: 05/12/2009 16:35:22 - Run 1 OTL by OldTimer - Version 3.1.11.6 Folder = K:\cth Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: Verenigd Koninkrijk | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 84.91% Memory free 2.60 Gb Paging File | 2.48 Gb Available in Paging File | 95.19% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 108.52 Gb Total Space | 66.03 Gb Free Space | 60.85% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive J: | 74.53 Gb Total Space | 63.46 Gb Free Space | 85.15% Space Free | Partition Type: NTFS Drive K: | 963.70 Mb Total Space | 895.89 Mb Free Space | 92.96% Space Free | Partition Type: FAT Computer Name: GWJARDINE Current User Name: Dad Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List] "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List] "C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*isabled:Windows Media Player -- (Microsoft Corporation) "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microso ft DirectPlay Voice Test -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*isabled:RealPl ayer -- (RealNetworks, Inc.) "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC) "C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire) "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation) "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) |
#7
|
||||
|
||||
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{10F5387D-1728-423A-A578-B00982CF2646}" = Windows Live Messenger "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{15C165F1-1DAE-4476-AFB6-8723729B41E7}" = hp deskjet 5100 "{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}" = Microsoft .NET Framework 1.1 Dutch Language Pack "{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden "{205EBC8B-3FAC-4A4C-80A4-D9D73248BDA6}" = ArcSoft Greeting Card Creator "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13 "{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}" = Windows Live Call "{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{42C59DE7-38BB-4039-A341-EF5ED6C0AA72}" = NVRemote "{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0 "{562B9CA4-6E52-4F87-ACEC-912FC004F1F0}" = Windows Live Essentials "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2 "{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE DVD "{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland "{7E1FBCB0-500C-4A0D-AC9C-B1B76E75666B}" = Windows Live aanmeldhulp "{7EC003A3-51E9-4019-BEC0-DF99B0DF5CCF}" = NVDVD "{88F93347-0F9B-4FED-BA71-6C2A4CDFE61D}" = Ulead DVD MovieFactory 2 SE "{90120000-0010-0413-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Dutch) 12 "{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007 "{90120000-0016-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007 "{90120000-0018-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007 "{90120000-001B-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007 "{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007 "{90120000-006E-0413-0000-0000000FF1CE}_HOMESTUDENTR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007 "{90120000-00A1-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97A80FD4-8EEC-402F-ABFE-8D8A3ACDBE4E}" = VU Leerling Bovenbouw "{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6 "{9D669429-A2E4-4793-B7A0-283D259F39AF}" = Adobe Photoshop Lightroom 2.5 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0 "{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support "{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers "{B32A35C7-1D9E-4D96-A3F4-25B34FB6A080}" = GdiPlusDll "{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc "{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio "{C9618743-1A5C-461E-91C4-E013A3D70F3C}" = Adobe® Photoshop® Album Starter Edition 3.0.1 "{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}" = "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CB8251EE-C86B-410D-83B2-1E28E9DE2C2B}" = LG GSM PC Components "{CC9D60B8-B270-4AE0-8208-CCB01C42CD6A}" = InterVideo WinDVR "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}" = WinZip 11.2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D43F13A1-1E39-4BD4-9682-DF889FE75421}" = "{DD54CF66-090B-43E7-97C1-110EF526474D}" = ArcSoft Multimedia Email "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series "{E2D201C4-92AF-4544-A5CC-1419F8D5618B}" = ArcSoft VideoImpression 2 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{EFF8A42A-0814-4864-92D7-52EFB3048ABD}" = PhotoImpression "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F2DD7B9B-4384-4131-A79C-804D6E0564BD}" = USB Mass Storage Reader "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "Aangifte inkomstenbelasting 2007" = Aangifte inkomstenbelasting 2007 "Ad-Aware" = Ad-Aware "Ad-Aware SE Personal" = Ad-Aware SE Personal "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player "Cabri II" = Cabri-géomètre II "CAL" = Canon Camera Access Library "CameraWindowDC" = Canon Utilities CameraWindow DC "CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "CD Box Labeler Pro - Trial_is1" = CD Box Labeler Pro "C-Media Audio Driver" = C-Media WDM Audio Driver "Connection Manager" = "Creative PC-CAM Center" = Creative PC-CAM Center "Creative PD1120" = Creative WebCam NX Ultra Driver (1.00.06.0919) "Creative WebCam Monitor" = Creative WebCam Monitor "Creative WebCam NX Ultra User's Guide English" = Creative WebCam NX Ultra User's Guide (English) "CSCLIB" = Canon Camera Support Core Library "Easy CD-DA Extractor 12" = Easy CD-DA Extractor 12 "EOS Utility" = Canon Utilities EOS Utility "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "hp deskjet 5100 series_Driver" = hp deskjet 5100 series "hp print screen utility" = hp print screen utility "Huur- en zorgtoeslag 2008" = Huur- en zorgtoeslag 2008 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Interactive Training" = "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23) "MSC" = McAfee SecurityCenter "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSI30a-KB884016" = "MSI30-Beta1" = "MSI30-Beta2" = "MSI30-KB884016" = "MSI30-RC1" = "MSI30-RC2" = "MSI31-Beta" = "MSI31-RC1" = "MyCamera" = Canon Utilities MyCamera "MyCameraDC" = Canon Utilities MyCamera DC "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA" = NVIDIA Windows 2000/XP Display Drivers "PCHealth" = "Pdf995" = Pdf995 "PhotoStitch" = Canon Utilities PhotoStitch "PROSet" = Intel(R) PRO Network Adapters and Drivers "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RAYMANM" = RAYMANM "RealPlayer 6.0" = RealPlayer "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SpywareBlaster_is1" = SpywareBlaster 4.1 "System Tweaker_is1" = Uniblue System Tweaker "Vodafone 804SS USB driver" = Vodafone 804SS USB driver Software "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows Mobile Device Handbook" = Windows Mobile Resources "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "WMCSetup" = Windows Media Connect "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility |
#8
|
||||
|
||||
========== Last 10 Event Log Errors ==========
[ Application Events ] Error - 10/11/2009 11:34:03 | Computer Name = GWJARDINE | Source = MsiInstaller | ID = 10005 Description = Product: Windows Live Communications Platform -- Er is een onverwachte fout opgetreden tijdens de installatie van dit pakket. Er is mogelijk een probleem met dit pakket. De foutcode is: 2762. De schakelopties zijn: , , . Error - 10/11/2009 11:34:03 | Computer Name = GWJARDINE | Source = MsiInstaller | ID = 10005 Description = Product: Windows Live Communications Platform -- Er is een onverwachte fout opgetreden tijdens de installatie van dit pakket. Er is mogelijk een probleem met dit pakket. De foutcode is: 2762. De schakelopties zijn: , , . Error - 10/11/2009 12:14:21 | Computer Name = GWJARDINE | Source = Microsoft Office 12 | ID = 5000 Description = EventType officelifeboathang, P1 powerpnt.exe, P2 12.0.6500.5000, P3 ntdll.dll, P4 5.1.2600.5755, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL. Error - 21/11/2009 06:38:37 | Computer Name = GWJARDINE | Source = McLogEvent | ID = 5051 Description = Een thread in het proces C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe had meer dan 90000 ms nodig om een opdracht te voltooien. Het proces wordt beëindigd. Thread-id: 3388 (0xd3c) Threadadres: 0x7C90E514 Threadbericht: Build VSCORE.14.0.0.435 / 5301.4018 Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee\VirusScan\Engine\5301.4018\config.dat by c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) Error - 21/11/2009 07:58:33 | Computer Name = GWJARDINE | Source = McLogEvent | ID = 5022 Description = Initialisatie van de MCSCAN32-engine is mislukt. De engine heeft de volgende fout geretourneerd: 3 Error - 21/11/2009 17:01:57 | Computer Name = GWJARDINE | Source = MsiInstaller | ID = 10005 Description = Product: Windows Live Communications Platform -- Er is een onverwachte fout opgetreden tijdens de installatie van dit pakket. Er is mogelijk een probleem met dit pakket. De foutcode is: 2762. De schakelopties zijn: , , . Error - 21/11/2009 17:01:57 | Computer Name = GWJARDINE | Source = MsiInstaller | ID = 10005 Description = Product: Windows Live Communications Platform -- Er is een onverwachte fout opgetreden tijdens de installatie van dit pakket. Er is mogelijk een probleem met dit pakket. De foutcode is: 2762. De schakelopties zijn: , , . Error - 27/11/2009 16:58:42 | Computer Name = GWJARDINE | Source = McLogEvent | ID = 5051 Description = Een thread in het proces C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe had meer dan 90000 ms nodig om een opdracht te voltooien. Het proces wordt beëindigd. Thread-id: 3640 (0xe38) Threadadres: 0x7C90E514 Threadbericht: Build VSCORE.14.0.0.435 / 5301.4018 Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee\VirusScan\Engine\5301.4018\config.dat by c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) Error - 28/11/2009 09:50:48 | Computer Name = GWJARDINE | Source = crypt32 | ID = 131083 Description = Het uitpakken van een basislijst uit de cab voor automatische updates is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> met de fout: Er is een interne certificeringsketenfout opgetreden. Error - 04/12/2009 11:59:08 | Computer Name = GWJARDINE | Source = crypt32 | ID = 131083 Description = Het uitpakken van een basislijst uit de cab voor automatische updates is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> met de fout: Er is een interne certificeringsketenfout opgetreden. [ OSession Events ] Error - 13/07/2006 10:23:43 | Computer Name = GWJARDINE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4017.1006, Microsoft Office Version: 12.0.4017.1006. This session lasted 161 seconds with 0 seconds of active time. This session ended with a crash. Error - 07/10/2006 11:41:16 | Computer Name = GWJARDINE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4017.1006, Microsoft Office Version: 12.0.4017.1006. This session lasted 1891 seconds with 780 seconds of active time. This session ended with a crash. Error - 17/10/2006 12:17:07 | Computer Name = GWJARDINE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4017.1006, Microsoft Office Version: 12.0.4017.1006. This session lasted 1145 seconds with 960 seconds of active time. This session ended with a crash. Error - 01/11/2006 12:07:06 | Computer Name = GWJARDINE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4017.1004, Microsoft Office Version: 12.0.4017.1006. This session lasted 4658 seconds with 1320 seconds of active time. This session ended with a crash. Error - 04/11/2006 08:57:32 | Computer Name = GWJARDINE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4017.1004, Microsoft Office Version: 12.0.4017.1006. This session lasted 447 seconds with 420 seconds of active time. This session ended with a crash. Error - 17/11/2006 11:17:37 | Computer Name = GWJARDINE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4017.1006, Microsoft Office Version: 12.0.4017.1006. This session lasted 10090 seconds with 1200 seconds of active time. This session ended with a crash. Error - 13/09/2007 12:05:11 | Computer Name = GWJARDINE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7125 seconds with 5940 seconds of active time. This session ended with a crash. Error - 29/02/2008 09:43:19 | Computer Name = GWJARDINE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 125 seconds with 60 seconds of active time. This session ended with a crash. Error - 11/05/2008 08:23:57 | Computer Name = GWJARDINE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2748 seconds with 720 seconds of active time. This session ended with a crash. [ System Events ] Error - 05/12/2009 11:31:31 | Computer Name = GWJARDINE | Source = Service Control Manager | ID = 7001 Description = De DNS Client-service is afhankelijk van de Stuurprogramma voor TCP/IP-protocol-service, die vanwege de volgende fout niet kan worden gestart: %%31 Error - 05/12/2009 11:31:31 | Computer Name = GWJARDINE | Source = Service Control Manager | ID = 7001 Description = De TCP/IP NetBIOS Helper-service is afhankelijk van de Omgeving voor AFD-netwerkondersteuning-service, die vanwege de volgende fout niet kan worden gestart: %%31 Error - 05/12/2009 11:31:31 | Computer Name = GWJARDINE | Source = Service Control Manager | ID = 7009 Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: McAfee Services. Error - 05/12/2009 11:31:31 | Computer Name = GWJARDINE | Source = Service Control Manager | ID = 7000 Description = De McAfee Services-service kan vanwege de volgende fout niet worden gestart: %%1053 Error - 05/12/2009 11:31:31 | Computer Name = GWJARDINE | Source = Service Control Manager | ID = 7001 Description = De IPSEC-services-service is afhankelijk van de IPSEC-stuurprogramma-service, die vanwege de volgende fout niet kan worden gestart: %%31 Error - 05/12/2009 11:31:31 | Computer Name = GWJARDINE | Source = Service Control Manager | ID = 7026 Description = De volgende opstartstuurprogramma's zijn niet geladen: AFD Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Error - 05/12/2009 11:31:49 | Computer Name = GWJARDINE | Source = DCOM | ID = 10005 Description = DCOM kreeg foutmelding '%1084' bij het starten van de netman-service met de argumenten '' om de server {BA126AE5-2166-11D1-B1D0-00805FC1270E} te starten Error - 05/12/2009 11:32:11 | Computer Name = GWJARDINE | Source = DCOM | ID = 10005 Description = DCOM kreeg foutmelding '%1084' bij het starten van de StiSvc-service met de argumenten '' om de server {A1F4E726-8CF1-11D1-BF92-0060081ED811} te starten Error - 05/12/2009 11:34:28 | Computer Name = GWJARDINE | Source = DCOM | ID = 10005 Description = DCOM kreeg foutmelding '%1084' bij het starten van de StiSvc-service met de argumenten '' om de server {A1F4E726-8CF1-11D1-BF92-0060081ED811} te starten Error - 05/12/2009 11:34:44 | Computer Name = GWJARDINE | Source = DCOM | ID = 10005 Description = DCOM kreeg foutmelding '%1084' bij het starten van de StiSvc-service met de argumenten '' om de server {A1F4E726-8CF1-11D1-BF92-0060081ED811} te starten < End of report > Hope this enough to make a start! Regards, Graham |
#9
|
||||
|
||||
Hi,
Download Combofix from any of the links below but rename it to <schrauber> before saving it to your desktop. Link 1 Link 2 -------------------------------------------------------------------- Double click on the renamed Combofix.exe & follow the prompts.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply. This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper If you need help, see this link: http://www.bleepingcomputer.com/comb...o-use-combofix |
#10
|
||||
|
||||
combofix log
Tom:
There's some Dutch text in here, hope that's not too much of a problem . . . =============== ComboFix 09-12-04.05 - Dad 05/12/2009 17:52.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1478 [GMT 1:00] Gestart vanuit: k:\cth\schrauber.exe AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} * Aanwezig AV is actief . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\Dad\LOCALS~1\Temp\wscsvc32.exe c:\documents and settings\All Users\Application Data\Microsoft\WLSetup c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-04-26_15-58_724-cdf9sz0h.log c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-11-10_16-33_12ec-rhcoxkiy.log c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-11-21_22-00_1590-5gw17qd3.log c:\windows\system32\drivers\H8SRTsinxudpulh.sys c:\windows\system32\H8SRTbabwruxevb.dll c:\windows\system32\h8srtcfg.dat c:\windows\system32\H8SRTimoyxtqawy.dll c:\windows\system32\H8SRTldllrmamlt.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_H8SRTd.sys -------\Legacy_H8SRTd.sys (((((((((((((((((((( Bestanden Gemaakt van 2009-11-05 to 2009-12-05 )))))))))))))))))))))))))))))) . 2009-12-05 11:35 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-12-05 09:48 . 2009-12-05 09:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCach e 2009-12-04 15:59 . 2009-12-04 15:59 108 ---ha-w- c:\windows\system32\x10prod.sys 2009-11-21 11:56 . 2009-11-21 11:56 -------- d-----w- c:\windows\system32\wbem\Repository 2009-11-15 14:01 . 2009-11-15 20:02 -------- d-----w- c:\documents and settings\Dad\Application Data\FileZilla 2009-11-15 14:01 . 2009-11-21 11:52 -------- d-----w- c:\program files\FileZilla FTP Client . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-12-05 09:42 . 2008-08-28 07:41 -------- d-----w- c:\program files\xnews 2009-12-04 22:37 . 2007-02-28 21:25 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-12-01 20:38 . 2008-08-28 18:22 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-11-27 18:53 . 2009-09-21 18:52 3695616 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AutoLaunch.exe 2009-11-25 10:19 . 2006-04-30 06:54 82856 ----a-w- c:\documents and settings\Joy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-24 20:53 . 2007-10-13 12:03 -------- d-----w- c:\documents and settings\Mom\Application Data\Skype 2009-11-24 20:52 . 2009-03-11 13:14 -------- d-----w- c:\documents and settings\Mom\Application Data\skypePM 2009-11-21 21:42 . 2006-06-11 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-11-21 21:36 . 2007-02-16 13:33 -------- d-----w- c:\program files\Microsoft Works 2009-11-21 21:08 . 2009-05-23 09:28 -------- d-----w- c:\program files\McAfee 2009-11-21 21:02 . 2006-04-28 09:48 -------- d-----w- c:\program files\Microsoft 2009-11-21 21:00 . 2006-04-30 07:16 82856 ----a-w- c:\documents and settings\Mom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-10 15:38 . 2008-04-09 19:10 -------- d-----w- c:\program files\Windows Live 2009-11-10 10:52 . 2006-04-29 11:07 82856 ----a-w- c:\documents and settings\Akadia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-08 19:42 . 2006-12-12 17:30 -------- d-----w- c:\documents and settings\Joy\Application Data\Skype 2009-11-08 09:40 . 2009-10-23 17:04 -------- d-----w- c:\documents and settings\Joy\Application Data\skypePM 2009-11-04 19:52 . 2009-11-04 19:52 -------- d-----w- c:\documents and settings\Joy\Application Data\AdobeAUM 2009-11-02 20:52 . 2006-12-03 12:16 -------- d-----w- c:\documents and settings\Dad\Application Data\Skype 2009-10-30 17:59 . 2009-10-30 17:59 -------- d-----w- c:\documents and settings\Akadia\Application Data\Malwarebytes 2009-10-30 15:34 . 2009-10-30 15:34 -------- d-----w- c:\program files\Overland 2009-10-19 18:52 . 2009-08-31 18:52 2353992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe 2009-10-19 17:26 . 2009-10-17 20:37 45 ----a-w- c:\documents and settings\Joy\jagex_runescape_preferences2.dat 2009-10-19 17:26 . 2008-09-21 10:35 38 ----a-w- c:\documents and settings\Joy\jagex_runescape_preferences.dat 2009-10-15 07:45 . 2003-11-17 21:32 585494 ----a-w- c:\windows\system32\perfh013.dat 2009-10-15 07:45 . 2003-11-17 21:32 115792 ----a-w- c:\windows\system32\perfc013.dat 2009-10-11 10:58 . 2009-10-09 14:38 199365 ----a-w- c:\documents and settings\Mom\Application Data\Thunderbird\Profiles\h6ao0nso.default\Mail\Lo cal Folders\Inbox.sbd\Play.com 2009-10-09 16:53 . 2009-10-09 16:53 -------- d-----w- c:\documents and settings\Joy\Application Data\Malwarebytes 2009-10-09 13:36 . 2009-10-09 13:36 -------- d-----w- c:\documents and settings\Mom\Application Data\Malwarebytes 2009-09-16 14:05 . 2009-09-16 14:05 152576 ----a-w- c:\documents and settings\Mom\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-09-16 09:22 . 2009-05-23 09:30 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-09-16 09:22 . 2009-05-23 09:30 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-09-16 09:22 . 2009-05-23 09:30 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-09-16 09:22 . 2009-03-25 09:06 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-09-16 09:22 . 2009-05-23 09:24 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-09-11 14:20 . 2003-12-22 23:20 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 13:54 . 2009-10-03 15:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 13:53 . 2009-10-03 15:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2008-01-28 19:49 . 2008-01-28 19:50 774144 ----a-w- c:\program files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) ) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 -reboot 1" [X] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-21 520024] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86 \3\hpztsb09.exe" [2003-07-28 188416] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "NVIDIA Remote Control Panel"="NVAREM.EXE" - c:\windows\system32\nvarem.exe [2003-07-30 139264] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-07-28 323584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "NvMediaCenter"="c:\windows\System32\NVMCTRAY. DLL" [2003-07-28 49152] c:\documents and settings\Joy\Menu Start\Programma's\Opstarten\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696] c:\documents and settings\Dad\Menu Start\Programma's\Opstarten\ OneNote-inhoudsopgave.onetoc2 [2009-5-18 3656] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\StubInstaller.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13/02/2009 19:52 64160] R0 viaide1;viaide1;c:\windows\system32\drivers\viaide xp.sys [22/12/2003 21:50 6144] R0 viasraid;viasraid;c:\windows\system32\drivers\vias raid.sys [22/12/2003 21:50 75904] R0 WDMCAPI;ISDN PCI CAPI;c:\windows\system32\drivers\WDMCAPI.sys [28/04/2006 10:41 587776] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 22:34 1028432] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [23/05/2009 10:32 203280] R2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\drivers\NVTUNEP.SYS [28/04/2006 10:45 20580] R2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\NVTVSND.SYS [28/04/2006 10:45 22644] R3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [21/05/2006 21:47 759050] R3 WDMWANMP;NDIS WAN miniport;c:\windows\system32\drivers\wdmwanmp.sys [28/04/2006 10:41 26112] S3 CEUSBAUD;DigiTech USB MIDI Driver;c:\windows\system32\drivers\ceusbaud.sys [01/11/2003 21:19 17920] . Inhoud van de 'Gedeelde Taken' map 2009-12-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 18:52] 2009-10-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-23 11:22] 2009-11-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-23 11:22] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.hotsheet.com/ uInternet Connection Wizard,ShellNext = hxxp://www.standbyservice.nl/ uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {15589FA1-C456-11CE-BF01-000000000000} - hxxp://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} - hxxp://a01-b01.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB . - - - - ORPHANS VERWIJDERD - - - - HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe HKCU-Run-Advanced SystemCare 3 - c:\program files\IObit\Advanced SystemCare 3\AWC.exe HKCU-Run-AntiMalware - c:\program files\AntiMalware\antimalware.exe AddRemove-Ad-Aware - c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe REMOVE=TRUE MODIFY=FALSE AddRemove-Cabri II - c:\cabri\UNINST AddRemove-Pdf995 - c:\program files\pdf995\setup.exe uninstall AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-05 18:14 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run NVIDIA Remote Control Panel = NVAREM.EXE /S /Q /R /L /A1 /B0 /C0 /D2 /E0???????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????? ????????? ?? ?????????????????? !"#$%&' scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************** ************************ . Voltooingstijd: 2009-12-05 18:18 ComboFix-quarantined-files.txt 2009-12-05 17:18 Pre-Run: 70,883,737,600 bytes beschikbaar Post-Run: 72,036,691,968 bytes beschikbaar - - End Of File - - C6CB40BF2F96E6A773A54330C91E0E8E |
#11
|
||||
|
||||
Hi,
No problem, I love other languages . Please update your version of Malwarebytes and run a quick scan, post back with the content of the logfile, also please post back with a fresh OTL logfile. How is your system running? |
#12
|
||||
|
||||
Tom:
The system is at least running now, whereas earlier it was not. It does appear to be a bit sluggish though. Here is the Malwarebytes log. ===================== Malwarebytes' Anti-Malware 1.42 Database version: 3300 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 05/12/2009 20:29:12 mbam-log-2009-12-05 (20-29-09).txt Scan type: Full Scan (C:\|J:\|) Objects scanned: 243389 Time elapsed: 1 hour(s), 45 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{62C98687-500A-43B4-851F-F9D285612D19}\RP152\A0028797.sys (Malware.Packer) -> No action taken. C:\System Volume Information\_restore{62C98687-500A-43B4-851F-F9D285612D19}\RP152\A0028798.dll (Trojan.FakeAlert) -> No action taken. C:\System Volume Information\_restore{62C98687-500A-43B4-851F-F9D285612D19}\RP152\A0028799.dll (Trojan.FakeAlert) -> No action taken. C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTbabwr uxevb.dll.vir (Trojan.FakeAlert) -> No action taken. C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTimoyx tqawy.dll.vir (Trojan.FakeAlert) -> No action taken. C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\H8 SRTsinxudpulh.sys.vir (Malware.Packer) -> No action taken. ============================ And here is the second OTL scan log. OTL scan log ========== OTL logfile created on: 05/12/2009 21:05:35 - Run 2 OTL by OldTimer - Version 3.1.11.6 Folder = K:\cth Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: Verenigd Koninkrijk | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.54% Memory free 2.60 Gb Paging File | 2.25 Gb Available in Paging File | 86.48% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 108.52 Gb Total Space | 67.12 Gb Free Space | 61.85% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive J: | 74.53 Gb Total Space | 63.58 Gb Free Space | 85.31% Space Free | Partition Type: NTFS Drive K: | 963.70 Mb Total Space | 892.22 Mb Free Space | 92.58% Space Free | Partition Type: FAT Computer Name: GWJARDINE Current User Name: Dad Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009/12/05 14:00:34 | 00,536,064 | ---- | M] (OldTimer Tools) -- K:\cth\OTL.exe PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe PRC - [2009/09/21 19:52:27 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2009/09/21 19:52:26 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2009/09/16 10:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe PRC - [2009/09/16 09:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe PRC - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe PRC - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe PRC - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe PRC - [2009/01/23 09:46:14 | 00,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe PRC - [2008/04/14 18:02:58 | 01,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe PRC - [2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe PRC - [2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe PRC - [2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe PRC - [2006/06/05 12:59:18 | 00,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe PRC - [2005/06/06 22:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe PRC - [2004/05/12 15:18:56 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe PRC - [2003/07/28 14:43:44 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe PRC - [2003/07/28 13:19:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2003/07/10 13:34:10 | 00,139,264 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\WinDVR\WinScheduler.exe PRC - [2003/06/25 11:24:48 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe PRC - [2003/05/21 18:37:08 | 00,229,437 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe PRC - [2002/09/11 13:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe PRC - [2001/05/01 16:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe ========== Modules (SafeList) ========== MOD - [2009/12/05 14:00:34 | 00,536,064 | ---- | M] (OldTimer Tools) -- K:\cth\OTL.exe MOD - [2009/01/23 09:46:18 | 00,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll ========== Win32 Services (SafeList) ========== SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService) SRV - [2009/09/21 19:52:26 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2009/09/16 11:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2009/09/16 10:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield) SRV - [2009/09/16 09:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon) SRV - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc) SRV - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy) SRV - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc) SRV - [2009/01/23 09:46:14 | 00,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/06/05 12:59:18 | 00,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer) SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003/07/28 14:07:58 | 00,278,528 | R--- | M] (HP) -- C:\WINDOWS\system32\hpdj -- (hpdj) SRV - [2003/07/28 13:19:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - [2003/06/24 17:22:48 | 00,020,480 | ---- | M] (X10) -- C:\WINDOWS\system32\x10nets.exe -- (x10nets) SRV - [2001/05/01 16:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service) ========== Driver Services (SafeList) ========== DRV - [2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe -- (mbr) DRV - [2009/09/16 10:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/09/16 10:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009/09/16 10:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009/09/16 10:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009/09/16 10:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk) DRV - [2009/08/30 19:33:49 | 00,082,380 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2009/07/16 12:32:26 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP) DRV - [2009/04/24 18:52:58 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2009/02/10 04:34:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2009/02/10 04:34:00 | 00,009,200 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k) DRV - [2009/02/10 04:34:00 | 00,009,072 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp) DRV - [2008/04/13 19:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx) DRV - [2008/04/13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) DRV - [2008/04/13 19:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 19:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2007/11/13 11:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2005/12/15 12:57:46 | 01,368,000 | ---- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda) DRV - [2005/08/30 00:49:38 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm) DRV - [2005/08/30 00:49:34 | 00,008,336 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl) DRV - [2005/08/30 00:47:38 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) DRV - [2005/04/29 02:05:58 | 00,026,672 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus) DRV - [2005/04/27 11:03:24 | 00,120,995 | ---- | M] () -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM) DRV - [2003/11/01 21:19:38 | 00,017,920 | ---- | M] (CEntrance, Inc.) -- C:\WINDOWS\system32\drivers\ceusbaud.sys -- (CEUSBAUD) DRV - [2003/09/19 07:34:06 | 00,759,050 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\P1120Vid.sys -- (P1120VID) DRV - [2003/09/16 03:16:00 | 00,126,352 | ---- | M] () -- C:\WINDOWS\system32\drivers\NVCAP.SYS -- (nvcap) nVidia WDM Video Capture (universal) DRV - [2003/09/16 03:16:00 | 00,022,644 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVTVSND.SYS -- (nvtvSND) DRV - [2003/09/16 03:16:00 | 00,020,580 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVTUNEP.SYS -- (nvTUNEP) DRV - [2003/09/16 03:16:00 | 00,013,330 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVXBAR.SYS -- (NVXBAR) DRV - [2003/07/28 13:19:00 | 01,341,339 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2003/06/12 18:31:46 | 00,075,904 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\viasraid.sys -- (viasraid) DRV - [2003/03/04 11:56:26 | 00,145,408 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R) DRV - [2003/02/11 18:38:58 | 00,064,384 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ulsata.sys -- (UlSata) DRV - [2002/10/21 19:40:04 | 00,006,016 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\SYSTEM32\DRIVERS\siside.sys -- (SiSide) DRV - [2002/10/01 08:22:32 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2002/09/11 13:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2002/09/11 13:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2002/09/11 13:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2002/09/11 13:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2002/09/11 13:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra) DRV - [2002/09/11 13:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2002/09/11 13:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2002/09/11 13:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2002/09/11 13:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc) DRV - [2002/09/11 13:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2002/09/11 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2002/09/11 13:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2002/09/11 13:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810) DRV - [2002/09/11 13:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2002/09/11 13:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2002/09/11 13:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde) DRV - [2002/05/22 06:29:04 | 00,026,112 | ---- | M] () -- C:\WINDOWS\system32\drivers\wdmwanmp.sys -- (WDMWANMP) DRV - [2002/05/22 06:26:52 | 00,587,776 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\WDMCAPI.sys -- (WDMCAPI) DRV - [2001/10/18 19:00:00 | 00,006,144 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\viaidexp.sys -- (viaide1) Last edited by Bonksie; December 5th, 2009 at 09:40 PM. Reason: corrected spelling error |
#13
|
||||
|
||||
========== Standard Registry (SafeList) ==========
========== Internet Explorer ========== IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\C urrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.standbyservice.nl IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.standbyservice.nl IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hotsheet.com/ IE - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\S-1-5-21-1045052069-2688705137-1675932612-1006\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FA A-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/08/30 14:40:59 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/02 14:56:12 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008/06/28 12:46:03 | 00,000,000 | ---D | M] [2008/12/22 21:06:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Mozilla\Extensions [2008/12/22 21:06:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Mozilla\Extensions\home2@tomtom.com O1 HOSTS File: (776 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe (HP) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NVIDIA Remote Control Panel] File not found O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [WINSCHEDULER] C:\Program Files\InterVideo\WinDVR\WinScheduler.exe (InterVideo Inc.) O4 - HKU\.DEFAULT..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation) O4 - HKU\S-1-5-18..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation) O4 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\Dad\Menu Start\Programma's\Opstarten\OneNote-inhoudsopgave.onetoc2 () O4 - Startup: C:\Documents and Settings\Joy\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoResolveSearch = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: CDRAutoRun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: LinkResolveIgnoreLinkInfo = 0 O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Recovery present O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: E&xporteren naar Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.) O9 - Extra Button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\..Trusted Domains: 34 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} Reg Error: Key error. (PCPitstop Utility) O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} http://www.errornuker.com/products/e...rInstaller.exe (Reg Error: Value error.) O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} Reg Error: Key error. (Trend Micro ActiveX Scan Agent 6.6) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} http://a01-b01.mypicturetown.com/P2P.../x/Upld_47.CAB (QuickUpload) O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003/11/17 21:46:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2009/12/05 17:35:14 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/12/05 17:35:14 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/12/05 17:35:14 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/12/05 17:35:14 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/12/05 17:31:25 | 00,000,000 | ---D | C] -- C:\Qoobox [2009/12/05 12:35:01 | 00,157,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys [2009/11/16 20:59:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Bureaublad\html [2009/11/15 15:01:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\FileZilla [2009/11/15 15:01:11 | 00,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client [2009/11/14 16:41:08 | 00,000,000 | ---D | C] -- J:\Documents and Settings\Dad\Mijn documenten\HTML [2008/01/28 20:50:41 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll [2006/04/28 10:41:32 | 00,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\capi2032.dll [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] |
#14
|
||||
|
||||
========== Files - Modified Within 30 Days ==========
[2009/12/05 21:04:17 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/12/05 20:32:13 | 00,015,485 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF [2009/12/05 20:31:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/12/05 20:31:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/12/05 20:29:53 | 07,077,888 | ---- | M] () -- C:\Documents and Settings\Dad\ntuser.dat [2009/12/05 20:29:53 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\Dad\ntuser.ini [2009/12/05 20:29:42 | 04,866,934 | -H-- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\IconCache.db [2009/12/05 18:15:05 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009/12/05 12:31:46 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\housecall.guid.cache [2009/12/04 19:52:30 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/12/04 16:59:52 | 00,000,108 | -H-- | M] () -- C:\WINDOWS\System32\x10prod.sys [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/11/30 20:00:50 | 00,188,928 | ---- | M] () -- C:\Documents and Settings\Dad\Bureaublad\Kalender2009.xls [2009/11/28 22:31:08 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/11/22 09:44:47 | 00,298,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/12/05 17:35:14 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009/12/05 17:35:14 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009/12/05 17:35:14 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009/12/05 17:35:14 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2009/12/05 17:35:14 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009/12/05 12:31:46 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\housecall.guid.cache [2009/12/04 16:59:52 | 00,000,108 | -H-- | C] () -- C:\WINDOWS\System32\x10prod.sys [2009/11/30 20:00:49 | 00,188,928 | ---- | C] () -- C:\Documents and Settings\Dad\Bureaublad\Kalender2009.xls [2009/02/11 20:01:16 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\$_hpcst$.hpc [2008/08/03 11:51:26 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT [2008/08/03 11:20:46 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Piano Med [2008/08/03 11:20:46 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT [2008/08/03 11:17:54 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Piano [2008/08/03 11:17:54 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT [2008/04/20 20:06:27 | 00,081,920 | R--- | C] () -- C:\WINDOWS\System32\srctrl.dll [2008/04/20 20:01:45 | 02,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll [2007/09/05 15:50:45 | 00,000,125 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/04/07 13:55:10 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2007/04/07 13:55:07 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2007/04/07 13:55:07 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2007/04/07 13:55:07 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2007/04/07 13:55:07 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2007/04/07 13:55:07 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2007/02/18 13:21:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WinHDM.INI [2007/02/18 13:01:40 | 03,870,720 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll [2007/02/18 13:01:16 | 00,006,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys [2007/02/18 13:01:15 | 00,120,995 | ---- | C] () -- C:\WINDOWS\System32\drivers\Uim_IM.sys [2007/02/18 13:01:04 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\WnASPI32.dll [2006/12/09 21:38:51 | 00,050,176 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/11/05 14:13:06 | 00,000,063 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ts_infos.ini [2006/10/29 13:42:34 | 00,002,148 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2006/10/05 09:47:15 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll [2006/10/05 09:47:15 | 00,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll [2006/09/24 17:32:49 | 00,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/09/14 16:49:44 | 00,000,176 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006/08/28 06:46:16 | 00,000,003 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt [2006/06/16 15:32:48 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2006/05/22 15:14:47 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2006/05/21 21:36:59 | 00,000,021 | ---- | C] () -- C:\WINDOWS\VI_setup.ini [2006/05/21 21:35:22 | 00,000,021 | ---- | C] () -- C:\WINDOWS\GCC_setup.ini [2006/05/21 21:34:45 | 00,000,021 | ---- | C] () -- C:\WINDOWS\ME_setup.ini [2006/05/21 21:34:14 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PI_SETUP.ini [2006/05/20 10:42:41 | 00,000,049 | ---- | C] () -- C:\WINDOWS\wpd99.drv [2006/05/20 10:42:31 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini [2006/05/20 10:39:48 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll [2006/05/20 10:39:48 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2006/05/17 19:06:44 | 00,012,190 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini [2006/05/14 16:22:41 | 00,000,580 | ---- | C] () -- C:\WINDOWS\hegames.ini [2006/04/28 22:33:53 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\fusioncache.dat [2006/04/28 10:45:46 | 00,126,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\NVCAP.SYS [2006/04/28 10:41:33 | 01,900,544 | ---- | C] () -- C:\WINDOWS\System32\cmiwcnfg.dll [2006/04/28 10:41:33 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll [2006/04/28 10:41:32 | 00,587,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\WDMCAPI.sys [2006/04/28 10:41:32 | 00,038,667 | ---- | C] () -- C:\WINDOWS\System32\isdncoin.dll [2006/04/28 10:41:32 | 00,026,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\wdmwanmp.sys [2006/04/28 10:41:32 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll [2006/04/28 10:41:32 | 00,008,976 | ---- | C] () -- C:\WINDOWS\System32\capi20.dll [2006/04/28 10:41:25 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll [2003/11/17 23:31:41 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2003/11/17 23:00:46 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2003/11/17 22:32:39 | 00,000,979 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2003/11/17 21:56:34 | 00,000,818 | ---- | C] () -- C:\WINDOWS\orun32.ini [1998/08/16 05:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPD4DD9B9 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 < End of report > Cheers, Graham. |
#15
|
||||
|
||||
We are on the right way
Disable your antivirus program and go here (http://www.eset.com/onlinescan/) and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes: Remove found threats Scan unwanted applications Click Start. This scan may take a while, so please be patient. Go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt. Click Edit - Select All then copy/paste that log back here. |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Antimalware Go | Super48 | Malware Removal | 69 | March 20th, 2011 03:49 AM |
antimalware doctor- combo fix log | k9mom007 | Malware Removal | 283 | September 23rd, 2010 10:55 PM |
Antimalware doctor | Jerry56 | Windows XP | 4 | August 17th, 2010 06:56 PM |
antimalware doctor | Saga286 | Malware Removal | 1 | July 29th, 2010 05:12 AM |
Malwarebytes AntiMalware | shkhaslam | Malware Removal | 4 | November 19th, 2009 04:18 AM |
All times are GMT +1. The time now is 04:37 AM.