Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Continuing "Win32:Malware-Gen" warnings in Avast [Solved]

Started by Neddie11 , Jan 13 2010 03:18 PM

  • This topic is locked This topic is locked

#1
Neddie11
Posted 13 January 2010 - 03:18 PM

Neddie11

    Member

  • Member
  • PipPip
  • 21 posts
As the topictitle shows, I keep getting these warnings of a Virus/Worm being found in the C:/Windows/Temp folder. Every time it comes up, the file svchost.exe comes up, but the filename is slightly different, for instance the last time is was C:/Windows/Temp/icdh.tmp/svchost.exe. I've had this problem for about a month now and I've tried countless things to cure my Samsung laptop, but nothing has worked so far. The logs:

MBAM log (very sorry it's in Dutch):

Malwarebytes' Anti-Malware 1.44
Database versie: 3556
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

13-1-2010 21:58:57
mbam-log-2010-01-13 (21-58-57).txt

Scan type: Snelle Scan
Objecten gescand: 100376
Verstreken tijd: 4 minute(s), 38 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)



GMER log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-13 22:06:39
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Nick\AppData\Local\Temp\kxldqpoc.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C283F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C112D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C10898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C281DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C286F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C291A8

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000045 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\BTHUSB \Device\00000073 bthport.sys (Bluetooth-busstuurprogramma/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000075 bthport.sys (Bluetooth-busstuurprogramma/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device -> \Driver\atapi \Device\Harddisk0\DR0 85FC2618

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269c95962
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269c95962 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----



OTL log:

OTL.txt:

OTL logfile created on: 1/13/2010 10:07:54 PM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Users\Nick\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.88 Gb Total Space | 76.34 Gb Free Space | 68.23% Space Free | Partition Type: NTFS
Drive D: | 111.00 Gb Total Space | 110.90 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICK-PC
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/13 21:44:45 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
PRC - [2009/09/15 12:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/09/15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/09/15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/09/15 12:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/09/15 12:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/19 15:24:18 | 00,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/08/03 06:35:50 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 02:17:29 | 00,673,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/14 02:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 02:14:26 | 06,376,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe
PRC - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/04 11:24:52 | 00,667,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe


========== Modules (SafeList) ==========

MOD - [2010/01/13 21:44:45 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
MOD - [2009/07/14 02:16:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:13 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 02:16:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:16:03 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 02:15:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 02:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/09/15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/09/15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/09/15 12:54:13 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/09/15 12:49:40 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/08/19 15:24:18 | 00,211,488 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009/07/14 02:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 02:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D7 8A BF BC 39 5A CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird


O1 HOSTS File: (371907 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 12817 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/14 03:37:08 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/13 21:53:11 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/01/13 21:52:38 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/13 21:44:35 | 00,544,256 | ---- | C] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
[2010/01/13 21:15:32 | 00,439,808 | ---- | C] (OldTimer Tools) -- C:\Users\Nick\Desktop\TFC.exe
[2010/01/13 21:03:07 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/01/13 19:59:56 | 00,000,000 | ---D | C] -- C:\ProgramData\ESET
[2010/01/13 19:21:17 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/13 19:21:14 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/10 16:53:29 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/01/10 16:53:29 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/01 16:43:33 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/01 16:25:46 | 00,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Threat Expert
[2010/01/01 16:21:56 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/01/01 15:42:52 | 00,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Malwarebytes
[2010/01/01 15:42:47 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

========== Files - Modified Within 14 Days ==========

[2010/01/13 22:10:06 | 05,505,024 | -HS- | M] () -- C:\Users\Nick\ntuser.dat
[2010/01/13 21:54:20 | 00,011,680 | ---- | M] () -- C:\Users\Nick\Documents\As the topictitle shows.docx
[2010/01/13 21:52:38 | 00,000,898 | ---- | M] () -- C:\Users\Nick\Desktop\NTREGOPT.lnk
[2010/01/13 21:52:38 | 00,000,879 | ---- | M] () -- C:\Users\Nick\Desktop\ERUNT.lnk
[2010/01/13 21:44:45 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
[2010/01/13 21:41:24 | 00,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/13 21:41:24 | 00,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/13 21:38:40 | 01,531,584 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/13 21:38:40 | 00,694,684 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2010/01/13 21:38:40 | 00,610,094 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/13 21:38:40 | 00,131,278 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2010/01/13 21:38:40 | 00,104,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/13 21:34:17 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/13 21:34:09 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/13 21:33:52 | 24,116,79744 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/13 21:33:11 | 00,780,251 | -H-- | M] () -- C:\Users\Nick\AppData\Local\IconCache.db
[2010/01/13 21:20:01 | 00,284,915 | ---- | M] () -- C:\Users\Nick\Desktop\gmer.zip
[2010/01/13 21:15:36 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\TFC.exe
[2010/01/13 20:44:13 | 33,082,9152 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/10 16:55:31 | 00,371,907 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/01/10 16:53:35 | 00,001,220 | ---- | M] () -- C:\Users\Nick\Desktop\Spybot - Search & Destroy.lnk
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/04 16:29:36 | 00,524,288 | -HS- | M] () -- C:\Users\Nick\ntuser.dat{b6d1b4be-f93c-11de-abb7-002269c95962}.TMContainer00000000000000000002.regtrans-ms
[2010/01/04 16:29:36 | 00,524,288 | -HS- | M] () -- C:\Users\Nick\ntuser.dat{b6d1b4be-f93c-11de-abb7-002269c95962}.TMContainer00000000000000000001.regtrans-ms
[2010/01/04 16:29:36 | 00,065,536 | -HS- | M] () -- C:\Users\Nick\ntuser.dat{b6d1b4be-f93c-11de-abb7-002269c95962}.TM.blf
[2010/01/04 15:32:17 | 00,524,288 | -HS- | M] () -- C:\Users\Nick\ntuser.dat{80959709-f93a-11de-aa73-002269c95962}.TMContainer00000000000000000002.regtrans-ms
[2010/01/04 15:32:17 | 00,524,288 | -HS- | M] () -- C:\Users\Nick\ntuser.dat{80959709-f93a-11de-aa73-002269c95962}.TMContainer00000000000000000001.regtrans-ms
[2010/01/04 15:32:17 | 00,065,536 | -HS- | M] () -- C:\Users\Nick\ntuser.dat{80959709-f93a-11de-aa73-002269c95962}.TM.blf

========== Files Created - No Company Name ==========

[2010/01/13 21:54:19 | 00,011,680 | ---- | C] () -- C:\Users\Nick\Documents\As the topictitle shows.docx
[2010/01/13 21:52:38 | 00,000,898 | ---- | C] () -- C:\Users\Nick\Desktop\NTREGOPT.lnk
[2010/01/13 21:52:38 | 00,000,879 | ---- | C] () -- C:\Users\Nick\Desktop\ERUNT.lnk
[2010/01/13 21:20:16 | 00,293,376 | ---- | C] () -- C:\Users\Nick\Desktop\gmer.exe
[2010/01/13 21:19:59 | 00,284,915 | ---- | C] () -- C:\Users\Nick\Desktop\gmer.zip
[2010/01/10 16:53:35 | 00,001,220 | ---- | C] () -- C:\Users\Nick\Desktop\Spybot - Search & Destroy.lnk
[2010/01/04 15:35:49 | 00,524,288 | -HS- | C] () -- C:\Users\Nick\ntuser.dat{b6d1b4be-f93c-11de-abb7-002269c95962}.TMContainer00000000000000000002.regtrans-ms
[2010/01/04 15:35:49 | 00,524,288 | -HS- | C] () -- C:\Users\Nick\ntuser.dat{b6d1b4be-f93c-11de-abb7-002269c95962}.TMContainer00000000000000000001.regtrans-ms
[2010/01/04 15:35:49 | 00,065,536 | -HS- | C] () -- C:\Users\Nick\ntuser.dat{b6d1b4be-f93c-11de-abb7-002269c95962}.TM.blf
[2010/01/04 15:23:53 | 00,524,288 | -HS- | C] () -- C:\Users\Nick\ntuser.dat{80959709-f93a-11de-aa73-002269c95962}.TMContainer00000000000000000002.regtrans-ms
[2010/01/04 15:23:53 | 00,524,288 | -HS- | C] () -- C:\Users\Nick\ntuser.dat{80959709-f93a-11de-aa73-002269c95962}.TMContainer00000000000000000001.regtrans-ms
[2010/01/04 15:23:53 | 00,065,536 | -HS- | C] () -- C:\Users\Nick\ntuser.dat{80959709-f93a-11de-aa73-002269c95962}.TM.blf
[2009/12/27 16:02:20 | 00,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2009/12/27 16:02:20 | 00,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2009/09/01 05:31:56 | 00,022,723 | ---- | C] () -- C:\Windows\System32\ssp2ml3.dll
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/14 00:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

========== LOP Check ==========

[2009/11/14 14:42:23 | 00,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Datel
[2009/12/08 18:31:13 | 00,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\gtk-2.0
[2009/11/03 14:13:16 | 00,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\uTorrent
[2009/07/14 05:53:46 | 00,029,256 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/14 02:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 02:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2010/01/10 17:50:09 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 02:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/14 02:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 02:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 02:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 02:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 02:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 02:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 02:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 02:15:13 | 00,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/14 02:15:13 | 00,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Extras.txt

OTL Extras logfile created on: 1/13/2010 10:07:54 PM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Users\Nick\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.88 Gb Total Space | 76.34 Gb Free Space | 68.23% Space Free | Partition Type: NTFS
Drive D: | 111.00 Gb Total Space | 110.90 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICK-PC
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{10F5387D-1728-423A-A578-B00982CF2646}" = Windows Live Messenger
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}" = Windows Live Call
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{47609E69-4C5E-48B1-A889-24C6B82B5C04}" = Vista Shortcut Manager
"{562B9CA4-6E52-4F87-ACEC-912FC004F1F0}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0413-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Dutch) 2007
"{90120000-0017-0413-0000-0000000FF1CE}_OMUI.nl-nl_{2E9BD56A-2290-46DA-869F-2EDCF0A24E8B}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.nl-nl_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.nl-nl_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.nl-nl_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_OMUI.nl-nl_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_OMUI.nl-nl_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2007
"{90120000-00BA-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0413-0000-0000000FF1CE}" = Microsoft Office O MUI (Dutch) 2007
"{90120000-0100-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0413-0000-0000000FF1CE}" = Microsoft Office X MUI (Dutch) 2007
"{90120000-0101-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1043-7B44-A92000000001}" = Adobe Reader 9.2 - Nederlands
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast!" = avast! Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NVIDIA Drivers" = NVIDIA Drivers
"OMUI.nl-nl" = Microsoft Office Language Pack 2007 - Dutch/Nederlands
"uTorrent" = µTorrent
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XPort 360_is1" = XPort 360

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/13/2010 2:59:41 PM | Computer Name = Nick-PC | Source = VSS | ID = 8193
Description =

Error - 1/13/2010 4:02:49 PM | Computer Name = Nick-PC | Source = VSS | ID = 8193
Description =

Error - 1/13/2010 4:13:43 PM | Computer Name = Nick-PC | Source = VSS | ID = 8193
Description =

Error - 1/13/2010 4:22:01 PM | Computer Name = Nick-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: gmer.exe, versie: 1.0.15.15281, tijdstempel:
0x4b2763f0 Naam van module met fout: gmer.exe, versie: 1.0.15.15281, tijdstempel:
0x4b2763f0 Uitzonderingscode: 0xc0000005 Foutoffset: 0x0000c4b1 Id van proces met
fout: 0x960 Starttijd van toepassing met fout: 0x01ca948dd4cfc05d Pad naar toepassing
met fout: C:\Users\Nick\Desktop\gmer.exe Pad naar module met fout: C:\Users\Nick\Desktop\gmer.exe
Rapport-id:
4e487cc0-0081-11df-bccf-002269c95962

Error - 1/13/2010 4:22:05 PM | Computer Name = Nick-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: svchost.exe, versie: 6.1.7600.16385,
tijdstempel: 0x4a5bc100 Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel:
0x00000000 Uitzonderingscode: 0xc0000096 Foutoffset: 0x000605ad Id van proces met
fout: 0x27c Starttijd van toepassing met fout: 0x01ca948d5f81e558 Pad naar toepassing
met fout: C:\Windows\system32\svchost.exe Pad naar module met fout: unknown Rapport-id:
503ebf1a-0081-11df-bccf-002269c95962

Error - 1/13/2010 4:22:05 PM | Computer Name = Nick-PC | Source = Application Error | ID = 1005
Description = Geen toegang tot bestand om een van de volgende redenen: Er is een
probleem met de netwerkverbinding, met de schijf waarop het bestand is opgeslagen,
met
de opslagstuurprogramma's op deze computer, of de schijf ontbreekt. Programma Hostproces
voor Windows-services werd afgesloten vanwege deze fout. Programma: Hostproces voor
Windows-services Bestand: De foutwaarde wordt weergegeven in de sectie Extra gegevens.
Gebruikersactie
1.
Open het bestand opnieuw. Mogelijk is dit een tijdelijk probleem dat vanzelf wordt
opgelost als het programma opnieuw wordt uitgevoerd. 2. Als toegang tot het bestand
nog steeds niet mogelijk is en - Als het bestand zich in het netwerk bevindt, dient
de netwerkbeheerder te controleren of er geen probleem met het netwerk is en dat
verbinding met de server kan worden gemaakt. - Als het bestand zich op een verwisselbare
schijf bevindt, zoals een diskette of cd-rom, dient u te controleren of deze schijf
correct in het schijfstation is geplaatst. 3. Controleer en repareer het bestandssysteem
met CHKDSK. Klik hiervoor op Start, Uitvoeren en typ CMD. Klik OK en typ CHKDSK
/F op de opdrachtprompt. Druk vervolgens op ENTER. 4. Als het probleem blijft bestaan,
dient u het bestand terug te zetten via een back-upmedium. 5. Bepaal of andere bestanden
op dezelfde schijf kunnen worden geopend. Als dit niet zo is, is de schijf beschadigd.
Als het een harde schijf is, neemt u contact op met de netwerkbeheerder of hardwareleverancier
voor ondersteuning. Aanvullende gegevens Foutwaarde: 00000000 Type schijf: 0

Error - 1/13/2010 4:22:42 PM | Computer Name = Nick-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: Explorer.EXE, versie: 6.1.7600.16404,
tijdstempel: 0x4a765076 Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel:
0x00000000 Uitzonderingscode: 0xc0000005 Foutoffset: 0x000602e6 Id van proces met
fout: 0xa54 Starttijd van toepassing met fout: 0x01ca948d68a0c186 Pad naar toepassing
met fout: C:\Windows\Explorer.EXE Pad naar module met fout: unknown Rapport-id: 66992b2c-0081-11df-bccf-002269c95962

Error - 1/13/2010 4:22:47 PM | Computer Name = Nick-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: explorer.exe, versie: 6.1.7600.16404,
tijdstempel: 0x4a765076 Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel:
0x00000000 Uitzonderingscode: 0xc0000005 Foutoffset: 0x000605ac Id van proces met
fout: 0x3c4 Starttijd van toepassing met fout: 0x01ca948e2af12ae7 Pad naar toepassing
met fout: C:\Windows\explorer.exe Pad naar module met fout: unknown Rapport-id: 6960e69e-0081-11df-bccf-002269c95962

Error - 1/13/2010 4:22:50 PM | Computer Name = Nick-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: explorer.exe, versie: 6.1.7600.16404,
tijdstempel: 0x4a765076 Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel:
0x00000000 Uitzonderingscode: 0xc0000005 Foutoffset: 0x000605ac Id van proces met
fout: 0x8d4 Starttijd van toepassing met fout: 0x01ca948e2d6a58f0 Pad naar toepassing
met fout: C:\Windows\explorer.exe Pad naar module met fout: unknown Rapport-id: 6b6a33fa-0081-11df-bccf-002269c95962

Error - 1/13/2010 5:00:27 PM | Computer Name = Nick-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: gmer.exe, versie: 1.0.15.15281, tijdstempel:
0x4b2763f0 Naam van module met fout: gmer.exe, versie: 1.0.15.15281, tijdstempel:
0x4b2763f0 Uitzonderingscode: 0xc0000005 Foutoffset: 0x0000c4b1 Id van proces met
fout: 0x26c Starttijd van toepassing met fout: 0x01ca949359b90c4d Pad naar toepassing
met fout: C:\Users\Nick\Desktop\gmer.exe Pad naar module met fout: C:\Users\Nick\Desktop\gmer.exe
Rapport-id:
ac810adc-0086-11df-80f1-002269c95962

[ System Events ]
Error - 1/13/2010 2:37:53 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7001
Description = De Network List Service-service is afhankelijk van de Network Location
Awareness-service, die vanwege de volgende fout niet kan worden gestart: %%1068

Error - 1/13/2010 3:00:00 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7030
Description = De ESET Service-service staat aangeduid als een interactieve service.
Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn
toegestaan. Deze service werkt mogelijk niet juist.

Error - 1/13/2010 3:44:22 PM | Computer Name = Nick-PC | Source = EventLog | ID = 6008
Description = De vorige afsluiting van het systeem om 20:43:12 op ?13-?1-?2010 is
onverwacht gebeurd.

Error - 1/13/2010 3:44:26 PM | Computer Name = Nick-PC | Source = BugCheck | ID = 1001
Description =

Error - 1/13/2010 4:15:39 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7034
Description = De NVIDIA Display Driver Service-service is onverwacht beëindigd.
Dit is nu 1 keer gebeurd.

Error - 1/13/2010 4:22:06 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7031
Description = De DCOM Server Process Launcher-service is onverwacht gestopt. Dit
is 1 keer gebeurd. De volgende herstelbewerking zal over 60000 milliseconden worden
uitgevoerd: Computer opnieuw opstarten.

Error - 1/13/2010 4:22:06 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7031
Description = De Plug and Play-service is onverwacht gestopt. Dit is 1 keer gebeurd.
De volgende herstelbewerking zal over 60000 milliseconden worden uitgevoerd: Computer
opnieuw opstarten.

Error - 1/13/2010 4:22:06 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7031
Description = De Power-service is onverwacht gestopt. Dit is 1 keer gebeurd. De
volgende herstelbewerking zal over 60000 milliseconden worden uitgevoerd: Computer
opnieuw opstarten.

Error - 1/13/2010 4:22:06 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7032
Description = Servicebesturingsbeheer heeft na het onverwachte afsluiten van de
Plug and Play-service geprobeerd een herstelactie (Computer opnieuw opstarten) uit
te voeren, maar deze actie is met de volgende fout mislukt: %%1190

Error - 1/13/2010 4:22:06 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7032
Description = Servicebesturingsbeheer heeft na het onverwachte afsluiten van de
Power-service geprobeerd een herstelactie (Computer opnieuw opstarten) uit te voeren,
maar deze actie is met de volgende fout mislukt: %%1190


< End of report >


I really hope you can help, thanks in advance.
  • 0

Advertisements

#2
Essexboy
Posted 13 January 2010 - 03:28 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Language is not a problem as all files use the same name :)

OK you have a rootkit - so I will need to go in with the big boy first

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or you are on Vista ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#3
Neddie11
Posted 13 January 2010 - 04:41 PM

Neddie11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I had to give it four tries, but finally it worked. Here's the ComboFix log:



ComboFix 10-01-13.07 - Nick 13-01-2010 23:28:28.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1033.18.3067.2235 [GMT 1:00]
Gestart vanuit: c:\users\Nick\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\eknpzfz.dll

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-12-13 to 2010-01-13 ))))))))))))))))))))))))))))))
.

2010-01-13 22:35 . 2010-01-13 22:35 -------- d-----w- c:\users\Nick\AppData\Local\temp
2010-01-13 22:35 . 2010-01-13 22:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-13 22:26 . 2010-01-13 22:27 -------- d-----w- C:\32788R22FWJFW
2010-01-13 20:52 . 2010-01-13 20:52 -------- d-----w- c:\program files\ERUNT
2010-01-13 20:03 . 2010-01-13 20:03 -------- d-----w- c:\program files\TrendMicro
2010-01-13 18:52 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 18:52 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-13 18:21 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-13 18:21 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-10 15:53 . 2010-01-13 22:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-10 15:53 . 2010-01-13 22:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-01 15:43 . 2010-01-13 18:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-01 15:25 . 2010-01-01 15:25 -------- d-----w- c:\users\Nick\AppData\Local\Threat Expert
2010-01-01 14:42 . 2010-01-01 14:42 -------- d-----w- c:\users\Nick\AppData\Roaming\Malwarebytes
2010-01-01 14:42 . 2010-01-01 14:42 -------- d-----w- c:\programdata\Malwarebytes
2009-12-27 15:03 . 2009-12-27 15:03 -------- d-----w- c:\programdata\SAMSUNG
2009-12-27 15:02 . 2006-11-14 08:11 13312 ----a-w- c:\windows\system32\drivers\KMDFMEMIO.sys
2009-12-27 15:02 . 2010-01-04 14:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-27 14:17 . 2010-01-04 14:34 -------- d-----w- c:\windows\system32\AGEIA
2009-12-27 14:17 . 2010-01-04 14:34 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-27 14:17 . 2010-01-04 14:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-27 14:15 . 2010-01-04 14:33 -------- d-----w- C:\NVIDIA

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 22:22 . 2009-11-05 20:14 694684 ----a-w- c:\windows\system32\perfh013.dat
2010-01-13 22:22 . 2009-11-05 20:14 131278 ----a-w- c:\windows\system32\perfc013.dat
2010-01-13 18:55 . 2009-10-31 15:34 -------- d-----w- c:\programdata\Microsoft Help
2010-01-10 16:50 . 2009-07-13 23:11 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-04 14:34 . 2009-11-22 12:04 -------- d-----w- c:\program files\Datel
2009-12-29 14:25 . 2009-11-01 15:46 -------- d-----w- c:\programdata\NVIDIA
2009-12-27 15:02 . 2009-12-27 15:02 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_KMDFMEMIO_01000.Wdf
2009-12-08 17:31 . 2009-11-17 17:15 -------- d-----w- c:\users\Nick\AppData\Roaming\gtk-2.0
2009-11-22 13:40 . 2009-11-22 13:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-20 14:32 . 2009-11-20 14:32 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-11-17 17:13 . 2009-11-17 17:13 -------- d-----w- c:\program files\GIMP-2.0
2009-11-05 20:13 . 2009-11-05 20:14 341322 ----a-w- c:\windows\system32\perfi013.dat
2009-11-05 20:13 . 2009-11-05 20:14 43068 ----a-w- c:\windows\system32\perfd013.dat
2009-11-05 20:13 . 2009-11-05 20:13 43068 ----a-w- c:\windows\inf\PERFLIB\0413\perfd.dat
2009-11-05 20:13 . 2009-11-05 20:13 43068 ----a-w- c:\windows\inf\PERFLIB\0413\perfc.dat
2009-11-05 20:13 . 2009-11-05 20:13 341322 ----a-w- c:\windows\inf\PERFLIB\0413\perfi.dat
2009-11-05 20:13 . 2009-11-05 20:13 341322 ----a-w- c:\windows\inf\PERFLIB\0413\perfh.dat
2009-11-03 12:33 . 2009-10-31 14:56 108824 ----a-w- c:\users\Nick\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-02 19:42 . 2009-10-31 15:08 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 16:53 . 2009-10-31 16:53 284147 ----a-r- c:\users\Nick\AppData\Roaming\Microsoft\Installer\{47609E69-4C5E-48B1-A889-24C6B82B5C04}\_93A0BD079836122C39D406.exe
2009-10-31 16:53 . 2009-10-31 16:53 284147 ----a-r- c:\users\Nick\AppData\Roaming\Microsoft\Installer\{47609E69-4C5E-48B1-A889-24C6B82B5C04}\_6FEFF9B68218417F98F549.exe
2009-10-31 16:53 . 2009-10-31 16:53 284147 ----a-r- c:\users\Nick\AppData\Roaming\Microsoft\Installer\{47609E69-4C5E-48B1-A889-24C6B82B5C04}\_3207B59E601B5F75D71B21.exe
2009-10-29 07:22 . 2009-11-25 20:10 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-09-15 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13793824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [31-10-2009 17:05 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [31-10-2009 17:05 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [31-10-2009 17:05 53328]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\System32\drivers\KMDFMEMIO.sys [27-12-2009 16:02 13312]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\netw5v32.sys [10-6-2009 22:18 4231168]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [21-8-2009 20:24 66592]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\System32\drivers\yk62x86.sys [13-7-2009 23:02 311296]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x863C2618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x856c7810
QueryNameProcedure -> 0x856c79a0
user & kernel MBR OK

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2010-01-13 23:38:47
ComboFix-quarantined-files.txt 2010-01-13 22:38

Pre-Run: 81.868.439.552 bytes beschikbaar
Post-Run: 81.595.150.336 bytes beschikbaar

- - End Of File - - 6DF6848705ED7833F02DB249691B9840
  • 0

#4
Essexboy
Posted 13 January 2010 - 04:52 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that killed the main part now lets go hunting for the rest

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
    • Reg - Shell Spawning
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#5
Neddie11
Posted 13 January 2010 - 05:08 PM

Neddie11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Attached File  OTS.Txt   137.98KB   179 downloadsThere you go.
  • 0

#6
Essexboy
Posted 13 January 2010 - 05:12 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now run MBAM and post the log, also are you still getting the alerts ?
  • 0

#7
Neddie11
Posted 13 January 2010 - 05:17 PM

Neddie11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I haven't had any alerts, but let's not celebrate too early. Here's the MBAM log:

Malwarebytes' Anti-Malware 1.44
Database versie: 3556
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14-1-2010 0:15:28
mbam-log-2010-01-14 (00-15-28).txt

Scan type: Snelle Scan
Objecten gescand: 101643
Verstreken tijd: 2 minute(s), 13 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
  • 0

#8
Essexboy
Posted 14 January 2010 - 03:54 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If I could now have a final run on either OTL or OTS please - so far so good :)
  • 0

#9
Neddie11
Posted 14 January 2010 - 05:15 AM

Neddie11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
This is the most recent OTS log.Attached File  OTS.Txt   138.19KB   275 downloads
  • 0

#10
Essexboy
Posted 14 January 2010 - 02:17 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That looks clean now :)

I will remove my tools and tidy up. Subject to no further problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.



VISTA
To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete
You are now done

SPRING CLEAN

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

THEN

Download and run Auslogics Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

Advertisements

#11
Neddie11
Posted 14 January 2010 - 05:23 PM

Neddie11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Thanks a million! It is just fantastic that people like you exist. I've followed up all of your advice and my laptop is running perfectly again. Keep it up!
  • 0

#12
Essexboy
Posted 15 January 2010 - 11:19 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#13
Essexboy
Posted 21 January 2010 - 02:06 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned
  • 0

#14
Neddie11
Posted 21 January 2010 - 02:31 PM

Neddie11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Thanks for reopening the topic so quickly; here's the OTS log you asked for:

Attached File  OTS.Txt   138.84KB   237 downloads
  • 0

#15
Essexboy
Posted 21 January 2010 - 03:01 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nothing evident there - I see you still have Avast 4 on your system. Could you update to Version 5 and then rescan the file (by right clicking and selecting scan with Avast) letting me know the result

For an upgrade to Avast 5 please do the following to ensure it is painless

1. Download AswClear to your desktop
2. Download Version 5 to your desktop
3. Right click the Avast icon in the tray and select settings > troubleshooting > disable self protection module > OK out
4. Uninstall via add/remove
5. Reboot
6. Run AswClear
7. Reboot
8. Install Avast version 5
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP