Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected - http://www.xn--&-8ga.com/ [resolved]

Started by kakutogi , Jul 21 2011 02:35 PM

  • This topic is locked This topic is locked

#1
kakutogi
Posted 21 July 2011 - 02:35 PM

kakutogi

    Member

  • Member
  • PipPip
  • 14 posts
Hi,

I've been having problems with Firefox opening new windows by itself. Each window has four tabs with the following addresses:

hxxp://www.xn--&-8ga.com/
hxxp://www.xn--pda.com/
file:///C:/Program%20Files/Mozilla%20Firefox/
file:///C:/Program%20Files/Mozilla%20Firefox/T%E2%80%98%C3%91%C3%A5%C2%AD%C2%

I looked around for a guide on how to delete the virus but came up empty. If someone would be so kind as to help me out I'd really appreciate it!

Here is the OTL Report:



OTL logfile created on: 21-7-2011 22:21:46 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Ingrid\Bureaublad
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

894,42 Mb Total Physical Memory | 48,40 Mb Available Physical Memory | 5,41% Memory free
2,12 Gb Paging File | 1,34 Gb Available in Paging File | 63,26% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69,40 Gb Total Space | 2,82 Gb Free Space | 4,07% Space Free | Partition Type: NTFS
Drive D: | 69,89 Gb Total Space | 2,06 Gb Free Space | 2,94% Space Free | Partition Type: NTFS
Drive H: | 960,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: STANLEY | User Name: Ingrid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-07-21 22:20:44 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ingrid\Bureaublad\OTL.exe
PRC - [2011-06-23 18:12:18 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-04-17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2010-10-25 11:07:48 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\WINDOWS\system32\dgdersvc.exe
PRC - [2010-10-25 11:03:52 | 000,217,088 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2009-07-13 23:18:12 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008-09-05 11:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
PRC - [2008-08-28 11:19:34 | 001,630,208 | ---- | M] (Sitecom Europe BV) -- C:\Program Files\Sitecom\Common\RaUI.exe
PRC - [2008-05-13 16:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Sitecom\Common\RegistryWriter.exe
PRC - [2008-04-15 14:00:00 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-02-20 16:02:00 | 000,308,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
PRC - [2008-02-20 16:02:00 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007-12-10 20:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007-01-30 00:39:34 | 001,432,064 | ---- | M] (Phoenix Labs) -- C:\Program Files\uTorrent\PeerGuardian2\pg2.exe
PRC - [2006-11-03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006-11-03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe


========== Modules (SafeList) ==========

MOD - [2011-07-21 22:20:44 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ingrid\Bureaublad\OTL.exe
MOD - [2011-04-29 02:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\asoehook.dll
MOD - [2009-07-12 01:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009-07-12 01:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2008-04-15 14:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011-04-17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2010-10-25 11:07:48 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\dgdersvc.exe -- (dgdersvc)
SRV - [2010-10-25 11:03:52 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009-07-13 23:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008-09-05 11:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008-05-13 16:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Sitecom\Common\RegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2008-05-06 00:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008-02-20 16:02:00 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007-12-10 20:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006-11-03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011-07-07 17:01:40 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110720.031\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011-06-16 20:20:31 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110721.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011-06-16 20:20:31 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011-06-16 20:20:31 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110721.003\NAVENG.SYS -- (NAVENG)
DRV - [2011-05-19 21:37:06 | 000,810,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110701.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011-05-11 15:55:52 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011-05-10 10:38:48 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011-03-31 05:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011-03-31 05:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011-03-22 02:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011-03-15 04:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011-01-27 08:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011-01-27 07:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010-10-25 11:07:48 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010-10-25 11:03:52 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010-08-27 06:32:08 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010-08-27 06:32:08 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010-08-27 06:32:08 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2009-02-10 17:23:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2008-10-29 15:34:40 | 000,644,096 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008-05-20 02:53:00 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-04-15 14:00:00 | 000,053,504 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008-01-28 21:37:48 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008-01-28 21:37:46 | 000,054,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008-01-07 01:54:50 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007-01-30 00:16:42 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\uTorrent\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2005-01-13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2002-11-28 16:18:04 | 000,015,360 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [1999-09-10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...d=0409&m=el1200
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?hl=nl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.9.2
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.51
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.7
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.1
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.0.8
FF - prefs.js..network.proxy.no_proxies_on: "local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Ingrid\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Ingrid\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011-07-08 17:36:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_0_8 [2011-07-21 22:04:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-07-06 20:16:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-07-06 20:16:00 | 000,000,000 | ---D | M]

[2010-01-19 20:26:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ingrid\Application Data\Mozilla\Extensions
[2011-07-21 22:15:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ingrid\Application Data\Mozilla\Firefox\Profiles\a62rnhkd.default\extensions
[2010-04-27 21:33:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ingrid\Application Data\Mozilla\Firefox\Profiles\a62rnhkd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-07-02 17:13:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Ingrid\Application Data\Mozilla\Firefox\Profiles\a62rnhkd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011-05-27 10:27:21 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Documents and Settings\Ingrid\Application Data\Mozilla\Firefox\Profiles\a62rnhkd.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011-06-23 22:03:56 | 000,000,000 | ---D | M] (Adblock Plus Pop-up Addon) -- C:\Documents and Settings\Ingrid\Application Data\Mozilla\Firefox\Profiles\a62rnhkd.default\extensions\[email protected]
[2011-05-22 20:57:28 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Ingrid\Application Data\Mozilla\Firefox\Profiles\a62rnhkd.default\extensions\[email protected]
[2010-10-02 11:41:13 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Ingrid\Application Data\Mozilla\Firefox\Profiles\a62rnhkd.default\extensions\[email protected]
[2011-06-23 22:03:59 | 000,000,000 | ---D | M] (Form History Control) -- C:\Documents and Settings\Ingrid\Application Data\Mozilla\Firefox\Profiles\a62rnhkd.default\extensions\[email protected]
[2011-03-16 23:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-07-21 22:04:11 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_0_8
[2011-07-08 17:36:56 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
[2010-01-15 20:34:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011-03-03 19:14:40 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2011-03-03 19:14:40 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2011-03-03 19:14:40 | 000,001,111 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\vandale-nl.xml
[2011-03-03 19:14:40 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml
[2011-03-03 19:14:40 | 000,001,106 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2010-07-21 08:08:19 | 000,000,776 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (QuickNet BHO) - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CloneCDElbyCDFL] C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [KiesTrayAgent] File not found
O4 - HKCU..\Run: [oheOiUJvGfNI] File not found
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\uTorrent\PeerGuardian2\pg2.exe (Phoenix Labs)
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Common\RaUI.exe (Sitecom Europe BV)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.35.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-09-05 09:35:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006-11-13 15:24:41 | 000,000,175 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{9cfc8c08-fc6d-11de-98f9-000cf654952e}\Shell\AutoRun\command - "" = I:\setupSNK.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup.exe -- [2006-11-13 15:24:41 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\H\Shell\configure\command - "" = H:\setup.exe -- [2006-11-13 15:24:41 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\H\Shell\install\command - "" = H:\setup.exe -- [2006-11-13 15:24:41 | 000,463,152 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-07-21 22:20:29 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ingrid\Bureaublad\OTL.exe
[2011-07-06 20:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\iTunes
[2011-07-06 20:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011-07-06 20:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011-07-06 20:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011-07-06 20:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\QuickTime
[2011-07-06 20:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011-07-06 20:14:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011-07-06 20:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011-07-06 20:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011-06-26 21:11:52 | 000,000,000 | ---D | C] -- C:\Warren Zevon
[2009-07-10 12:47:08 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Ingrid\Application Data\pcouffin.sys
[2009-04-10 16:23:29 | 000,016,384 | ---- | C] ( ) -- C:\WINDOWS\System32\ClearEvent.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-07-21 22:20:44 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ingrid\Bureaublad\OTL.exe
[2011-07-21 22:20:05 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-07-21 22:20:04 | 000,001,040 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-07-21 22:08:18 | 000,513,384 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2011-07-21 22:08:18 | 000,092,564 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2011-07-21 22:08:17 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-07-21 22:08:17 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-07-21 22:07:05 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011-07-21 22:03:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-07-21 22:03:38 | 937,938,944 | -HS- | M] () -- C:\hiberfil.sys
[2011-07-21 19:33:05 | 000,001,140 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1489460643-2323725418-3324827107-1006UA.job
[2011-07-17 14:46:18 | 000,001,044 | ---- | M] () -- C:\Documents and Settings\Ingrid\Application Data\vso_ts_preview.xml
[2011-07-17 12:33:02 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1489460643-2323725418-3324827107-1006Core.job
[2011-07-16 17:19:59 | 000,226,304 | ---- | M] () -- C:\Documents and Settings\Ingrid\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-07-15 18:36:47 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Ingrid\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011-07-15 18:36:45 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\Ingrid\Bureaublad\Google Chrome.lnk
[2011-07-13 17:50:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-07-12 20:12:57 | 006,896,215 | ---- | M] () -- C:\Documents and Settings\Ingrid\Bureaublad\LdR portfolio 2011.pdf
[2011-07-06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-07-03 18:01:27 | 000,006,992 | ---- | M] () -- C:\{1D20E4E2-7D1E-4A61-B9AE-A0621B0CEA31}
[2011-07-02 20:34:40 | 000,374,250 | ---- | M] () -- C:\Documents and Settings\Ingrid\Bureaublad\CV_SPIROS GOGAS.pdf
[2011-07-02 17:27:11 | 000,114,445 | ---- | M] () -- C:\Documents and Settings\Ingrid\Bureaublad\Groupon-9952EDBE51.pdf
[2011-06-26 21:54:33 | 000,081,467 | ---- | M] () -- C:\Documents and Settings\Ingrid\Mijn documenten\Uchi Deshi 1.2.fdx
[2011-06-23 19:46:33 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\Ingrid\Bureaublad\CyberLink PowerDirector.lnk
[2011-06-22 22:02:12 | 028,783,088 | ---- | M] () -- C:\Documents and Settings\Ingrid\Mijn documenten\Produce.avi
[2011-06-22 21:40:03 | 001,228,854 | ---- | M] () -- C:\Documents and Settings\Ingrid\Mijn documenten\Snapshot(1).bmp
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-07-21 22:03:38 | 937,938,944 | -HS- | C] () -- C:\hiberfil.sys
[2011-07-12 20:12:40 | 006,896,215 | ---- | C] () -- C:\Documents and Settings\Ingrid\Bureaublad\LdR portfolio 2011.pdf
[2011-07-03 18:01:27 | 000,006,992 | ---- | C] () -- C:\{1D20E4E2-7D1E-4A61-B9AE-A0621B0CEA31}
[2011-07-02 20:32:45 | 000,374,250 | ---- | C] () -- C:\Documents and Settings\Ingrid\Bureaublad\CV_SPIROS GOGAS.pdf
[2011-07-02 17:27:06 | 000,114,445 | ---- | C] () -- C:\Documents and Settings\Ingrid\Bureaublad\Groupon-9952EDBE51.pdf
[2011-06-22 21:59:55 | 028,783,088 | ---- | C] () -- C:\Documents and Settings\Ingrid\Mijn documenten\Produce.avi
[2011-06-22 21:39:55 | 001,228,854 | ---- | C] () -- C:\Documents and Settings\Ingrid\Mijn documenten\Snapshot(1).bmp
[2011-04-18 10:13:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\null0.722122206150118.exe
[2011-04-15 22:32:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\null0.7659450352661257.exe
[2011-03-18 13:13:40 | 000,007,143 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2011-03-16 19:11:22 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17293108.lic
[2011-03-16 18:30:09 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17293108r
[2011-03-16 18:30:09 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17293108
[2011-03-16 18:29:32 | 000,000,472 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17293108
[2011-03-11 20:03:07 | 000,075,480 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011-01-21 23:58:32 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010-12-04 01:02:33 | 000,667,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010-11-29 00:03:11 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010-11-29 00:03:11 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010-10-25 23:10:21 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt2870.bin
[2010-10-25 11:09:56 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2010-10-25 11:09:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2010-10-25 11:09:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2010-10-25 11:09:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2010-08-04 09:08:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-01-19 20:25:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010-01-18 20:59:52 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.811261211181235583101118113995
[2010-01-09 12:19:55 | 000,015,312 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2009-11-22 16:13:57 | 002,067,140 | R--- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2009-07-20 18:22:53 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-07-12 11:59:43 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-07-12 11:59:41 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-07-10 12:48:07 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\Ingrid\Application Data\vso_ts_preview.xml
[2009-07-10 12:47:08 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Ingrid\Application Data\inst.exe
[2009-07-10 12:47:08 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Ingrid\Application Data\pcouffin.cat
[2009-07-10 12:47:08 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Ingrid\Application Data\pcouffin.inf
[2009-05-14 04:18:04 | 000,279,629 | ---- | C] () -- C:\WINDOWS\esubmit.exe
[2009-05-09 22:40:39 | 000,226,304 | ---- | C] () -- C:\Documents and Settings\Ingrid\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-05-09 21:58:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhotoNow.INI
[2009-04-11 01:08:11 | 000,009,728 | ---- | C] () -- C:\WINDOWS\HWID_detect.exe
[2009-04-10 16:21:24 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Ingrid\Local Settings\Application Data\fusioncache.dat
[2008-09-05 11:11:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008-09-05 11:11:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008-09-05 10:47:12 | 000,513,384 | ---- | C] () -- C:\WINDOWS\System32\perfh013.dat
[2008-09-05 10:47:12 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008-09-05 10:47:12 | 000,092,564 | ---- | C] () -- C:\WINDOWS\System32\perfc013.dat
[2008-09-05 10:47:12 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008-09-05 10:07:16 | 000,358,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008-09-05 09:48:42 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIOFM4.dll
[2008-09-05 09:48:42 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIBUN5.dll
[2008-09-05 09:47:54 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2008-09-05 09:47:54 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2008-09-05 09:35:04 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008-09-05 09:34:00 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008-08-25 10:17:58 | 000,023,634 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008-07-10 08:06:32 | 000,524,288 | ---- | C] () -- C:\WINDOWS\Alaunch.exe
[2008-04-15 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008-04-15 14:00:00 | 000,318,670 | ---- | C] () -- C:\WINDOWS\System32\perfi013.dat
[2008-04-15 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008-04-15 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008-04-15 14:00:00 | 000,053,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys
[2008-04-15 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008-04-15 14:00:00 | 000,039,178 | ---- | C] () -- C:\WINDOWS\System32\perfd013.dat
[2008-04-15 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008-04-15 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008-04-15 14:00:00 | 000,003,717 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008-04-15 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008-04-15 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008-02-24 21:29:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008-02-24 21:29:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008-02-24 21:29:00 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008-02-24 21:29:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008-02-24 21:29:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008-02-24 21:29:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-02-24 21:29:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008-02-24 21:29:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008-02-24 21:29:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008-01-16 15:17:56 | 000,003,948 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2006-08-01 00:02:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005-03-28 09:45:26 | 000,000,097 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004-04-09 16:06:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\AudioLevel.dll
[2002-05-24 10:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2001-12-26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001-09-03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001-08-26 11:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-08-26 11:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-07-30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001-07-23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2010-12-29 14:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\A-PDF
[2011-02-13 23:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2009-07-11 10:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010-01-18 20:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft
[2009-06-20 14:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
[2011-03-18 13:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010-12-29 15:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2010-11-28 23:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2010-01-09 12:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sitecom Driver
[2011-03-16 23:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2009-07-10 18:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009-04-11 15:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009-04-11 00:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2009-04-10 18:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2011-07-06 20:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010-07-19 19:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ingrid\Application Data\BD44EE4CCDFCB6D39F4628C5045063A4
[2010-03-30 21:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ingrid\Application Data\Belastingdienst
[2009-07-27 20:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ingrid\Application Data\Canneverbe_Limited
[2010-09-26 21:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ingrid\Application Data\FileZilla
[2010-01-18 21:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ingrid\Application Data\Final Draft
[2011-01-21 23:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ingrid\Application Data\FreeAudioPack
[2011-03-16 23:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ingrid\Application Data\Igsare
[2010-11-28 23:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ingrid\Application Data\Samsung
[2011-01-22 14:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ingrid\Application Data\Search Settings
[2010-09-26 21:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ingrid\Application Data\Spot Software
[2011-02-13 23:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ingrid\Application Data\The Learning Company
[2011-07-20 23:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ingrid\Application Data\uTorrent
[2011-07-17 14:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ingrid\Application Data\Vso
[2011-03-16 23:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ingrid\Application Data\Ymfiz
[2011-07-21 22:07:05 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:6971CCC5
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:CB0AACC9
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:A8ADE5D8

< End of report >
  • 0

Advertisements

#2
BlackOxide
Posted 22 July 2011 - 12:56 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi, kakutogi! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :unsure:

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
  • I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
  • If you are not sure of anything along the way, just ask.

OK, lets start :)




Could you follow the two steps below and then get back to me with the logs that are created please.



1)
OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Tick the Scan All Users box at the top
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log




2)
Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image




In your next reply
Please post the contents of...
OTL log
aswMBR log
  • 0

#3
kakutogi
Posted 24 July 2011 - 01:23 PM

kakutogi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi BlackOxide,

Thanks in advance for your help! I have not been experiencing the pop ups anymore, so I don't know if the virus is still on my pc or not. Anyway, here are the requested log files:



OTL

OTL logfile created on: 24-7-2011 21:08:02 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Ingrid\Bureaublad
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

894,42 Mb Total Physical Memory | 161,13 Mb Available Physical Memory | 18,01% Memory free
2,12 Gb Paging File | 1,30 Gb Available in Paging File | 61,64% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69,40 Gb Total Space | 2,81 Gb Free Space | 4,06% Space Free | Partition Type: NTFS
Drive D: | 69,89 Gb Total Space | 3,58 Gb Free Space | 5,12% Space Free | Partition Type: NTFS
Drive H: | 960,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: STANLEY | User Name: Ingrid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-07-21 22:20:44 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ingrid\Bureaublad\OTL.exe
PRC - [2011-06-23 18:12:18 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-04-17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2010-10-25 11:07:48 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\WINDOWS\system32\dgdersvc.exe
PRC - [2010-10-25 11:03:52 | 000,217,088 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2009-07-13 23:18:12 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008-08-28 11:19:34 | 001,630,208 | ---- | M] (Sitecom Europe BV) -- C:\Program Files\Sitecom\Common\RaUI.exe
PRC - [2008-05-13 16:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Sitecom\Common\RegistryWriter.exe
PRC - [2008-04-15 14:00:00 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-02-20 16:02:00 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007-12-10 20:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007-01-30 00:39:34 | 001,432,064 | ---- | M] (Phoenix Labs) -- C:\Program Files\uTorrent\PeerGuardian2\pg2.exe
PRC - [2006-11-03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006-11-03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe


========== Modules (SafeList) ==========

MOD - [2011-07-21 22:20:44 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ingrid\Bureaublad\OTL.exe
MOD - [2011-04-29 02:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\asoehook.dll
MOD - [2009-07-12 01:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009-07-12 01:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2008-04-15 14:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011-04-17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2010-10-25 11:07:48 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\dgdersvc.exe -- (dgdersvc)
SRV - [2010-10-25 11:03:52 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009-07-13 23:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008-09-05 11:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008-05-13 16:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Sitecom\Common\RegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2008-05-06 00:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008-02-20 16:02:00 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007-12-10 20:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006-11-03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011-07-07 17:01:40 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110722.031\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011-06-16 20:20:31 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110724.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011-06-16 20:20:31 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011-06-16 20:20:31 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110724.003\NAVENG.SYS -- (NAVENG)
DRV - [2011-05-19 21:37:06 | 000,810,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110701.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011-05-11 15:55:52 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011-05-10 10:38:48 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011-03-31 05:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011-03-31 05:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011-03-22 02:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011-03-15 04:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011-01-27 08:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011-01-27 07:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010-10-25 11:07:48 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010-10-25 11:03:52 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010-08-27 06:32:08 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010-08-27 06:32:08 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010-08-27 06:32:08 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2009-02-10 17:23:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2008-10-29 15:34:40 | 000,644,096 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008-05-20 02:53:00 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-04-15 14:00:00 | 000,053,504 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008-01-28 21:37:48 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008-01-28 21:37:46 | 000,054,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008-01-07 01:54:50 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007-01-30 00:16:42 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\uTorrent\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2005-01-13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2002-11-28 16:18:04 | 000,015,360 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [1999-09-10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1489460643-2323725418-3324827107-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...d=0409&m=el1200
IE - HKU\S-1-5-21-1489460643-2323725418-3324827107-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1489460643-2323725418-3324827107-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?hl=nl
IE - HKU\S-1-5-21-1489460643-2323725418-3324827107-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1489460643-2323725418-3324827107-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.9.2
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.51
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.7
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.1
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.0.8
FF - prefs.js..network.proxy.no_proxies_on: "local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Ingrid\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Ingrid\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011-07-08 17:36:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_0_8 [2011-07-24 16:52:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-07-06 20:16:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-07-06 20:16:00 | 000,000,000 | ---D | M]

[2010-01-19 20:26:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ingrid\Application Data\Mozilla\Extensions
[2011-07-24 17:02:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ingrid\Application Data\Mozilla\Firefox\Profiles\a62rnhkd.default\extensions
[2010-04-27 21:33:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ingrid\Application Data\Mozilla\Firefox\Profiles\a62rnhkd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-07-02 17:13:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Ingrid\Application Data\Mozilla\Firefox\Profiles\a62rnhkd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011-05-27 10:27:21 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Documents and Settings\Ingrid\Application Data\Mozilla\Firefox\Profiles\a62rnhkd.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011-06-23 22:03:56 | 000,000,000 | ---D | M] (Adblock Plus Pop-up Addon) -- C:\Documents and Settings\Ingrid\Application Data\Mozilla\Firefox\Profiles\a62rnhkd.default\extensions\[email protected]
[2011-05-22 20:57:28 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Ingrid\Application Data\Mozilla\Firefox\Profiles\a62rnhkd.default\extensions\[email protected]
[2010-10-02 11:41:13 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Ingrid\Application Data\Mozilla\Firefox\Profiles\a62rnhkd.default\extensions\[email protected]
[2011-06-23 22:03:59 | 000,000,000 | ---D | M] (Form History Control) -- C:\Documents and Settings\Ingrid\Application Data\Mozilla\Firefox\Profiles\a62rnhkd.default\extensions\[email protected]
[2011-03-16 23:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-07-24 16:52:01 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_0_8
[2011-07-08 17:36:56 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
[2010-01-15 20:34:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011-03-03 19:14:40 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2011-03-03 19:14:40 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2011-03-03 19:14:40 | 000,001,111 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\vandale-nl.xml
[2011-03-03 19:14:40 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml
[2011-03-03 19:14:40 | 000,001,106 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2010-07-21 08:08:19 | 000,000,776 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (QuickNet BHO) - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1489460643-2323725418-3324827107-1006\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1489460643-2323725418-3324827107-1006\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CloneCDElbyCDFL] C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1489460643-2323725418-3324827107-1006..\Run: [KiesTrayAgent] File not found
O4 - HKU\S-1-5-21-1489460643-2323725418-3324827107-1006..\Run: [oheOiUJvGfNI] File not found
O4 - HKU\S-1-5-21-1489460643-2323725418-3324827107-1006..\Run: [PeerGuardian] C:\Program Files\uTorrent\PeerGuardian2\pg2.exe (Phoenix Labs)
O4 - HKU\S-1-5-21-1489460643-2323725418-3324827107-1006..\Run: [Power2GoExpress] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Common\RaUI.exe (Sitecom Europe BV)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1489460643-2323725418-3324827107-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.35.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1489460643-2323725418-3324827107-1006 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-09-05 09:35:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006-11-13 15:24:41 | 000,000,175 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{9cfc8c08-fc6d-11de-98f9-000cf654952e}\Shell\AutoRun\command - "" = I:\setupSNK.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup.exe -- [2006-11-13 15:24:41 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\H\Shell\configure\command - "" = H:\setup.exe -- [2006-11-13 15:24:41 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\H\Shell\install\command - "" = H:\setup.exe -- [2006-11-13 15:24:41 | 000,463,152 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-07-24 21:08:15 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Ingrid\Bureaublad\aswMBR.exe
[2011-07-21 22:20:29 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ingrid\Bureaublad\OTL.exe
[2011-07-06 20:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\iTunes
[2011-07-06 20:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011-07-06 20:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011-07-06 20:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011-07-06 20:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\QuickTime
[2011-07-06 20:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011-07-06 20:14:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011-07-06 20:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011-07-06 20:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011-07-06 20:07:27 | 080,695,592 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\Ingrid\Bureaublad\iTunesSetup.exe
[2011-06-26 21:11:52 | 000,000,000 | ---D | C] -- C:\Warren Zevon
[2009-07-10 12:47:08 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Ingrid\Application Data\pcouffin.sys
[2009-04-10 16:23:29 | 000,016,384 | ---- | C] ( ) -- C:\WINDOWS\System32\ClearEvent.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-07-24 21:09:07 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ingrid\Bureaublad\aswMBR.exe
[2011-07-24 21:02:38 | 000,631,206 | ---- | M] () -- C:\Documents and Settings\Ingrid\Bureaublad\Berry09!.bmp
[2011-07-24 20:33:00 | 000,001,140 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1489460643-2323725418-3324827107-1006UA.job
[2011-07-24 20:20:01 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-07-24 17:13:41 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011-07-24 16:56:08 | 000,513,384 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2011-07-24 16:56:08 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-07-24 16:56:08 | 000,092,564 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2011-07-24 16:56:08 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-07-24 16:51:41 | 000,001,040 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-07-24 16:51:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-07-24 16:51:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-07-24 16:51:22 | 937,938,944 | -HS- | M] () -- C:\hiberfil.sys
[2011-07-23 12:33:01 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1489460643-2323725418-3324827107-1006Core.job
[2011-07-22 20:40:35 | 000,010,302 | ---- | M] () -- C:\Documents and Settings\Ingrid\Bureaublad\Journalist.pdf
[2011-07-21 22:20:44 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ingrid\Bureaublad\OTL.exe
[2011-07-17 14:46:18 | 000,001,044 | ---- | M] () -- C:\Documents and Settings\Ingrid\Application Data\vso_ts_preview.xml
[2011-07-16 17:19:59 | 000,226,304 | ---- | M] () -- C:\Documents and Settings\Ingrid\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-07-15 18:36:47 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Ingrid\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011-07-15 18:36:45 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\Ingrid\Bureaublad\Google Chrome.lnk
[2011-07-12 20:12:57 | 006,896,215 | ---- | M] () -- C:\Documents and Settings\Ingrid\Bureaublad\LdR portfolio 2011.pdf
[2011-07-06 20:08:54 | 080,695,592 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Ingrid\Bureaublad\iTunesSetup.exe
[2011-07-06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-07-03 18:01:27 | 000,006,992 | ---- | M] () -- C:\{1D20E4E2-7D1E-4A61-B9AE-A0621B0CEA31}
[2011-07-02 20:34:40 | 000,374,250 | ---- | M] () -- C:\Documents and Settings\Ingrid\Bureaublad\CV_SPIROS GOGAS.pdf
[2011-07-02 17:27:11 | 000,114,445 | ---- | M] () -- C:\Documents and Settings\Ingrid\Bureaublad\Groupon-9952EDBE51.pdf
[2011-06-26 21:54:33 | 000,081,467 | ---- | M] () -- C:\Documents and Settings\Ingrid\Mijn documenten\Uchi Deshi 1.2.fdx
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-07-24 21:02:32 | 000,631,206 | ---- | C] () -- C:\Documents and Settings\Ingrid\Bureaublad\Berry09!.bmp
[2011-07-22 20:40:21 | 000,010,302 | ---- | C] () -- C:\Documents and Settings\Ingrid\Bureaublad\Journalist.pdf
[2011-07-21 22:03:38 | 937,938,944 | -HS- | C] () -- C:\hiberfil.sys
[2011-07-12 20:12:40 | 006,896,215 | ---- | C] () -- C:\Documents and Settings\Ingrid\Bureaublad\LdR portfolio 2011.pdf
[2011-07-03 18:01:27 | 000,006,992 | ---- | C] () -- C:\{1D20E4E2-7D1E-4A61-B9AE-A0621B0CEA31}
[2011-07-02 20:32:45 | 000,374,250 | ---- | C] () -- C:\Documents and Settings\Ingrid\Bureaublad\CV_SPIROS GOGAS.pdf
[2011-07-02 17:27:06 | 000,114,445 | ---- | C] () -- C:\Documents and Settings\Ingrid\Bureaublad\Groupon-9952EDBE51.pdf
[2011-04-18 10:13:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\null0.722122206150118.exe
[2011-04-15 22:32:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\null0.7659450352661257.exe
[2011-03-18 13:13:40 | 000,007,143 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2011-03-16 19:11:22 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17293108.lic
[2011-03-16 18:30:09 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17293108r
[2011-03-16 18:30:09 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17293108
[2011-03-16 18:29:32 | 000,000,472 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17293108
[2011-03-11 20:03:07 | 000,075,480 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011-01-21 23:58:32 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010-12-04 01:02:33 | 000,667,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010-11-29 00:03:11 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010-11-29 00:03:11 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010-10-25 23:10:21 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt2870.bin
[2010-10-25 11:09:56 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2010-10-25 11:09:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2010-10-25 11:09:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2010-10-25 11:09:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2010-08-04 09:08:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-01-19 20:25:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010-01-18 20:59:52 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.811261211181235583101118113995
[2010-01-09 12:19:55 | 000,015,312 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2009-11-22 16:13:57 | 002,067,140 | R--- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2009-07-20 18:22:53 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-07-12 11:59:43 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-07-12 11:59:41 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-07-10 12:48:07 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\Ingrid\Application Data\vso_ts_preview.xml
[2009-07-10 12:47:08 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Ingrid\Application Data\inst.exe
[2009-07-10 12:47:08 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Ingrid\Application Data\pcouffin.cat
[2009-07-10 12:47:08 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Ingrid\Application Data\pcouffin.inf
[2009-05-14 04:18:04 | 000,279,629 | ---- | C] () -- C:\WINDOWS\esubmit.exe
[2009-05-09 22:40:39 | 000,226,304 | ---- | C] () -- C:\Documents and Settings\Ingrid\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-05-09 21:58:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhotoNow.INI
[2009-04-11 01:08:11 | 000,009,728 | ---- | C] () -- C:\WINDOWS\HWID_detect.exe
[2009-04-10 16:21:24 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Ingrid\Local Settings\Application Data\fusioncache.dat
[2008-09-05 11:11:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008-09-05 11:11:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008-09-05 10:47:12 | 000,513,384 | ---- | C] () -- C:\WINDOWS\System32\perfh013.dat
[2008-09-05 10:47:12 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008-09-05 10:47:12 | 000,092,564 | ---- | C] () -- C:\WINDOWS\System32\perfc013.dat
[2008-09-05 10:47:12 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008-09-05 10:07:16 | 000,358,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008-09-05 09:48:42 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIOFM4.dll
[2008-09-05 09:48:42 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIBUN5.dll
[2008-09-05 09:47:54 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2008-09-05 09:47:54 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2008-09-05 09:35:04 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008-09-05 09:34:00 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008-08-25 10:17:58 | 000,023,634 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008-07-10 08:06:32 | 000,524,288 | ---- | C] () -- C:\WINDOWS\Alaunch.exe
[2008-04-15 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008-04-15 14:00:00 | 000,318,670 | ---- | C] () -- C:\WINDOWS\System32\perfi013.dat
[2008-04-15 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008-04-15 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008-04-15 14:00:00 | 000,053,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys
[2008-04-15 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008-04-15 14:00:00 | 000,039,178 | ---- | C] () -- C:\WINDOWS\System32\perfd013.dat
[2008-04-15 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008-04-15 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008-04-15 14:00:00 | 000,003,717 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008-04-15 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008-04-15 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008-02-24 21:29:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008-02-24 21:29:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008-02-24 21:29:00 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008-02-24 21:29:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008-02-24 21:29:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008-02-24 21:29:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-02-24 21:29:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008-02-24 21:29:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008-02-24 21:29:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008-01-16 15:17:56 | 000,003,948 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2006-08-01 00:02:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005-03-28 09:45:26 | 000,000,097 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004-04-09 16:06:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\AudioLevel.dll
[2002-05-24 10:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2001-12-26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001-09-03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001-08-26 11:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-08-26 11:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-07-30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001-07-23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:6971CCC5
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:CB0AACC9
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:A8ADE5D8

< End of report >




aswMBR



aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software
Run date: 2011-07-24 21:15:42
-----------------------------
21:15:42.578 OS Version: Windows 5.1.2600 Service Pack 3
21:15:42.578 Number of processors: 1 586 0x7F02
21:15:42.578 ComputerName: STANLEY UserName: Ingrid
21:15:42.843 Initialze error C000010E - driver not loaded
21:15:42.890 write error "aswCmnB.dll". Het proces heeft geen toegang tot het bestand omdat

het bestand door een ander proces wordt gebruikt.
21:17:14.968 AVAST engine defs: 11072401
21:17:31.609 Service scanning
21:17:33.312 Modules scanning
21:17:33.343 Disk 0 trace - called modules:
21:17:33.343
21:17:33.937 AVAST engine scan C:\WINDOWS
21:17:42.062 AVAST engine scan C:\WINDOWS\system32
21:19:49.671 AVAST engine scan C:\WINDOWS\system32\drivers
21:19:59.484 File: C:\WINDOWS\system32\drivers\volsnap.sys **INFECTED** Win32:Alureon-PS
21:20:02.015 AVAST engine scan C:\Documents and Settings\Ingrid
21:21:37.062 The log file has been saved successfully to "C:\Documents and Settings\Ingrid\Mijn documenten\aswMBR.txt"
  • 0

#4
BlackOxide
Posted 24 July 2011 - 01:43 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hey,

It does appear that you are still infected. Lets now start removing this malware :)



1)
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.




2)
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O4 - HKU\S-1-5-21-1489460643-2323725418-3324827107-1006..\Run: [oheOiUJvGfNI] File not found
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
[2011-04-18 10:13:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\null0.722122206150118.exe
[2011-04-15 22:32:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\null0.7659450352661257.exe
[2011-03-16 19:11:22 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17293108.lic
[2011-03-16 18:30:09 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17293108r
[2011-03-16 18:30:09 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17293108
[2011-03-16 18:29:32 | 000,000,472 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17293108

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.




3)
Could you re-run aswMBR for me please, using the same instructions as last time.




In your next reply
Please post the contents of...
TDSSKiller log
OTL log
aswMBR log
  • 0

#5
kakutogi
Posted 25 July 2011 - 12:41 PM

kakutogi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OK, here are the logs:


2011/07/25 20:16:15.0406 1744 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/25 20:16:17.0421 1744 ================================================================================
2011/07/25 20:16:17.0421 1744 SystemInfo:
2011/07/25 20:16:17.0421 1744
2011/07/25 20:16:17.0421 1744 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/25 20:16:17.0421 1744 Product type: Workstation
2011/07/25 20:16:17.0421 1744 ComputerName: STANLEY
2011/07/25 20:16:17.0421 1744 UserName: Ingrid
2011/07/25 20:16:17.0421 1744 Windows directory: C:\WINDOWS
2011/07/25 20:16:17.0421 1744 System windows directory: C:\WINDOWS
2011/07/25 20:16:17.0421 1744 Processor architecture: Intel x86
2011/07/25 20:16:17.0421 1744 Number of processors: 1
2011/07/25 20:16:17.0421 1744 Page size: 0x1000
2011/07/25 20:16:17.0421 1744 Boot type: Normal boot
2011/07/25 20:16:17.0421 1744 ================================================================================
2011/07/25 20:16:22.0875 1744 Initialize success
2011/07/25 20:16:26.0593 0720 ================================================================================
2011/07/25 20:16:26.0593 0720 Scan started
2011/07/25 20:16:26.0593 0720 Mode: Manual;
2011/07/25 20:16:26.0593 0720 ================================================================================
2011/07/25 20:16:28.0343 0720 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/25 20:16:28.0406 0720 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/25 20:16:28.0500 0720 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/25 20:16:28.0593 0720 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/07/25 20:16:28.0671 0720 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/07/25 20:16:28.0781 0720 AgereSoftModem (acc50f43d9e764d364173b9858d3e940) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/07/25 20:16:29.0250 0720 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
2011/07/25 20:16:29.0281 0720 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/25 20:16:29.0359 0720 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/25 20:16:29.0484 0720 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/25 20:16:29.0562 0720 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/25 20:16:29.0625 0720 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/25 20:16:29.0812 0720 BHDrvx86 (ad73b4cd214de82d003fdadbaeab6410) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110701.001\BHDrvx86.sys
2011/07/25 20:16:29.0968 0720 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/25 20:16:30.0093 0720 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/25 20:16:30.0140 0720 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/25 20:16:30.0234 0720 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/25 20:16:30.0531 0720 dgderdrv (3be1651c63954067940e7f473498ad70) C:\WINDOWS\system32\drivers\dgderdrv.sys
2011/07/25 20:16:30.0656 0720 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/25 20:16:30.0765 0720 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/25 20:16:30.0859 0720 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/25 20:16:30.0890 0720 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/25 20:16:30.0953 0720 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/25 20:16:31.0062 0720 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/25 20:16:31.0140 0720 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/07/25 20:16:31.0250 0720 ElbyCDFL (59c9e1336a4508f059827d638e924c62) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
2011/07/25 20:16:31.0296 0720 ElbyCDIO (389823db299b350f2ee830d47376eeac) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/07/25 20:16:31.0437 0720 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/07/25 20:16:31.0578 0720 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/25 20:16:31.0656 0720 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/07/25 20:16:31.0687 0720 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/25 20:16:31.0750 0720 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/07/25 20:16:31.0796 0720 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/07/25 20:16:31.0906 0720 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\WINDOWS\system32\FsUsbExDisk.SYS
2011/07/25 20:16:31.0984 0720 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/25 20:16:32.0062 0720 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/25 20:16:32.0140 0720 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/07/25 20:16:32.0203 0720 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/25 20:16:32.0328 0720 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/25 20:16:32.0421 0720 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/25 20:16:32.0562 0720 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/25 20:16:32.0687 0720 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/25 20:16:32.0906 0720 IDSxpx86 (b9ba869eb7b66c5740e904a79f9245b4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110722.031\IDSxpx86.sys
2011/07/25 20:16:33.0015 0720 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/25 20:16:33.0140 0720 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Acer\Empowering Technology\eRecovery\int15.sys
2011/07/25 20:16:33.0375 0720 IntcAzAudAddService (19afbb8427ce65042599555e578170df) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/07/25 20:16:33.0578 0720 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/07/25 20:16:33.0671 0720 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/25 20:16:33.0734 0720 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/25 20:16:33.0796 0720 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/25 20:16:33.0859 0720 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/25 20:16:33.0921 0720 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/25 20:16:33.0968 0720 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/25 20:16:34.0046 0720 ISODrive (0ae61463adda697a6291155ce6b08aaf) C:\Program Files\UltraISO\drivers\ISODrive.sys
2011/07/25 20:16:34.0109 0720 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/25 20:16:34.0156 0720 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/25 20:16:34.0203 0720 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/25 20:16:34.0390 0720 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/25 20:16:34.0453 0720 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/25 20:16:34.0515 0720 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/25 20:16:34.0593 0720 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/25 20:16:34.0625 0720 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/25 20:16:34.0687 0720 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/25 20:16:34.0781 0720 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/25 20:16:34.0890 0720 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/25 20:16:34.0984 0720 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/25 20:16:35.0062 0720 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/25 20:16:35.0140 0720 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/25 20:16:35.0203 0720 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/25 20:16:35.0265 0720 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/25 20:16:35.0406 0720 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110725.002\NAVENG.SYS
2011/07/25 20:16:35.0484 0720 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110725.002\NAVEX15.SYS
2011/07/25 20:16:35.0609 0720 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/25 20:16:35.0656 0720 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/25 20:16:35.0703 0720 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/25 20:16:35.0734 0720 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/25 20:16:35.0765 0720 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/25 20:16:35.0812 0720 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/25 20:16:35.0859 0720 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/25 20:16:36.0046 0720 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/25 20:16:36.0109 0720 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/25 20:16:36.0187 0720 NTIDrvr (5535174933a08bb8f1cee26dffb930e4) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
2011/07/25 20:16:36.0281 0720 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/25 20:16:36.0484 0720 nv (8e6c08918dd6af8403cc24969582761a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/25 20:16:36.0921 0720 NVENETFD (45ba510db13a0496db1cd16826519e03) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/07/25 20:16:36.0968 0720 nvnetbus (57cbdb934fb1afb7e03b413d151a6152) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/07/25 20:16:37.0031 0720 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/25 20:16:37.0062 0720 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/25 20:16:37.0281 0720 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys
2011/07/25 20:16:37.0328 0720 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/25 20:16:37.0406 0720 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/25 20:16:37.0484 0720 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/25 20:16:37.0562 0720 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/25 20:16:37.0640 0720 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/25 20:16:37.0734 0720 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/07/25 20:16:38.0078 0720 pgfilter (2ee7f9a01fac4d7c5516a5c3ce130fd7) C:\Program Files\uTorrent\PeerGuardian2\pgfilter.sys
2011/07/25 20:16:38.0312 0720 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/25 20:16:38.0390 0720 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/07/25 20:16:38.0453 0720 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/25 20:16:38.0562 0720 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/25 20:16:39.0078 0720 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/25 20:16:39.0328 0720 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/25 20:16:39.0640 0720 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/25 20:16:39.0765 0720 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/25 20:16:39.0843 0720 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/25 20:16:39.0921 0720 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/25 20:16:40.0015 0720 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/25 20:16:40.0109 0720 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/25 20:16:40.0281 0720 rt2870 (19a0b57164830df3c699e3cc93f68e37) C:\WINDOWS\system32\DRIVERS\rt2870.sys
2011/07/25 20:16:40.0421 0720 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/25 20:16:40.0500 0720 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys
2011/07/25 20:16:40.0593 0720 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/25 20:16:40.0765 0720 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/25 20:16:40.0843 0720 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/25 20:16:41.0000 0720 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS
2011/07/25 20:16:41.0093 0720 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS
2011/07/25 20:16:41.0171 0720 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/25 20:16:41.0250 0720 ssadbus (6d83ff6722baf7e82a4521dbec363e5a) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
2011/07/25 20:16:41.0375 0720 ssadmdfl (5ae42e90f99749e0e35b9989a2d0275c) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
2011/07/25 20:16:41.0421 0720 ssadmdm (9285d8aba50a4d6482b1574448f9eb76) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
2011/07/25 20:16:41.0515 0720 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/25 20:16:41.0578 0720 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/25 20:16:41.0843 0720 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS
2011/07/25 20:16:42.0296 0720 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS
2011/07/25 20:16:42.0625 0720 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/07/25 20:16:43.0187 0720 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS
2011/07/25 20:16:43.0531 0720 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS
2011/07/25 20:16:44.0125 0720 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/25 20:16:44.0218 0720 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/25 20:16:44.0265 0720 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/25 20:16:44.0312 0720 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/25 20:16:44.0375 0720 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/25 20:16:44.0484 0720 UBHelper (5e3966a0d9b57531264fc0c835021fa1) C:\WINDOWS\system32\drivers\UBHelper.sys
2011/07/25 20:16:44.0515 0720 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/25 20:16:44.0625 0720 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/25 20:16:44.0750 0720 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/25 20:16:44.0828 0720 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/25 20:16:44.0890 0720 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/07/25 20:16:44.0968 0720 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/25 20:16:45.0046 0720 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/25 20:16:45.0171 0720 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/25 20:16:45.0234 0720 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/25 20:16:45.0359 0720 VolSnap (e2c7b758b39526624a77c50e23828df6) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/25 20:16:45.0375 0720 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/07/25 20:16:45.0453 0720 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/25 20:16:45.0546 0720 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/25 20:16:45.0671 0720 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/07/25 20:16:45.0781 0720 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/07/25 20:16:45.0859 0720 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/07/25 20:16:45.0953 0720 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/25 20:16:46.0000 0720 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/25 20:16:46.0109 0720 MBR (0x1B8) (ef919f1d1548477166d000bb041b44a6) \Device\Harddisk0\DR0
2011/07/25 20:16:46.0109 0720 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/07/25 20:16:46.0140 0720 Boot (0x1200) (8653ba6e67194fed368936a03ba72d95) \Device\Harddisk0\DR0\Partition0
2011/07/25 20:16:46.0171 0720 Boot (0x1200) (85c915615a190a3a022e04c876a16a15) \Device\Harddisk0\DR0\Partition1
2011/07/25 20:16:46.0187 0720 ================================================================================
2011/07/25 20:16:46.0187 0720 Scan finished
2011/07/25 20:16:46.0187 0720 ================================================================================
2011/07/25 20:16:46.0218 3804 Detected object count: 2
2011/07/25 20:16:46.0218 3804 Actual detected object count: 2
2011/07/25 20:17:01.0937 3804 VolSnap (e2c7b758b39526624a77c50e23828df6) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/25 20:17:05.0234 3804 Backup copy found, using it..
2011/07/25 20:17:05.0500 3804 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/07/25 20:17:05.0500 3804 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/07/25 20:17:05.0546 3804 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/07/25 20:17:05.0546 3804 \Device\Harddisk0\DR0 - ok
2011/07/25 20:17:05.0546 3804 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/25 20:17:14.0718 0812 Deinitialize success



OTL logfile created on: 25-7-2011 20:31:26 - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Ingrid\Bureaublad
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

894,42 Mb Total Physical Memory | 233,58 Mb Available Physical Memory | 26,12% Memory free
2,12 Gb Paging File | 1,55 Gb Available in Paging File | 73,38% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69,40 Gb Total Space | 3,51 Gb Free Space | 5,05% Space Free | Partition Type: NTFS
Drive D: | 69,89 Gb Total Space | 3,35 Gb Free Space | 4,80% Space Free | Partition Type: NTFS
Drive H: | 960,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: STANLEY | User Name: Ingrid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-07-21 22:20:44 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ingrid\Bureaublad\OTL.exe
PRC - [2011-06-23 18:12:18 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-04-17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2010-10-25 11:07:48 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\WINDOWS\system32\dgdersvc.exe
PRC - [2010-10-25 11:03:52 | 000,217,088 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2009-07-13 23:18:12 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008-08-28 11:19:34 | 001,630,208 | ---- | M] (Sitecom Europe BV) -- C:\Program Files\Sitecom\Common\RaUI.exe
PRC - [2008-07-10 16:20:54 | 000,421,888 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2008-05-13 16:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Sitecom\Common\RegistryWriter.exe
PRC - [2008-04-15 14:00:00 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-02-20 16:02:00 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007-12-10 20:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007-01-30 00:39:34 | 001,432,064 | ---- | M] (Phoenix Labs) -- C:\Program Files\uTorrent\PeerGuardian2\pg2.exe
PRC - [2006-11-03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006-11-03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe


========== Modules (SafeList) ==========

MOD - [2011-07-21 22:20:44 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ingrid\Bureaublad\OTL.exe
MOD - [2011-04-29 02:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\asoehook.dll
MOD - [2009-07-12 01:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009-07-12 01:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2008-04-15 14:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011-04-17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2010-10-25 11:07:48 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\dgdersvc.exe -- (dgdersvc)
SRV - [2010-10-25 11:03:52 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009-07-13 23:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008-09-05 11:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008-05-13 16:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Sitecom\Common\RegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2008-05-06 00:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008-02-20 16:02:00 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007-12-10 20:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006-11-03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011-07-07 17:01:40 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110722.031\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011-06-16 20:20:31 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110725.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011-06-16 20:20:31 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011-06-16 20:20:31 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110725.002\NAVENG.SYS -- (NAVENG)
DRV - [2011-05-19 21:37:06 | 000,810,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110701.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011-05-11 15:55:52 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011-05-10 10:38:48 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011-03-31 05:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011-03-31 05:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011-03-22 02:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011-03-15 04:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011-01-27 08:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011-01-27 07:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010-10-25 11:07:48 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010-10-25 11:03:52 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010-08-27 06:32:08 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010-08-27 06:32:08 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010-08-27 06:32:08 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2009-02-10 17:23:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2008-10-29 15:34:40 | 000,644,096 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008-05-20 02:53:00 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-01-28 21:37:48 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008-01-28 21:37:46 | 000,054,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008-01-07 01:54:50 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007-01-30 00:16:42 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\uTorrent\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2005-01-13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2002-11-28 16:18:04 | 000,015,360 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [1999-09-10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...d=0409&m=el1200
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?hl=nl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.9.2
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.51
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.7
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.1
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.0.8
FF - prefs.js..network.proxy.no_proxies_on: "local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Ingrid\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Ingrid\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011-07-08 17:36:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_0_8 [2011-07-25 20:28:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-07-06 20:16:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-07-06 20:16:00 | 000,000,000 | ---D | M]

[2010-01-19 20:26:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ingrid\Application Data\Mozilla\Extensions
[2011-07-25 18:06:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ingrid\Application Data\Mozilla\Firefox\Profiles\a62rnhkd.default\extensions
[2010-04-27 21:33:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ingrid\Application Data\Mozilla\Firefox\Profiles\a62rnhkd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-07-02 17:13:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Ingrid\Application Data\Mozilla\Firefox\Profiles\a62rnhkd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011-05-27 10:27:21 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Documents and Settings\Ingrid\Application Data\Mozilla\Firefox\Profiles\a62rnhkd.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011-06-23 22:03:56 | 000,000,000 | ---D | M] (Adblock Plus Pop-up Addon) -- C:\Documents and Settings\Ingrid\Application Data\Mozilla\Firefox\Profiles\a62rnhkd.default\extensions\[email protected]
[2011-05-22 20:57:28 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Ingrid\Application Data\Mozilla\Firefox\Profiles\a62rnhkd.default\extensions\[email protected]
[2010-10-02 11:41:13 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Ingrid\Application Data\Mozilla\Firefox\Profiles\a62rnhkd.default\extensions\[email protected]
[2011-06-23 22:03:59 | 000,000,000 | ---D | M] (Form History Control) -- C:\Documents and Settings\Ingrid\Application Data\Mozilla\Firefox\Profiles\a62rnhkd.default\extensions\[email protected]
[2011-03-16 23:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-07-25 20:28:04 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_0_8
[2011-07-08 17:36:56 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
[2010-01-15 20:34:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011-03-03 19:14:40 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2011-03-03 19:14:40 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2011-03-03 19:14:40 | 000,001,111 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\vandale-nl.xml
[2011-03-03 19:14:40 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml
[2011-03-03 19:14:40 | 000,001,106 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2011-07-25 20:23:11 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (QuickNet BHO) - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CloneCDElbyCDFL] C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [KiesTrayAgent] File not found
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\uTorrent\PeerGuardian2\pg2.exe (Phoenix Labs)
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Common\RaUI.exe (Sitecom Europe BV)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.35.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-09-05 09:35:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006-11-13 15:24:41 | 000,000,175 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{9cfc8c08-fc6d-11de-98f9-000cf654952e}\Shell\AutoRun\command - "" = I:\setupSNK.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup.exe -- [2006-11-13 15:24:41 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\H\Shell\configure\command - "" = H:\setup.exe -- [2006-11-13 15:24:41 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\H\Shell\install\command - "" = H:\setup.exe -- [2006-11-13 15:24:41 | 000,463,152 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-07-25 20:23:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-07-25 20:16:09 | 001,436,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ingrid\Bureaublad\TDSSKiller.exe
[2011-07-24 21:08:15 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Ingrid\Bureaublad\aswMBR.exe
[2011-07-21 22:20:29 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ingrid\Bureaublad\OTL.exe
[2011-07-06 20:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\iTunes
[2011-07-06 20:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011-07-06 20:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011-07-06 20:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011-07-06 20:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\QuickTime
[2011-07-06 20:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011-07-06 20:14:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011-07-06 20:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011-07-06 20:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011-07-06 20:07:27 | 080,695,592 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\Ingrid\Bureaublad\iTunesSetup.exe
[2011-06-26 21:11:52 | 000,000,000 | ---D | C] -- C:\Warren Zevon
[2009-07-10 12:47:08 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Ingrid\Application Data\pcouffin.sys
[2009-04-10 16:23:29 | 000,016,384 | ---- | C] ( ) -- C:\WINDOWS\System32\ClearEvent.exe

========== Files - Modified Within 30 Days ==========

[2011-07-25 20:33:00 | 000,001,140 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1489460643-2323725418-3324827107-1006UA.job
[2011-07-25 20:32:09 | 000,513,384 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2011-07-25 20:32:09 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-07-25 20:32:09 | 000,092,564 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2011-07-25 20:32:09 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-07-25 20:31:08 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011-07-25 20:28:04 | 000,001,040 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-07-25 20:27:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-07-25 20:27:53 | 937,938,944 | -HS- | M] () -- C:\hiberfil.sys
[2011-07-25 20:23:11 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011-07-25 20:20:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-07-25 20:15:57 | 001,383,430 | ---- | M] () -- C:\Documents and Settings\Ingrid\Bureaublad\tdsskiller.zip
[2011-07-25 17:47:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-07-24 21:15:19 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Ingrid\Bureaublad\MBR.dat
[2011-07-24 21:09:07 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ingrid\Bureaublad\aswMBR.exe
[2011-07-24 21:02:38 | 000,631,206 | ---- | M] () -- C:\Documents and Settings\Ingrid\Bureaublad\Berry09!.bmp
[2011-07-23 12:33:01 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1489460643-2323725418-3324827107-1006Core.job
[2011-07-22 20:40:35 | 000,010,302 | ---- | M] () -- C:\Documents and Settings\Ingrid\Bureaublad\Journalist.pdf
[2011-07-21 22:20:44 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ingrid\Bureaublad\OTL.exe
[2011-07-17 14:46:18 | 000,001,044 | ---- | M] () -- C:\Documents and Settings\Ingrid\Application Data\vso_ts_preview.xml
[2011-07-16 17:19:59 | 000,226,304 | ---- | M] () -- C:\Documents and Settings\Ingrid\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-07-15 18:36:47 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Ingrid\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011-07-15 18:36:45 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\Ingrid\Bureaublad\Google Chrome.lnk
[2011-07-12 20:12:57 | 006,896,215 | ---- | M] () -- C:\Documents and Settings\Ingrid\Bureaublad\LdR portfolio 2011.pdf
[2011-07-11 16:58:52 | 001,436,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ingrid\Bureaublad\TDSSKiller.exe
[2011-07-06 20:08:54 | 080,695,592 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Ingrid\Bureaublad\iTunesSetup.exe
[2011-07-06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-07-03 18:01:27 | 000,006,992 | ---- | M] () -- C:\{1D20E4E2-7D1E-4A61-B9AE-A0621B0CEA31}
[2011-07-02 20:34:40 | 000,374,250 | ---- | M] () -- C:\Documents and Settings\Ingrid\Bureaublad\CV_SPIROS GOGAS.pdf
[2011-07-02 17:27:11 | 000,114,445 | ---- | M] () -- C:\Documents and Settings\Ingrid\Bureaublad\Groupon-9952EDBE51.pdf
[2011-06-26 21:54:33 | 000,081,467 | ---- | M] () -- C:\Documents and Settings\Ingrid\Mijn documenten\Uchi Deshi 1.2.fdx

========== Files Created - No Company Name ==========

[2011-07-25 20:15:25 | 001,383,430 | ---- | C] () -- C:\Documents and Settings\Ingrid\Bureaublad\tdsskiller.zip
[2011-07-24 21:15:19 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Ingrid\Bureaublad\MBR.dat
[2011-07-24 21:02:32 | 000,631,206 | ---- | C] () -- C:\Documents and Settings\Ingrid\Bureaublad\Berry09!.bmp
[2011-07-22 20:40:21 | 000,010,302 | ---- | C] () -- C:\Documents and Settings\Ingrid\Bureaublad\Journalist.pdf
[2011-07-21 22:03:38 | 937,938,944 | -HS- | C] () -- C:\hiberfil.sys
[2011-07-12 20:12:40 | 006,896,215 | ---- | C] () -- C:\Documents and Settings\Ingrid\Bureaublad\LdR portfolio 2011.pdf
[2011-07-03 18:01:27 | 000,006,992 | ---- | C] () -- C:\{1D20E4E2-7D1E-4A61-B9AE-A0621B0CEA31}
[2011-07-02 20:32:45 | 000,374,250 | ---- | C] () -- C:\Documents and Settings\Ingrid\Bureaublad\CV_SPIROS GOGAS.pdf
[2011-07-02 17:27:06 | 000,114,445 | ---- | C] () -- C:\Documents and Settings\Ingrid\Bureaublad\Groupon-9952EDBE51.pdf
[2011-03-18 13:13:40 | 000,007,143 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2011-03-11 20:03:07 | 000,075,480 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011-01-21 23:58:32 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010-12-04 01:02:33 | 000,667,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010-11-29 00:03:11 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010-11-29 00:03:11 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010-10-25 23:10:21 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt2870.bin
[2010-10-25 11:09:56 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2010-10-25 11:09:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2010-10-25 11:09:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2010-10-25 11:09:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2010-08-04 09:08:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-01-19 20:25:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010-01-18 20:59:52 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.811261211181235583101118113995
[2010-01-09 12:19:55 | 000,015,312 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2009-11-22 16:13:57 | 002,067,140 | R--- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2009-07-20 18:22:53 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-07-12 11:59:43 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-07-12 11:59:41 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-07-10 12:48:07 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\Ingrid\Application Data\vso_ts_preview.xml
[2009-07-10 12:47:08 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Ingrid\Application Data\inst.exe
[2009-07-10 12:47:08 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Ingrid\Application Data\pcouffin.cat
[2009-07-10 12:47:08 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Ingrid\Application Data\pcouffin.inf
[2009-05-14 04:18:04 | 000,279,629 | ---- | C] () -- C:\WINDOWS\esubmit.exe
[2009-05-09 22:40:39 | 000,226,304 | ---- | C] () -- C:\Documents and Settings\Ingrid\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-05-09 21:58:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhotoNow.INI
[2009-04-11 01:08:11 | 000,009,728 | ---- | C] () -- C:\WINDOWS\HWID_detect.exe
[2009-04-10 16:21:24 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Ingrid\Local Settings\Application Data\fusioncache.dat
[2008-09-05 11:11:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008-09-05 11:11:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008-09-05 10:47:12 | 000,513,384 | ---- | C] () -- C:\WINDOWS\System32\perfh013.dat
[2008-09-05 10:47:12 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008-09-05 10:47:12 | 000,092,564 | ---- | C] () -- C:\WINDOWS\System32\perfc013.dat
[2008-09-05 10:47:12 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008-09-05 10:07:16 | 000,358,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008-09-05 09:48:42 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIOFM4.dll
[2008-09-05 09:48:42 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIBUN5.dll
[2008-09-05 09:47:54 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2008-09-05 09:47:54 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2008-09-05 09:35:04 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008-09-05 09:34:00 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008-08-25 10:17:58 | 000,023,634 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008-07-10 08:06:32 | 000,524,288 | ---- | C] () -- C:\WINDOWS\Alaunch.exe
[2008-04-15 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008-04-15 14:00:00 | 000,318,670 | ---- | C] () -- C:\WINDOWS\System32\perfi013.dat
[2008-04-15 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008-04-15 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008-04-15 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008-04-15 14:00:00 | 000,039,178 | ---- | C] () -- C:\WINDOWS\System32\perfd013.dat
[2008-04-15 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008-04-15 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008-04-15 14:00:00 | 000,003,717 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008-04-15 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008-04-15 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008-02-24 21:29:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008-02-24 21:29:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008-02-24 21:29:00 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008-02-24 21:29:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008-02-24 21:29:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008-02-24 21:29:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-02-24 21:29:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008-02-24 21:29:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008-02-24 21:29:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008-01-16 15:17:56 | 000,003,948 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2006-08-01 00:02:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005-03-28 09:45:26 | 000,000,097 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004-04-09 16:06:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\AudioLevel.dll
[2002-05-24 10:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2001-12-26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001-09-03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001-08-26 11:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-08-26 11:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-07-30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001-07-23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:6971CCC5
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:CB0AACC9
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:A8ADE5D8

< End of report >




aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software
Run date: 2011-07-25 20:39:04
-----------------------------
20:39:04.468 OS Version: Windows 5.1.2600 Service Pack 3
20:39:04.468 Number of processors: 1 586 0x7F02
20:39:04.468 ComputerName: STANLEY UserName: Ingrid
20:39:05.109 Initialize success
20:39:15.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-7
20:39:15.875 Disk 0 Vendor: ST3160815AS 4.AAA Size: 152627MB BusType: 3
20:39:15.890 Disk 0 MBR read successfully
20:39:15.906 Disk 0 MBR scan
20:39:15.906 Disk 0 unknown MBR code
20:39:15.921 Disk 0 scanning sectors +312576705
20:39:16.000 Disk 0 scanning C:\WINDOWS\system32\drivers
20:39:20.343 Service scanning
20:39:21.921 Modules scanning
20:39:46.125 Disk 0 trace - called modules:
20:39:46.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:39:46.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a3bab8]
20:39:46.156 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000072[0x84abad38]
20:39:46.156 5 ACPI.sys[f735d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-7[0x84a2ad98]
20:39:46.171 Scan finished successfully
20:40:02.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ingrid\Mijn documenten\MBR.dat"
20:40:02.421 The log file has been saved successfully to "C:\Documents and Settings\Ingrid\Mijn documenten\aswMBR.txt"
20:41:10.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ingrid\Bureaublad\MBR.dat"
20:41:10.875 The log file has been saved successfully to "C:\Documents and Settings\Ingrid\Bureaublad\aswMBR.txt"
  • 0

#6
BlackOxide
Posted 25 July 2011 - 01:39 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Excellent, those logs look good now :)

Lets do a sweep for any leftovers...


1)
Run a Quick Scan with Malwarebytes Anti-Malware (MBAM) after updating...
  • Open MBAM
  • Click the Update tab, then click Check for Updates and let it install any updates if they are available
  • Click the Scanner tab, then make sure Quick Scan is selected and click Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • Post the log that it produces in your next reply



2)
How is the PC behaving now, any new redirects or popups etc?




In your next reply
Please post the contents of...
MBAM log
Update on whether the PC is still running OK
  • 0

#7
kakutogi
Posted 25 July 2011 - 02:23 PM

kakutogi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Everything seems to be running fine, haven't had any pop ups or anything strange :-)
Thanks a lot for your help!

Here's the MBAM log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7276

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

25-7-2011 22:20:26
mbam-log-2011-07-25 (22-20-26).txt

Scan type: Quick scan
Objects scanned: 174873
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
BlackOxide
Posted 25 July 2011 - 05:17 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
No problem, you're welcome :unsure:

Your logs look good to me now, so I'll post my cleanup steps below, which will remove the tools we have used and provide some tips on staying safe.



Please go through the Cleanup section below and have a read of the other information which will help keep your PC protected

Thank you for following the procedures, your system now appears free from Malware. Below is a list of steps that are well worth following, they help finalize the fixes we have been doing and will help minimize the risk of a smilar situation happening again by protecting your PC and helping secure it.

Please make sure you follow the Cleanup stage just below.


========== CLEANUP ==========

Remove the Tools used in this cleanup

1)
Tools on the Desktop:
You can now safely remove aswMBR and TDSSKiller from the Desktop (if present)

2)
Clear Old Restore Points
  • Run OTL, copy and paste the following into the Custom Scans/Fixes area at the bottom
    :Commands
[CLEARALLRESTOREPOINTS]
  • Then Click Run Fix

3)
OTL Cleanup
  • Open OTL
  • Click the CleanUp button at the top, it will ask to reboot your PC, please allow it to do so

4)
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


========== Anti Malware Protection ==========

MalwareBytes Anti-Malware
This is an excellent Anti-Malware product. It is recommended to periodically run a Quick Scan to keep your PC as clean as possible. Remember to check for updates before running a scan, so click the Update tab along the top, then click Check for Updates.

Spyware Blaster
Spyware Blaster is a useful program that creates a huge list of known suspect/dangerous sites and blocks any attempts to visit those sites by embedding the list into Internet Explorer and Firefox.

Free Anti Virus Protection...
If you haven't got an AntiVirus or are thinking of changing, my personal recommendations are Microsoft Security Essentials and Avast, both are free to use. Remember though, you can only have one Anti Virus installed at any one given time.

Paid Anti Virus Protection...
If you want a bit more than just an Anti Virus and would like extra features such as Firewall and Anti Spam, you will have to look at purchasing an Anti Virus product. A lot of people do use free AV software as these products use the same virus databases as the paid ones, but some people prefer to have the extra features and the help and support that the paid products tend to offer. If you are looking into purchasing one, my recommendations would be Kaspersky Internet Security or ESET Smart Security. There are however many different ones out there and it is wise to just download trial versions to see which ones suit you best, before actually buying.



========== Updates ==========

Keeping your PC updated is vital in the battle against infections and exploits. There are many infections which will exploit loopholes within Windows itself, Java and Adobe Reader. Keeping these updated is a very good habit to get into.

Automatic Updates

Updates to your Operating System are vital in closing loopholes and fixing bugs which some infections exploit.
To keep your Windows updated, ensure that 'Automatic Updates' is enabled on your PC so updates are downloaded and installed automatically. Click on your version of Windows below to find out how...
Windows XP
Windows Vista
Windows 7

Java updates
  • Click the Start button
  • Click Control Panel
  • Double Click Java
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
Adobe Reader updates
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed



========== Alternate Browsers ==========

Using an alternative web browser can help protect your PC from infections which exploit security holes within Internet Explorer. They can also be quicker to load pages and offer more tools and features such as Firefox's huge addon list.

Firefox - My personal choice, easy to use and has a large number of excellent addons that can be installed to help keep you away from malicious sites and reduce advertisements and popups etc. AdBlockPlus and WOT are very useful addons that are well worth having installed.

Google Chrome - Very nippy browser that's easy to use and is well worth a go if you are trying out different browsers.


Have fun and stay safe online :)
BlackOxide
  • 0

#9
BlackOxide
Posted 31 July 2011 - 12:09 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP