Antimalware has taken over

[Bonksie]

Hi all!

An adaware live popup warned that some malicious program was attempting to infiltrate and that a background scan was in progress. Popups appeared informing me that my system was heavily infected and that I should update my data files for Antimalware (which I did not consciously install).

The program has disabled Macafee and Malwarebytes. All system restore points were deleted. No software will run - the IE browser starts up but freezes after a minute or so. I rebooted into safe mode and ran Housecall which found no threats.

I am typing this from another computer. What should I do to begin the cleanup?

[schrauber]

Hello, Bonksie
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



Please take note of some guidelines for this fix:

• Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
• If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
• Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
• Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
• Please set your system to show all files.
  Click Start, open My Computer, select the Tools menu and click Folder Options.
  Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
  Uncheck: Hide file extensions for known file types
  Uncheck the Hide protected operating system files (recommended) option.
  Click Yes to confirm.

Please download the following tools to the desktop of the non-infected system:

Gmer
OTL


Burn it to a cd and move to the infected system, copy both to the desktop of the infected system and do this:




Step 1

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
• Now click the Scan button. If you see a rootkit warning window, click OK.
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
• Click the Copy button and paste the results into your next reply.
• Exit GMER and re-enable all active protection when done.

Step 2

• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• Push the button.
• Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

[Bonksie]

Hi Tom,

Thanks for responding.

I could not get GMER to complete the scan. I tried four times, but after scanning for quite some time the system froze up. I have posted the log of the initial scan, however.

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit quick scan 2009-12-05 16:33:41
Windows 5.1.2600 Service Pack 3
Running: 3f6so6fo.exe; Driver: C:\DOCUME~1\Dad\LOCALS~1\Temp\kwtcqpow.sys


---- System - GMER 1.0.15 ----

Code 89BEA250 ZwEnumerateKey
Code 89BEA218 ZwFlushInstructionCache
Code 89BEC816 IofCallDriver
Code 89C6580E IofCompleteRequest

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\H8SRTsinxudpulh.sys (*** hidden *** ) [SYSTEM] H8SRTd.sys <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----




Here are the OTL logs.

OTL.txt
======

OTL logfile created on: 05/12/2009 16:35:22 - Run 1
OTL by OldTimer - Version 3.1.11.6 Folder = K:\cth
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: Verenigd Koninkrijk | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 84.91% Memory free
2.60 Gb Paging File | 2.48 Gb Available in Paging File | 95.19% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.52 Gb Total Space | 66.03 Gb Free Space | 60.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 74.53 Gb Total Space | 63.46 Gb Free Space | 85.15% Space Free | Partition Type: NTFS
Drive K: | 963.70 Mb Total Space | 895.89 Mb Free Space | 92.96% Space Free | Partition Type: FAT

Computer Name: GWJARDINE
Current User Name: Dad
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/05 14:00:34 | 00,536,064 | ---- | M] (OldTimer Tools) -- K:\cth\OTL.exe
PRC - [2009/09/21 19:52:26 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/14 18:02:58 | 01,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/09/11 13:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe


========== Modules (SafeList) ==========

MOD - [2009/12/05 14:00:34 | 00,536,064 | ---- | M] (OldTimer Tools) -- K:\cth\OTL.exe
MOD - [2008/04/14 18:02:33 | 00,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/21 19:52:26 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/16 11:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/01/23 09:46:14 | 00,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/06/05 12:59:18 | 00,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 14:07:58 | 00,278,528 | R--- | M] (HP) -- C:\WINDOWS\system32\hpdj -- (hpdj)
SRV - [2003/07/28 13:19:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003/06/24 17:22:48 | 00,020,480 | ---- | M] (X10) -- C:\WINDOWS\system32\x10nets.exe -- (x10nets)
SRV - [2001/05/01 16:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service)


========== Driver Services (SafeList) ==========

DRV - [2009/09/16 10:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/30 19:33:49 | 00,082,380 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2009/07/16 12:32:26 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/04/24 18:52:58 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/02/10 04:34:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009/02/10 04:34:00 | 00,009,200 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2009/02/10 04:34:00 | 00,009,072 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/04/13 19:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2008/04/13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio)
DRV - [2008/04/13 19:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 19:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 11:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2005/12/15 12:57:46 | 01,368,000 | ---- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda)
DRV - [2005/08/30 00:49:38 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2005/08/30 00:49:34 | 00,008,336 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2005/08/30 00:47:38 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2005/04/29 02:05:58 | 00,026,672 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2005/04/27 11:03:24 | 00,120,995 | ---- | M] () -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2003/11/01 21:19:38 | 00,017,920 | ---- | M] (CEntrance, Inc.) -- C:\WINDOWS\system32\drivers\ceusbaud.sys -- (CEUSBAUD)
DRV - [2003/09/19 07:34:06 | 00,759,050 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\P1120Vid.sys -- (P1120VID)
DRV - [2003/09/16 03:16:00 | 00,126,352 | ---- | M] () -- C:\WINDOWS\system32\drivers\NVCAP.SYS -- (nvcap) nVidia WDM Video Capture (universal)
DRV - [2003/09/16 03:16:00 | 00,022,644 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVTVSND.SYS -- (nvtvSND)
DRV - [2003/09/16 03:16:00 | 00,020,580 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVTUNEP.SYS -- (nvTUNEP)
DRV - [2003/09/16 03:16:00 | 00,013,330 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVXBAR.SYS -- (NVXBAR)
DRV - [2003/07/28 13:19:00 | 01,341,339 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/06/12 18:31:46 | 00,075,904 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\viasraid.sys -- (viasraid)
DRV - [2003/03/04 11:56:26 | 00,145,408 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R)
DRV - [2003/02/11 18:38:58 | 00,064,384 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ulsata.sys -- (UlSata)
DRV - [2002/10/21 19:40:04 | 00,006,016 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\SYSTEM32\DRIVERS\siside.sys -- (SiSide)
DRV - [2002/10/01 08:22:32 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/09/11 13:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2002/09/11 13:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2002/09/11 13:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2002/09/11 13:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2002/09/11 13:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2002/09/11 13:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2002/09/11 13:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2002/09/11 13:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2002/09/11 13:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2002/09/11 13:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2002/09/11 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/09/11 13:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2002/09/11 13:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2002/09/11 13:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2002/09/11 13:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2002/09/11 13:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2002/05/22 06:29:04 | 00,026,112 | ---- | M] () -- C:\WINDOWS\system32\drivers\wdmwanmp.sys -- (WDMWANMP)
DRV - [2002/05/22 06:26:52 | 00,587,776 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\WDMCAPI.sys -- (WDMCAPI)
DRV - [2001/10/18 19:00:00 | 00,006,144 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\viaidexp.sys -- (viaide1)

[Bonksie]

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\C urrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.standbyservice.nl
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hotsheet.com/
IE - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\S-1-5-21-1045052069-2688705137-1675932612-1006\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FA A-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/08/30 14:40:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/02 14:56:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008/06/28 12:46:03 | 00,000,000 | ---D | M]

[2008/12/22 21:06:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Mozilla\Extensions
[2008/12/22 21:06:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Mozilla\Extensions\home2@tomtom.com

O1 HOSTS File: (776 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe (HP)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVIDIA Remote Control Panel] File not found
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [WINSCHEDULER] C:\Program Files\InterVideo\WinDVR\WinScheduler.exe (InterVideo Inc.)
O4 - HKU\.DEFAULT..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-18..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe File not found
O4 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006..\Run: [AntiMalware] C:\Program Files\AntiMalware\antimalware.exe File not found
O4 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006..\Run: [richtx64.exe] C:\Documents and Settings\Dad\Local Settings\Temp\richtx64.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe File not found
O4 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Dad\Menu Start\Programma's\Opstarten\OneNote-inhoudsopgave.onetoc2 ()
O4 - Startup: C:\Documents and Settings\Joy\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\..Trusted Domains: 34 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} Reg Error: Key error. (PCPitstop Utility)
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} http://www.errornuker.com/products/e...rInstaller.exe (Reg Error: Value error.)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} Reg Error: Key error. (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} http://a01-b01.mypicturetown.com/P2P.../x/Upld_47.CAB (QuickUpload)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/11/17 21:46:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7d5c4f6a-d28d-11dd-b49f-487444737531}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

[Bonksie]

========== Files/Folders - Created Within 30 Days ==========

[2009/12/05 12:35:01 | 00,157,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/11/16 20:59:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Bureaublad\html
[2009/11/15 15:01:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\FileZilla
[2009/11/15 15:01:11 | 00,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2009/11/14 16:41:08 | 00,000,000 | ---D | C] -- J:\Documents and Settings\Dad\Mijn documenten\HTML
[2008/01/28 20:50:41 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2006/04/28 10:41:32 | 00,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\capi2032.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/05 16:30:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/05 15:07:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/05 14:02:38 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\Dad\ntuser.ini
[2009/12/05 14:02:37 | 07,077,888 | ---- | M] () -- C:\Documents and Settings\Dad\ntuser.dat
[2009/12/05 14:02:31 | 04,768,656 | -H-- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\IconCache.db
[2009/12/05 12:31:46 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\housecall.guid.cache
[2009/12/05 12:29:06 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/05 10:44:23 | 00,015,357 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/12/05 10:44:23 | 00,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
[2009/12/04 19:52:30 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/12/04 16:59:52 | 00,000,108 | -H-- | M] () -- C:\WINDOWS\System32\x10prod.sys
[2009/11/30 20:00:50 | 00,188,928 | ---- | M] () -- C:\Documents and Settings\Dad\Bureaublad\Kalender2009.xls
[2009/11/28 22:31:08 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/22 09:44:47 | 00,298,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/05 12:31:46 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\housecall.guid.cache
[2009/12/05 10:44:23 | 00,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
[2009/12/04 16:59:52 | 00,000,108 | -H-- | C] () -- C:\WINDOWS\System32\x10prod.sys
[2009/11/30 20:00:49 | 00,188,928 | ---- | C] () -- C:\Documents and Settings\Dad\Bureaublad\Kalender2009.xls
[2009/02/11 20:01:16 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\$_hpcst$.hpc
[2008/08/03 11:51:26 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
[2008/08/03 11:20:46 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Piano Med
[2008/08/03 11:20:46 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2008/08/03 11:17:54 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Piano
[2008/08/03 11:17:54 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/04/20 20:06:27 | 00,081,920 | R--- | C] () -- C:\WINDOWS\System32\srctrl.dll
[2008/04/20 20:01:45 | 02,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
[2007/09/05 15:50:45 | 00,000,125 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/07 13:55:10 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/04/07 13:55:07 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/04/07 13:55:07 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/04/07 13:55:07 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/04/07 13:55:07 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/04/07 13:55:07 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/02/18 13:21:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WinHDM.INI
[2007/02/18 13:01:40 | 03,870,720 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2007/02/18 13:01:16 | 00,006,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys
[2007/02/18 13:01:15 | 00,120,995 | ---- | C] () -- C:\WINDOWS\System32\drivers\Uim_IM.sys
[2007/02/18 13:01:04 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\WnASPI32.dll
[2006/12/09 21:38:51 | 00,050,176 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/05 14:13:06 | 00,000,063 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ts_infos.ini
[2006/10/29 13:42:34 | 00,002,148 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/10/05 09:47:15 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2006/10/05 09:47:15 | 00,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2006/09/24 17:32:49 | 00,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/14 16:49:44 | 00,000,176 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/28 06:46:16 | 00,000,003 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2006/06/16 15:32:48 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/05/22 15:14:47 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/05/21 21:36:59 | 00,000,021 | ---- | C] () -- C:\WINDOWS\VI_setup.ini
[2006/05/21 21:35:22 | 00,000,021 | ---- | C] () -- C:\WINDOWS\GCC_setup.ini
[2006/05/21 21:34:45 | 00,000,021 | ---- | C] () -- C:\WINDOWS\ME_setup.ini
[2006/05/21 21:34:14 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PI_SETUP.ini
[2006/05/20 10:42:41 | 00,000,049 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2006/05/20 10:42:31 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2006/05/20 10:39:48 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2006/05/20 10:39:48 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/05/17 19:06:44 | 00,012,190 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2006/05/14 16:22:41 | 00,000,580 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/04/28 22:33:53 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\fusioncache.dat
[2006/04/28 10:45:46 | 00,126,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\NVCAP.SYS
[2006/04/28 10:41:33 | 01,900,544 | ---- | C] () -- C:\WINDOWS\System32\cmiwcnfg.dll
[2006/04/28 10:41:33 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2006/04/28 10:41:32 | 00,587,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\WDMCAPI.sys
[2006/04/28 10:41:32 | 00,038,667 | ---- | C] () -- C:\WINDOWS\System32\isdncoin.dll
[2006/04/28 10:41:32 | 00,026,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\wdmwanmp.sys
[2006/04/28 10:41:32 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/04/28 10:41:32 | 00,008,976 | ---- | C] () -- C:\WINDOWS\System32\capi20.dll
[2006/04/28 10:41:25 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/11/17 23:31:41 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/11/17 23:00:46 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/11/17 22:32:39 | 00,000,979 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/11/17 21:56:34 | 00,000,818 | ---- | C] () -- C:\WINDOWS\orun32.ini
[1998/08/16 05:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPD4DD9B9
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

[Bonksie]

Extras.txt
========

OTL Extras logfile created on: 05/12/2009 16:35:22 - Run 1
OTL by OldTimer - Version 3.1.11.6 Folder = K:\cth
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: Verenigd Koninkrijk | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 84.91% Memory free
2.60 Gb Paging File | 2.48 Gb Available in Paging File | 95.19% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.52 Gb Total Space | 66.03 Gb Free Space | 60.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 74.53 Gb Total Space | 63.46 Gb Free Space | 85.15% Space Free | Partition Type: NTFS
Drive K: | 963.70 Mb Total Space | 895.89 Mb Free Space | 92.96% Space Free | Partition Type: FAT

Computer Name: GWJARDINE
Current User Name: Dad
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*isabled:Windows Media Player -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microso ft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*isabled:RealPl ayer -- (RealNetworks, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

[Bonksie]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{10F5387D-1728-423A-A578-B00982CF2646}" = Windows Live Messenger
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15C165F1-1DAE-4476-AFB6-8723729B41E7}" = hp deskjet 5100
"{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}" = Microsoft .NET Framework 1.1 Dutch Language Pack
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden
"{205EBC8B-3FAC-4A4C-80A4-D9D73248BDA6}" = ArcSoft Greeting Card Creator
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}" = Windows Live Call
"{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{42C59DE7-38BB-4039-A341-EF5ED6C0AA72}" = NVRemote
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{562B9CA4-6E52-4F87-ACEC-912FC004F1F0}" = Windows Live Essentials
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE DVD
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{7E1FBCB0-500C-4A0D-AC9C-B1B76E75666B}" = Windows Live aanmeldhulp
"{7EC003A3-51E9-4019-BEC0-DF99B0DF5CCF}" = NVDVD
"{88F93347-0F9B-4FED-BA71-6C2A4CDFE61D}" = Ulead DVD MovieFactory 2 SE
"{90120000-0010-0413-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Dutch) 12
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_HOMESTUDENTR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A80FD4-8EEC-402F-ABFE-8D8A3ACDBE4E}" = VU Leerling Bovenbouw
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9D669429-A2E4-4793-B7A0-283D259F39AF}" = Adobe Photoshop Lightroom 2.5
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
"{B32A35C7-1D9E-4D96-A3F4-25B34FB6A080}" = GdiPlusDll
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{C9618743-1A5C-461E-91C4-E013A3D70F3C}" = Adobe® Photoshop® Album Starter Edition 3.0.1
"{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}" =
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB8251EE-C86B-410D-83B2-1E28E9DE2C2B}" = LG GSM PC Components
"{CC9D60B8-B270-4AE0-8208-CCB01C42CD6A}" = InterVideo WinDVR
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}" = WinZip 11.2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D43F13A1-1E39-4BD4-9682-DF889FE75421}" =
"{DD54CF66-090B-43E7-97C1-110EF526474D}" = ArcSoft Multimedia Email
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{E2D201C4-92AF-4544-A5CC-1419F8D5618B}" = ArcSoft VideoImpression 2
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EFF8A42A-0814-4864-92D7-52EFB3048ABD}" = PhotoImpression
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2DD7B9B-4384-4131-A79C-804D6E0564BD}" = USB Mass Storage Reader
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Aangifte inkomstenbelasting 2007" = Aangifte inkomstenbelasting 2007
"Ad-Aware" = Ad-Aware
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Cabri II" = Cabri-géomètre II
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CD Box Labeler Pro - Trial_is1" = CD Box Labeler Pro
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Connection Manager" =
"Creative PC-CAM Center" = Creative PC-CAM Center
"Creative PD1120" = Creative WebCam NX Ultra Driver (1.00.06.0919)
"Creative WebCam Monitor" = Creative WebCam Monitor
"Creative WebCam NX Ultra User's Guide English" = Creative WebCam NX Ultra User's Guide (English)
"CSCLIB" = Canon Camera Support Core Library
"Easy CD-DA Extractor 12" = Easy CD-DA Extractor 12
"EOS Utility" = Canon Utilities EOS Utility
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hp deskjet 5100 series_Driver" = hp deskjet 5100 series
"hp print screen utility" = hp print screen utility
"Huur- en zorgtoeslag 2008" = Huur- en zorgtoeslag 2008
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Interactive Training" =
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PCHealth" =
"Pdf995" = Pdf995
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RAYMANM" = RAYMANM
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SpywareBlaster_is1" = SpywareBlaster 4.1
"System Tweaker_is1" = Uniblue System Tweaker
"Vodafone 804SS USB driver" = Vodafone 804SS USB driver Software
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile Resources
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

[Bonksie]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/11/2009 11:34:03 | Computer Name = GWJARDINE | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- Er is een onverwachte
fout opgetreden tijdens de installatie van dit pakket. Er is mogelijk een probleem
met dit pakket. De foutcode is: 2762. De schakelopties zijn: , , .

Error - 10/11/2009 11:34:03 | Computer Name = GWJARDINE | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- Er is een onverwachte
fout opgetreden tijdens de installatie van dit pakket. Er is mogelijk een probleem
met dit pakket. De foutcode is: 2762. De schakelopties zijn: , , .

Error - 10/11/2009 12:14:21 | Computer Name = GWJARDINE | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 powerpnt.exe, P2 12.0.6500.5000,
P3 ntdll.dll, P4 5.1.2600.5755, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 21/11/2009 06:38:37 | Computer Name = GWJARDINE | Source = McLogEvent | ID = 5051
Description = Een thread in het proces C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
had meer dan 90000 ms nodig om een opdracht te voltooien. Het proces wordt beëindigd.
Thread-id:
3388 (0xd3c) Threadadres: 0x7C90E514 Threadbericht: Build VSCORE.14.0.0.435 / 5301.4018

Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee\VirusScan\Engine\5301.4018\config.dat

by c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 21/11/2009 07:58:33 | Computer Name = GWJARDINE | Source = McLogEvent | ID = 5022
Description = Initialisatie van de MCSCAN32-engine is mislukt. De engine heeft de
volgende fout geretourneerd: 3

Error - 21/11/2009 17:01:57 | Computer Name = GWJARDINE | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- Er is een onverwachte
fout opgetreden tijdens de installatie van dit pakket. Er is mogelijk een probleem
met dit pakket. De foutcode is: 2762. De schakelopties zijn: , , .

Error - 21/11/2009 17:01:57 | Computer Name = GWJARDINE | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- Er is een onverwachte
fout opgetreden tijdens de installatie van dit pakket. Er is mogelijk een probleem
met dit pakket. De foutcode is: 2762. De schakelopties zijn: , , .

Error - 27/11/2009 16:58:42 | Computer Name = GWJARDINE | Source = McLogEvent | ID = 5051
Description = Een thread in het proces C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
had meer dan 90000 ms nodig om een opdracht te voltooien. Het proces wordt beëindigd.
Thread-id:
3640 (0xe38) Threadadres: 0x7C90E514 Threadbericht: Build VSCORE.14.0.0.435 / 5301.4018

Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee\VirusScan\Engine\5301.4018\config.dat

by c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 28/11/2009 09:50:48 | Computer Name = GWJARDINE | Source = crypt32 | ID = 131083
Description = Het uitpakken van een basislijst uit de cab voor automatische updates
is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
met de fout: Er is een interne certificeringsketenfout opgetreden.

Error - 04/12/2009 11:59:08 | Computer Name = GWJARDINE | Source = crypt32 | ID = 131083
Description = Het uitpakken van een basislijst uit de cab voor automatische updates
is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
met de fout: Er is een interne certificeringsketenfout opgetreden.

[ OSession Events ]
Error - 13/07/2006 10:23:43 | Computer Name = GWJARDINE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4017.1006, Microsoft Office Version: 12.0.4017.1006. This session lasted 161
seconds with 0 seconds of active time. This session ended with a crash.

Error - 07/10/2006 11:41:16 | Computer Name = GWJARDINE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4017.1006, Microsoft Office Version: 12.0.4017.1006. This session lasted 1891
seconds with 780 seconds of active time. This session ended with a crash.

Error - 17/10/2006 12:17:07 | Computer Name = GWJARDINE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4017.1006, Microsoft Office Version: 12.0.4017.1006. This session lasted 1145
seconds with 960 seconds of active time. This session ended with a crash.

Error - 01/11/2006 12:07:06 | Computer Name = GWJARDINE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4017.1004, Microsoft Office Version: 12.0.4017.1006. This session lasted 4658
seconds with 1320 seconds of active time. This session ended with a crash.

Error - 04/11/2006 08:57:32 | Computer Name = GWJARDINE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4017.1004, Microsoft Office Version: 12.0.4017.1006. This session lasted 447
seconds with 420 seconds of active time. This session ended with a crash.

Error - 17/11/2006 11:17:37 | Computer Name = GWJARDINE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4017.1006, Microsoft Office Version: 12.0.4017.1006. This session lasted 10090
seconds with 1200 seconds of active time. This session ended with a crash.

Error - 13/09/2007 12:05:11 | Computer Name = GWJARDINE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7125
seconds with 5940 seconds of active time. This session ended with a crash.

Error - 29/02/2008 09:43:19 | Computer Name = GWJARDINE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 125
seconds with 60 seconds of active time. This session ended with a crash.

Error - 11/05/2008 08:23:57 | Computer Name = GWJARDINE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 2748 seconds with 720 seconds of active time. This session ended with a
crash.

[ System Events ]
Error - 05/12/2009 11:31:31 | Computer Name = GWJARDINE | Source = Service Control Manager | ID = 7001
Description = De DNS Client-service is afhankelijk van de Stuurprogramma voor TCP/IP-protocol-service,
die vanwege de volgende fout niet kan worden gestart: %%31

Error - 05/12/2009 11:31:31 | Computer Name = GWJARDINE | Source = Service Control Manager | ID = 7001
Description = De TCP/IP NetBIOS Helper-service is afhankelijk van de Omgeving voor
AFD-netwerkondersteuning-service, die vanwege de volgende fout niet kan worden
gestart: %%31

Error - 05/12/2009 11:31:31 | Computer Name = GWJARDINE | Source = Service Control Manager | ID = 7009
Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
deze service: McAfee Services.

Error - 05/12/2009 11:31:31 | Computer Name = GWJARDINE | Source = Service Control Manager | ID = 7000
Description = De McAfee Services-service kan vanwege de volgende fout niet worden
gestart: %%1053

Error - 05/12/2009 11:31:31 | Computer Name = GWJARDINE | Source = Service Control Manager | ID = 7001
Description = De IPSEC-services-service is afhankelijk van de IPSEC-stuurprogramma-service,
die vanwege de volgende fout niet kan worden gestart: %%31

Error - 05/12/2009 11:31:31 | Computer Name = GWJARDINE | Source = Service Control Manager | ID = 7026
Description = De volgende opstartstuurprogramma's zijn niet geladen: AFD Fips intelppm
IPSec
mfehidk
MPFP
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip

Error - 05/12/2009 11:31:49 | Computer Name = GWJARDINE | Source = DCOM | ID = 10005
Description = DCOM kreeg foutmelding '%1084' bij het starten van de netman-service
met de argumenten '' om de server {BA126AE5-2166-11D1-B1D0-00805FC1270E} te starten

Error - 05/12/2009 11:32:11 | Computer Name = GWJARDINE | Source = DCOM | ID = 10005
Description = DCOM kreeg foutmelding '%1084' bij het starten van de StiSvc-service
met de argumenten '' om de server {A1F4E726-8CF1-11D1-BF92-0060081ED811} te starten

Error - 05/12/2009 11:34:28 | Computer Name = GWJARDINE | Source = DCOM | ID = 10005
Description = DCOM kreeg foutmelding '%1084' bij het starten van de StiSvc-service
met de argumenten '' om de server {A1F4E726-8CF1-11D1-BF92-0060081ED811} te starten

Error - 05/12/2009 11:34:44 | Computer Name = GWJARDINE | Source = DCOM | ID = 10005
Description = DCOM kreeg foutmelding '%1084' bij het starten van de StiSvc-service
met de argumenten '' om de server {A1F4E726-8CF1-11D1-BF92-0060081ED811} te starten


< End of report >


Hope this enough to make a start!

Regards,
Graham

[schrauber]

Hi,


Download Combofix from any of the links below but rename it to <schrauber> before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.

• When finished, it will produce a report for you.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingcomputer.com/comb...o-use-combofix

[Bonksie]

Tom:

There's some Dutch text in here, hope that's not too much of a problem . . .

===============

ComboFix 09-12-04.05 - Dad 05/12/2009 17:52.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1478 [GMT 1:00]
Gestart vanuit: k:\cth\schrauber.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Aanwezig AV is actief

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Dad\LOCALS~1\Temp\wscsvc32.exe
c:\documents and settings\All Users\Application Data\Microsoft\WLSetup
c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-04-26_15-58_724-cdf9sz0h.log
c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-11-10_16-33_12ec-rhcoxkiy.log
c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-11-21_22-00_1590-5gw17qd3.log
c:\windows\system32\drivers\H8SRTsinxudpulh.sys
c:\windows\system32\H8SRTbabwruxevb.dll
c:\windows\system32\h8srtcfg.dat
c:\windows\system32\H8SRTimoyxtqawy.dll
c:\windows\system32\H8SRTldllrmamlt.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys


(((((((((((((((((((( Bestanden Gemaakt van 2009-11-05 to 2009-12-05 ))))))))))))))))))))))))))))))
.

2009-12-05 11:35 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-12-05 09:48 . 2009-12-05 09:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCach e
2009-12-04 15:59 . 2009-12-04 15:59 108 ---ha-w- c:\windows\system32\x10prod.sys
2009-11-21 11:56 . 2009-11-21 11:56 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-15 14:01 . 2009-11-15 20:02 -------- d-----w- c:\documents and settings\Dad\Application Data\FileZilla
2009-11-15 14:01 . 2009-11-21 11:52 -------- d-----w- c:\program files\FileZilla FTP Client

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-12-05 09:42 . 2008-08-28 07:41 -------- d-----w- c:\program files\xnews
2009-12-04 22:37 . 2007-02-28 21:25 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-12-01 20:38 . 2008-08-28 18:22 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-11-27 18:53 . 2009-09-21 18:52 3695616 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AutoLaunch.exe
2009-11-25 10:19 . 2006-04-30 06:54 82856 ----a-w- c:\documents and settings\Joy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-24 20:53 . 2007-10-13 12:03 -------- d-----w- c:\documents and settings\Mom\Application Data\Skype
2009-11-24 20:52 . 2009-03-11 13:14 -------- d-----w- c:\documents and settings\Mom\Application Data\skypePM
2009-11-21 21:42 . 2006-06-11 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-21 21:36 . 2007-02-16 13:33 -------- d-----w- c:\program files\Microsoft Works
2009-11-21 21:08 . 2009-05-23 09:28 -------- d-----w- c:\program files\McAfee
2009-11-21 21:02 . 2006-04-28 09:48 -------- d-----w- c:\program files\Microsoft
2009-11-21 21:00 . 2006-04-30 07:16 82856 ----a-w- c:\documents and settings\Mom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-10 15:38 . 2008-04-09 19:10 -------- d-----w- c:\program files\Windows Live
2009-11-10 10:52 . 2006-04-29 11:07 82856 ----a-w- c:\documents and settings\Akadia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-08 19:42 . 2006-12-12 17:30 -------- d-----w- c:\documents and settings\Joy\Application Data\Skype
2009-11-08 09:40 . 2009-10-23 17:04 -------- d-----w- c:\documents and settings\Joy\Application Data\skypePM
2009-11-04 19:52 . 2009-11-04 19:52 -------- d-----w- c:\documents and settings\Joy\Application Data\AdobeAUM
2009-11-02 20:52 . 2006-12-03 12:16 -------- d-----w- c:\documents and settings\Dad\Application Data\Skype
2009-10-30 17:59 . 2009-10-30 17:59 -------- d-----w- c:\documents and settings\Akadia\Application Data\Malwarebytes
2009-10-30 15:34 . 2009-10-30 15:34 -------- d-----w- c:\program files\Overland
2009-10-19 18:52 . 2009-08-31 18:52 2353992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-10-19 17:26 . 2009-10-17 20:37 45 ----a-w- c:\documents and settings\Joy\jagex_runescape_preferences2.dat
2009-10-19 17:26 . 2008-09-21 10:35 38 ----a-w- c:\documents and settings\Joy\jagex_runescape_preferences.dat
2009-10-15 07:45 . 2003-11-17 21:32 585494 ----a-w- c:\windows\system32\perfh013.dat
2009-10-15 07:45 . 2003-11-17 21:32 115792 ----a-w- c:\windows\system32\perfc013.dat
2009-10-11 10:58 . 2009-10-09 14:38 199365 ----a-w- c:\documents and settings\Mom\Application Data\Thunderbird\Profiles\h6ao0nso.default\Mail\Lo cal Folders\Inbox.sbd\Play.com
2009-10-09 16:53 . 2009-10-09 16:53 -------- d-----w- c:\documents and settings\Joy\Application Data\Malwarebytes
2009-10-09 13:36 . 2009-10-09 13:36 -------- d-----w- c:\documents and settings\Mom\Application Data\Malwarebytes
2009-09-16 14:05 . 2009-09-16 14:05 152576 ----a-w- c:\documents and settings\Mom\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-16 09:22 . 2009-05-23 09:30 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 09:22 . 2009-05-23 09:30 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 09:22 . 2009-05-23 09:30 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 09:22 . 2009-03-25 09:06 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 09:22 . 2009-05-23 09:24 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:20 . 2003-12-22 23:20 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 13:54 . 2009-10-03 15:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-10-03 15:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-01-28 19:49 . 2008-01-28 19:50 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 -reboot 1" [X]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-21 520024]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86 \3\hpztsb09.exe" [2003-07-28 188416]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"NVIDIA Remote Control Panel"="NVAREM.EXE" - c:\windows\system32\nvarem.exe [2003-07-30 139264]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-07-28 323584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY. DLL" [2003-07-28 49152]

c:\documents and settings\Joy\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\Dad\Menu Start\Programma's\Opstarten\
OneNote-inhoudsopgave.onetoc2 [2009-5-18 3656]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\StubInstaller.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13/02/2009 19:52 64160]
R0 viaide1;viaide1;c:\windows\system32\drivers\viaide xp.sys [22/12/2003 21:50 6144]
R0 viasraid;viasraid;c:\windows\system32\drivers\vias raid.sys [22/12/2003 21:50 75904]
R0 WDMCAPI;ISDN PCI CAPI;c:\windows\system32\drivers\WDMCAPI.sys [28/04/2006 10:41 587776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 22:34 1028432]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [23/05/2009 10:32 203280]
R2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\drivers\NVTUNEP.SYS [28/04/2006 10:45 20580]
R2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\NVTVSND.SYS [28/04/2006 10:45 22644]
R3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [21/05/2006 21:47 759050]
R3 WDMWANMP;NDIS WAN miniport;c:\windows\system32\drivers\wdmwanmp.sys [28/04/2006 10:41 26112]
S3 CEUSBAUD;DigiTech USB MIDI Driver;c:\windows\system32\drivers\ceusbaud.sys [01/11/2003 21:19 17920]
.
Inhoud van de 'Gedeelde Taken' map

2009-12-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 18:52]

2009-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-23 11:22]

2009-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-23 11:22]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.hotsheet.com/
uInternet Connection Wizard,ShellNext = hxxp://www.standbyservice.nl/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {15589FA1-C456-11CE-BF01-000000000000} - hxxp://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A}
DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} - hxxp://a01-b01.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB
.
- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
HKCU-Run-Advanced SystemCare 3 - c:\program files\IObit\Advanced SystemCare 3\AWC.exe
HKCU-Run-AntiMalware - c:\program files\AntiMalware\antimalware.exe
AddRemove-Ad-Aware - c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-Cabri II - c:\cabri\UNINST
AddRemove-Pdf995 - c:\program files\pdf995\setup.exe uninstall
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-05 18:14
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
NVIDIA Remote Control Panel = NVAREM.EXE /S /Q /R /L /A1 /B0 /C0 /D2 /E0???????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????? ????????? ?? ?????????????????? !"#$%&'

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
Voltooingstijd: 2009-12-05 18:18
ComboFix-quarantined-files.txt 2009-12-05 17:18

Pre-Run: 70,883,737,600 bytes beschikbaar
Post-Run: 72,036,691,968 bytes beschikbaar

- - End Of File - - C6CB40BF2F96E6A773A54330C91E0E8E

[schrauber]

Hi,

No problem, I love other languages .


Please update your version of Malwarebytes and run a quick scan, post back with the content of the logfile, also please post back with a fresh OTL logfile.

How is your system running?

[Bonksie]

Tom:

The system is at least running now, whereas earlier it was not. It does appear to be a bit sluggish though.

Here is the Malwarebytes log.

=====================

Malwarebytes' Anti-Malware 1.42
Database version: 3300
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

05/12/2009 20:29:12
mbam-log-2009-12-05 (20-29-09).txt

Scan type: Full Scan (C:\|J:\|)
Objects scanned: 243389
Time elapsed: 1 hour(s), 45 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{62C98687-500A-43B4-851F-F9D285612D19}\RP152\A0028797.sys (Malware.Packer) -> No action taken.
C:\System Volume Information\_restore{62C98687-500A-43B4-851F-F9D285612D19}\RP152\A0028798.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{62C98687-500A-43B4-851F-F9D285612D19}\RP152\A0028799.dll (Trojan.FakeAlert) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTbabwr uxevb.dll.vir (Trojan.FakeAlert) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTimoyx tqawy.dll.vir (Trojan.FakeAlert) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\H8 SRTsinxudpulh.sys.vir (Malware.Packer) -> No action taken.

============================

And here is the second OTL scan log.

OTL scan log
==========

OTL logfile created on: 05/12/2009 21:05:35 - Run 2
OTL by OldTimer - Version 3.1.11.6 Folder = K:\cth
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: Verenigd Koninkrijk | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.54% Memory free
2.60 Gb Paging File | 2.25 Gb Available in Paging File | 86.48% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.52 Gb Total Space | 67.12 Gb Free Space | 61.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 74.53 Gb Total Space | 63.58 Gb Free Space | 85.31% Space Free | Partition Type: NTFS
Drive K: | 963.70 Mb Total Space | 892.22 Mb Free Space | 92.58% Space Free | Partition Type: FAT

Computer Name: GWJARDINE
Current User Name: Dad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/05 14:00:34 | 00,536,064 | ---- | M] (OldTimer Tools) -- K:\cth\OTL.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/21 19:52:27 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/09/21 19:52:26 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/09/16 10:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/01/23 09:46:14 | 00,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/04/14 18:02:58 | 01,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2006/06/05 12:59:18 | 00,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
PRC - [2005/06/06 22:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2004/05/12 15:18:56 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2003/07/28 14:43:44 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
PRC - [2003/07/28 13:19:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2003/07/10 13:34:10 | 00,139,264 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
PRC - [2003/06/25 11:24:48 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
PRC - [2003/05/21 18:37:08 | 00,229,437 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2002/09/11 13:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2001/05/01 16:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe


========== Modules (SafeList) ==========

MOD - [2009/12/05 14:00:34 | 00,536,064 | ---- | M] (OldTimer Tools) -- K:\cth\OTL.exe
MOD - [2009/01/23 09:46:18 | 00,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/21 19:52:26 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/16 11:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/01/23 09:46:14 | 00,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/06/05 12:59:18 | 00,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 14:07:58 | 00,278,528 | R--- | M] (HP) -- C:\WINDOWS\system32\hpdj -- (hpdj)
SRV - [2003/07/28 13:19:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003/06/24 17:22:48 | 00,020,480 | ---- | M] (X10) -- C:\WINDOWS\system32\x10nets.exe -- (x10nets)
SRV - [2001/05/01 16:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service)


========== Driver Services (SafeList) ==========

DRV - [2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe -- (mbr)
DRV - [2009/09/16 10:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/30 19:33:49 | 00,082,380 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2009/07/16 12:32:26 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/04/24 18:52:58 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/02/10 04:34:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009/02/10 04:34:00 | 00,009,200 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2009/02/10 04:34:00 | 00,009,072 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/04/13 19:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2008/04/13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio)
DRV - [2008/04/13 19:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 19:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 11:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2005/12/15 12:57:46 | 01,368,000 | ---- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda)
DRV - [2005/08/30 00:49:38 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2005/08/30 00:49:34 | 00,008,336 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2005/08/30 00:47:38 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2005/04/29 02:05:58 | 00,026,672 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2005/04/27 11:03:24 | 00,120,995 | ---- | M] () -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2003/11/01 21:19:38 | 00,017,920 | ---- | M] (CEntrance, Inc.) -- C:\WINDOWS\system32\drivers\ceusbaud.sys -- (CEUSBAUD)
DRV - [2003/09/19 07:34:06 | 00,759,050 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\P1120Vid.sys -- (P1120VID)
DRV - [2003/09/16 03:16:00 | 00,126,352 | ---- | M] () -- C:\WINDOWS\system32\drivers\NVCAP.SYS -- (nvcap) nVidia WDM Video Capture (universal)
DRV - [2003/09/16 03:16:00 | 00,022,644 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVTVSND.SYS -- (nvtvSND)
DRV - [2003/09/16 03:16:00 | 00,020,580 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVTUNEP.SYS -- (nvTUNEP)
DRV - [2003/09/16 03:16:00 | 00,013,330 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVXBAR.SYS -- (NVXBAR)
DRV - [2003/07/28 13:19:00 | 01,341,339 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/06/12 18:31:46 | 00,075,904 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\viasraid.sys -- (viasraid)
DRV - [2003/03/04 11:56:26 | 00,145,408 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R)
DRV - [2003/02/11 18:38:58 | 00,064,384 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ulsata.sys -- (UlSata)
DRV - [2002/10/21 19:40:04 | 00,006,016 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\SYSTEM32\DRIVERS\siside.sys -- (SiSide)
DRV - [2002/10/01 08:22:32 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/09/11 13:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2002/09/11 13:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2002/09/11 13:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2002/09/11 13:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2002/09/11 13:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2002/09/11 13:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2002/09/11 13:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2002/09/11 13:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2002/09/11 13:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2002/09/11 13:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2002/09/11 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/09/11 13:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2002/09/11 13:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2002/09/11 13:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2002/09/11 13:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2002/09/11 13:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2002/05/22 06:29:04 | 00,026,112 | ---- | M] () -- C:\WINDOWS\system32\drivers\wdmwanmp.sys -- (WDMWANMP)
DRV - [2002/05/22 06:26:52 | 00,587,776 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\WDMCAPI.sys -- (WDMCAPI)
DRV - [2001/10/18 19:00:00 | 00,006,144 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\viaidexp.sys -- (viaide1)

[Bonksie]

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\C urrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.standbyservice.nl
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.standbyservice.nl
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hotsheet.com/
IE - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\S-1-5-21-1045052069-2688705137-1675932612-1006\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FA A-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/08/30 14:40:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/02 14:56:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008/06/28 12:46:03 | 00,000,000 | ---D | M]

[2008/12/22 21:06:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Mozilla\Extensions
[2008/12/22 21:06:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Mozilla\Extensions\home2@tomtom.com

O1 HOSTS File: (776 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe (HP)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVIDIA Remote Control Panel] File not found
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [WINSCHEDULER] C:\Program Files\InterVideo\WinDVR\WinScheduler.exe (InterVideo Inc.)
O4 - HKU\.DEFAULT..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-18..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Dad\Menu Start\Programma's\Opstarten\OneNote-inhoudsopgave.onetoc2 ()
O4 - Startup: C:\Documents and Settings\Joy\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1045052069-2688705137-1675932612-1006\..Trusted Domains: 34 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} Reg Error: Key error. (PCPitstop Utility)
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} http://www.errornuker.com/products/e...rInstaller.exe (Reg Error: Value error.)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} Reg Error: Key error. (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} http://a01-b01.mypicturetown.com/P2P.../x/Upld_47.CAB (QuickUpload)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/11/17 21:46:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/05 17:35:14 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/05 17:35:14 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/05 17:35:14 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/05 17:35:14 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/05 17:31:25 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/05 12:35:01 | 00,157,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/11/16 20:59:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Bureaublad\html
[2009/11/15 15:01:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\FileZilla
[2009/11/15 15:01:11 | 00,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2009/11/14 16:41:08 | 00,000,000 | ---D | C] -- J:\Documents and Settings\Dad\Mijn documenten\HTML
[2008/01/28 20:50:41 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2006/04/28 10:41:32 | 00,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\capi2032.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[Bonksie]

========== Files - Modified Within 30 Days ==========

[2009/12/05 21:04:17 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/05 20:32:13 | 00,015,485 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/12/05 20:31:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/05 20:31:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/05 20:29:53 | 07,077,888 | ---- | M] () -- C:\Documents and Settings\Dad\ntuser.dat
[2009/12/05 20:29:53 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\Dad\ntuser.ini
[2009/12/05 20:29:42 | 04,866,934 | -H-- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\IconCache.db
[2009/12/05 18:15:05 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/05 12:31:46 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\housecall.guid.cache
[2009/12/04 19:52:30 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/12/04 16:59:52 | 00,000,108 | -H-- | M] () -- C:\WINDOWS\System32\x10prod.sys
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/30 20:00:50 | 00,188,928 | ---- | M] () -- C:\Documents and Settings\Dad\Bureaublad\Kalender2009.xls
[2009/11/28 22:31:08 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/22 09:44:47 | 00,298,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/05 17:35:14 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/05 17:35:14 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/05 17:35:14 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/05 17:35:14 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/05 17:35:14 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/05 12:31:46 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\housecall.guid.cache
[2009/12/04 16:59:52 | 00,000,108 | -H-- | C] () -- C:\WINDOWS\System32\x10prod.sys
[2009/11/30 20:00:49 | 00,188,928 | ---- | C] () -- C:\Documents and Settings\Dad\Bureaublad\Kalender2009.xls
[2009/02/11 20:01:16 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\$_hpcst$.hpc
[2008/08/03 11:51:26 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
[2008/08/03 11:20:46 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Piano Med
[2008/08/03 11:20:46 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2008/08/03 11:17:54 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Piano
[2008/08/03 11:17:54 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/04/20 20:06:27 | 00,081,920 | R--- | C] () -- C:\WINDOWS\System32\srctrl.dll
[2008/04/20 20:01:45 | 02,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
[2007/09/05 15:50:45 | 00,000,125 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/07 13:55:10 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/04/07 13:55:07 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/04/07 13:55:07 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/04/07 13:55:07 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/04/07 13:55:07 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/04/07 13:55:07 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/02/18 13:21:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WinHDM.INI
[2007/02/18 13:01:40 | 03,870,720 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2007/02/18 13:01:16 | 00,006,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys
[2007/02/18 13:01:15 | 00,120,995 | ---- | C] () -- C:\WINDOWS\System32\drivers\Uim_IM.sys
[2007/02/18 13:01:04 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\WnASPI32.dll
[2006/12/09 21:38:51 | 00,050,176 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/05 14:13:06 | 00,000,063 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ts_infos.ini
[2006/10/29 13:42:34 | 00,002,148 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/10/05 09:47:15 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2006/10/05 09:47:15 | 00,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2006/09/24 17:32:49 | 00,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/14 16:49:44 | 00,000,176 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/28 06:46:16 | 00,000,003 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2006/06/16 15:32:48 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/05/22 15:14:47 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/05/21 21:36:59 | 00,000,021 | ---- | C] () -- C:\WINDOWS\VI_setup.ini
[2006/05/21 21:35:22 | 00,000,021 | ---- | C] () -- C:\WINDOWS\GCC_setup.ini
[2006/05/21 21:34:45 | 00,000,021 | ---- | C] () -- C:\WINDOWS\ME_setup.ini
[2006/05/21 21:34:14 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PI_SETUP.ini
[2006/05/20 10:42:41 | 00,000,049 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2006/05/20 10:42:31 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2006/05/20 10:39:48 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2006/05/20 10:39:48 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/05/17 19:06:44 | 00,012,190 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2006/05/14 16:22:41 | 00,000,580 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/04/28 22:33:53 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\fusioncache.dat
[2006/04/28 10:45:46 | 00,126,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\NVCAP.SYS
[2006/04/28 10:41:33 | 01,900,544 | ---- | C] () -- C:\WINDOWS\System32\cmiwcnfg.dll
[2006/04/28 10:41:33 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2006/04/28 10:41:32 | 00,587,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\WDMCAPI.sys
[2006/04/28 10:41:32 | 00,038,667 | ---- | C] () -- C:\WINDOWS\System32\isdncoin.dll
[2006/04/28 10:41:32 | 00,026,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\wdmwanmp.sys
[2006/04/28 10:41:32 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/04/28 10:41:32 | 00,008,976 | ---- | C] () -- C:\WINDOWS\System32\capi20.dll
[2006/04/28 10:41:25 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/11/17 23:31:41 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/11/17 23:00:46 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/11/17 22:32:39 | 00,000,979 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/11/17 21:56:34 | 00,000,818 | ---- | C] () -- C:\WINDOWS\orun32.ini
[1998/08/16 05:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPD4DD9B9
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >


Cheers,
Graham.

[schrauber]

We are on the right way


Disable your antivirus program and go here (http://www.eset.com/onlinescan/) and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes:

Remove found threats
Scan unwanted applications

Click Start. This scan may take a while, so please be patient. Go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt. Click Edit - Select All then copy/paste that log back here.