Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rogue:Win32/FakeYak Removal


  • This topic is locked This topic is locked

#1
DEME

DEME

    Member

  • Member
  • PipPip
  • 18 posts
Got infected by 'Rogue:Win32/FakeYak, did Windows Defender check as well as MSERT, but nothing works. Read through some other topics and did a RogueKiller scan twice, here are the results:

RogueKiller V6.1.2 [10/07/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User: Batmobiel [Admin rights]
Mode: Scan -- Date : 10/09/2011 08:42:50

Bad processes: 0

Registry Entries: 17
[SUSP PATH] HKCU\[...]\RunOnce : *uibootaction.exe ("C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uibootaction.exe") -> FOUND
[SUSP PATH] HKCU\[...]\RunOnce : *audiobaseadm.exe ("C:\Users\Batmobiel\AppData\Roaming\audiobaseadm.exe") -> FOUND
[SUSP PATH] HKUS\S-1-5-21-413306250-3151955398-2502198020-1000[...]\RunOnce : *uibootaction.exe ("C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uibootaction.exe") -> FOUND
[SUSP PATH] HKUS\S-1-5-21-413306250-3151955398-2502198020-1000[...]\RunOnce : *audiobaseadm.exe ("C:\Users\Batmobiel\AppData\Roaming\audiobaseadm.exe") -> FOUND
[SUSP PATH] HKCU\[...]\Winlogon : Shell (explorer.exe,C:\Users\Batmobiel\AppData\Roaming\dwm.exe) -> FOUND
[SUSP PATH] HKCU\[...]\Windows : load (C:\Users\BATMOB~1\AppData\Local\Temp\csrss.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-413306250-3151955398-2502198020-1000[...]\Winlogon : Shell (explorer.exe,C:\Users\Batmobiel\AppData\Roaming\dwm.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-413306250-3151955398-2502198020-1000[...]\Windows : load (C:\Users\BATMOB~1\AppData\Local\Temp\csrss.exe) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:56646) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

Particular Files / Folders:
[FOLDER] plugs : c:\users\batmobiel\appdata\roaming\adobe\plugs --> FOUND
[FOLDER] shed : c:\users\batmobiel\appdata\roaming\adobe\shed --> FOUND

Driver: [LOADED]

HOSTS File:


Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Please guide me further through the removal process :)

Thx,
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi run RogueKiller again but this time select option 2

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
DEME

DEME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Extras.txt:

OTL Extras logfile created on: 9/10/2011 17:05:13 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Batmobiel\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

2,00 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 56,20% Memory free
4,23 Gb Paging File | 2,81 Gb Available in Paging File | 66,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,44 Gb Total Space | 0,60 Gb Free Space | 0,44% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 1,26 Gb Free Space | 12,60% Space Free | Partition Type: NTFS

Computer Name: PC_BATMOBIEL | User Name: Batmobiel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-413306250-3151955398-2502198020-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0749F7B4-0B3E-4FA8-9C54-1BE64B5AC3FC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{098DDD02-AEC6-4FEA-8AE5-414B91CB8D7F}" = lport=50125 | protocol=6 | dir=in | name=akamai netsession interface |
"{11D52F22-2834-41BF-AC25-737F9CADEAF1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{15884FF6-ADE2-47CB-8214-5B0916B397F3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1E76F1AC-B735-4AD4-8627-37989C660A1D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{313C3F65-B1FD-4A16-A84F-1B60F7AC110B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{40F101AE-5B81-489C-AD22-5A1CEFFD511E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{44D05461-B071-4BFA-BF7B-789AC0F131DC}" = rport=2869 | protocol=6 | dir=out | app=system |
"{6057EE4A-26F5-4E7A-9AFD-F512C8220B47}" = lport=2869 | protocol=6 | dir=in | app=system |
"{69653DF3-DD0E-424D-8D1F-54176862F6EE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6B871F39-93F4-418E-AC31-6B0C0AEACD5B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7ADCD9E7-038C-4FA4-A90C-D2945C127A2F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7AEE2365-114A-4E66-98A1-BC95313D2323}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8FE58B45-542E-424D-BFD6-28904333DC8C}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{954C80BF-EDC1-41A3-B6E8-BEB2A76974C8}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9DC8A96A-408C-459B-831E-FDCDDFF69802}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A42A23D4-4FEF-4EC0-A5B9-DC1DFE2F26EF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A8FCA046-6623-429C-AFB3-BC45C37D2B1E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA9A0776-84BC-4F46-9202-82A4C1EAE8F4}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{D4A9FE0D-DE95-404B-BB2F-4AB20B45BAEB}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D9CEFAB6-D0A1-4F22-9BC8-2F1FFBFC26EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F36D71CB-94DB-4838-B71F-6C031D7AD481}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{FC16379F-9E98-4B6B-90D4-876363AAD2F3}" = lport=49166 | protocol=6 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A4182C1-3BEC-4982-A069-291127695E0F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0BB6DACA-673C-4AD7-92F2-92AFB03FDB5D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1963C6AE-4DE8-41CA-BFFF-E29C4D279461}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1BE29DB3-5039-45CB-ABF6-29B7AB4F4A55}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1D8F3C7F-BC4F-4F08-8E96-2672ABBE95F6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2511927C-251C-43A5-A208-308074054707}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{29A2EAEB-6322-4355-AB6D-02AF4632DA3A}" = protocol=6 | dir=in | app=c:\program files\3dsmax\3dsmax.exe |
"{3144DC73-2329-40D1-B51D-E0BA5FCF5752}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{328BE57C-F353-40BE-A97C-157CA258EECB}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{35805CFB-08D9-4A87-BEA9-467AF162B6BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{35927C65-C994-4B89-8178-2BFB6EC2B17A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3A9BEEBF-9A57-4D16-893C-2A3CB428D6DF}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{3DA64934-88FC-486D-91A9-4382E79F207B}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\3dsmax.exe |
"{3E89E447-08F3-44EA-88A8-1C09C32C7990}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{4715123D-0C85-4217-BF2A-16BB8C6DA7D9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{47EAC7F1-2535-4A08-8B23-98FA79BD6B1A}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\3dsmax.exe |
"{488A24AA-2544-40BB-959F-DBC3D7943290}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{56DCB9C4-08AA-4E17-A642-BF56AB9BCA6A}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{574C1247-BD8E-4A63-A3B3-77FFC78D7E5F}" = protocol=58 | dir=in | [email protected],-148 |
"{5CA17F61-2D6B-4A1E-9379-64BDB3477A39}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe |
"{6EE0382B-785B-4528-B566-6A95B4A42A70}" = protocol=17 | dir=in | app=c:\program files\backburner 2\manager.exe |
"{77FCE725-0B9B-4ACB-9A1F-E43BE32DADF0}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe |
"{822995F6-6BBD-4219-9C45-4928C6F5621F}" = protocol=6 | dir=out | app=system |
"{8C2177F8-8663-4CC2-AEC2-A679FE2E4A5E}" = protocol=17 | dir=in | app=c:\program files\backburner 2\server.exe |
"{8ED52B66-D0C6-432F-971B-EC81D254A6F4}" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"{8FE627FE-FBD9-4943-B282-3F3E142046C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{90E1E15E-DB79-4B03-9D42-8DDAFFAE76E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{94FA314B-11F2-4C89-B432-325126BBE76B}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |
"{980ED31C-D97A-4A1F-8DB5-D001ED622A72}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{9A5E0684-6A51-4C53-AECD-885F2CD87A37}" = protocol=17 | dir=in | app=c:\program files\backburner 2\monitor.exe |
"{9C419F26-968E-49CD-856B-BBDCD396B5F6}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe |
"{9DA3B5F5-189C-4840-B6E6-2D2885A4D5DD}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{ABA75BE5-0A1C-403A-A769-FE35C6966C9B}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{AF187047-4CAE-451F-900E-8E854ED8B197}" = protocol=6 | dir=in | app=c:\program files\backburner 2\monitor.exe |
"{BE209D83-6E77-46DF-B4E3-3E4BB2F0F352}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BFCBA2D9-98D9-4116-99BB-C0DEC342D536}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{C36DE486-CB6E-4348-857F-3E42DB0FCEBF}" = protocol=17 | dir=in | app=c:\program files\3dsmax\3dsmax.exe |
"{C3FBFA4C-39C6-40E5-A869-18F15BC94C34}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CC777FEB-12D1-4DBE-A412-369E15D5DDB3}" = protocol=6 | dir=in | app=c:\program files\backburner 2\manager.exe |
"{D33E6973-FAD8-4A23-9D5D-B153448BD168}" = protocol=6 | dir=in | app=c:\program files\backburner 2\server.exe |
"{D646BF28-8901-435C-A4DD-21A78406B937}" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"{DBA1C5C0-D849-41B2-988A-374741B1C3C9}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe |
"{E9C97AFB-5016-4426-AF2C-903934ADC4D5}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{EBAFA577-BCDE-4689-AD92-75F8192B7166}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{13011683-B10B-4356-838B-E87E5D175590}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{21390F38-90B0-4D02-9C91-CC89A38BCD4B}C:\flow3d\v9.3\licenses\lmgrd.exe" = protocol=6 | dir=in | app=c:\flow3d\v9.3\licenses\lmgrd.exe |
"TCP Query User{3FF782A9-F998-4CFD-8BFC-2D691CE24845}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{5104D21D-486B-49EA-8330-E973C2CC42D4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{6653EA6F-899C-48E0-8135-49ECFE4770D0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{6B2F41F0-2883-4B8D-983A-803104707674}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{C2979BF5-FB5A-4074-B15A-B72076EE892D}C:\program files\phoenixrc\phoenixrc.exe" = protocol=6 | dir=in | app=c:\program files\phoenixrc\phoenixrc.exe |
"TCP Query User{C8CC8FF5-E18E-42C3-B834-B5E145444AA2}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{E2693918-231C-4193-B882-668CC56B204A}C:\flow3d\v9.3\licenses\f3dtknux.exe" = protocol=6 | dir=in | app=c:\flow3d\v9.3\licenses\f3dtknux.exe |
"TCP Query User{E57E47B9-865B-4449-BECA-6C8F3878885E}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{0A29CE87-F2F4-45EE-AAD8-B195B910CED9}C:\program files\phoenixrc\phoenixrc.exe" = protocol=17 | dir=in | app=c:\program files\phoenixrc\phoenixrc.exe |
"UDP Query User{37053769-5512-4376-B6BC-072E1AA9C349}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{40F79119-BE34-40C5-B46C-038DD75CAA0B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4347F0BA-4CDB-4F98-8EE3-BB03D94911F7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{65A02E49-C804-4DFF-A915-D575D1DDFB00}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{8D393D5D-C235-4FB7-8B69-07DA53E49C45}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{A771F716-F9EA-4298-80A6-52D4E90AFBBF}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{A89B2475-D22F-4120-BBA5-D662B4ECD668}C:\flow3d\v9.3\licenses\f3dtknux.exe" = protocol=17 | dir=in | app=c:\flow3d\v9.3\licenses\f3dtknux.exe |
"UDP Query User{A949B5F6-555F-4320-9112-C377B4E58E74}C:\flow3d\v9.3\licenses\lmgrd.exe" = protocol=17 | dir=in | app=c:\flow3d\v9.3\licenses\lmgrd.exe |
"UDP Query User{F6F21BC9-1504-4103-A7A7-128815189EA8}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16F8DC9F-5FEE-4494-8EFF-D26D0B9ADC92}" = PhoenixRC
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1FB138CC-5503-4B4A-BC42-81E9C1FF26EE}" = Autodesk Inventor Content Center Libraries 2010 (Desktop Content)
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2385DC1A-40D6-45BE-B253-93A91FA39E5F}" = FLOW3D Version 9.3
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2869F5EA-93C3-48E5-80DF-DB696BC84A91}" = Windows Live Mail
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)
"{2C086D06-187A-4050-ADD4-2F9D033651B4}" = Dell systeem aanpassings wizard
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52969324-463B-4643-BF36-854BE2BECB89}" = Autodesk Inventor 2010 English Language Pack
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{5645FB61-898F-4F59-AF80-52FEF3D63A64}" = HTC Sync
"{5783F2D7-0203-0409-0002-0060B0CE6BBA}" = Mechanical Desktop 2004
"{5783F2D7-6000-0409-0002-0060B0CE6BBA}" = AutoCAD Civil 3D 2008
"{5783F2D7-6013-0409-0002-0060B0CE6BBA}" = Autodesk Mechanical Desktop 2008
"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E8ED61B-9027-4EA3-8E5B-BC2A9EE6B020}" = Autodesk Data Management Server 2008
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{685DEA21-3622-455A-A41B-89557A168DFD}" = Ad-Aware
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F411DB4-EC41-482B-AD46-384957928F69}" = AOEMView 2008
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E1FBCB0-500C-4A0D-AC9C-B1B76E75666B}" = Windows Live aanmeldhulp
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{7F4DD591-1200-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2008
"{7F4DD591-1400-0409-0000-7107D70F3DB4}" = Autodesk Inventor 2010
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Editie 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2A0A82F-025F-458d-A0CD-9BB2320804B5}" = Microsoft Works
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B59E23A5-B3C5-4589-AE7A-EDC4793EF951}" = Playboy - The Mansion
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C20C2630-B3A7-44BA-BDD0-31E256AE490E}" = Windows Live Call
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam-software
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CC38A00D-7EED-46CE-9281-D1D97B81F22A}" = Windows Live Messenger
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E55B00B0-9DBF-4EE1-AC1D-5DEBE12BD097}" = Autodesk Vault 2008
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3}" = Windows Live Essentials
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F153183F-F52F-4014-8D98-87E6E5027D91}" = Alias Studio Personal Learning Edition 13
"{F1B9EBFF-D4D6-42DE-B249-68BF4D60AE05}" = KdG Root Certificaat
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F92AB933-9FE7-4335-92BD-D1C3BA27613C}" = 3ds max 7
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"3D_Interieur_2005_is1" = 3D Interieur 2005
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Akamai" = Akamai NetSession Interface
"AOEMView 2008" = AOEMView 2008
"AutoCAD Civil 3D 2008" = AutoCAD Civil 3D 2008
"Autodesk Data Management Server 2008" = Autodesk Data Management Server 2008
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"Autodesk Express Viewer" = Autodesk Express Viewer
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"Autodesk Inventor 2010" = Autodesk Inventor Professional 2010
"Autodesk Mechanical Desktop 2008" = Autodesk Mechanical Desktop 2008
"Autodesk Student Community Download Tool_is1" = Autodesk Student Community Download Tool
"Autodesk Vault 2008" = Autodesk Vault 2008
"CdaC13Ba" = SafeCast Shared Components
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Delftship free_is1" = Delftship free 3.1
"Delftship_is1" = Delftship professional demo 3.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DWG TrueView 2010" = DWG TrueView 2010
"eMindMaps" = eMindMaps
"FLV Player" = FLV Player 2.0 (build 25)
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"InstallShield_{2385DC1A-40D6-45BE-B253-93A91FA39E5F}" = FLOW3D Version 9.3
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 7.0.1 (x86 nl)" = Mozilla Firefox 7.0.1 (x86 nl)
"NVIDIA Drivers" = NVIDIA Drivers
"Peggle" = Peggle (remove only)
"Peggle Deluxe1.0" = Peggle Deluxe
"Peggle Nights Deluxe 1.00" = Peggle Nights Deluxe 1.00
"PicaLoader" = PicaLoader 1.7.1
"PopCap Browser Plugin" = PopCap Browser Plugin
"Power MP3 Recorder Cutter_is1" = Power MP3 Recorder Cutter v5.2.0.0
"RAR Password Cracker" = RAR Password Cracker 4.12
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Ultimate ZIP Cracker" = Ultimate ZIP Cracker
"VLC media player" = VLC media player 0.9.8a
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-413306250-3151955398-2502198020-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/10/2011 3:52:35 | Computer Name = Pc_Batmobiel | Source = Application Error | ID = 1000
Description = Toepassing met fout SearchProtocolHost.exe, versie 7.0.6001.16503,
tijdstempel 0x483b9996, module met fout unknown, versie 0.0.0.0, tijdstempel 0x00000000,
uitzonderingscode 0xc0000005, foutmarge 0x616c6c69, proces-id 0x7a0, starttijd van
toepassing 0x01cc865867100a8b.

Error - 9/10/2011 3:52:44 | Computer Name = Pc_Batmobiel | Source = Application Error | ID = 1000
Description = Toepassing met fout SearchProtocolHost.exe, versie 7.0.6001.16503,
tijdstempel 0x483b9996, module met fout unknown, versie 0.0.0.0, tijdstempel 0x00000000,
uitzonderingscode 0xc0000005, foutmarge 0x616c6c69, proces-id 0x123c, starttijd
van toepassing 0x01cc86586d73053b.

Error - 9/10/2011 3:52:53 | Computer Name = Pc_Batmobiel | Source = Application Error | ID = 1000
Description = Toepassing met fout SearchProtocolHost.exe, versie 7.0.6001.16503,
tijdstempel 0x483b9996, module met fout unknown, versie 0.0.0.0, tijdstempel 0x00000000,
uitzonderingscode 0xc0000005, foutmarge 0x616c6c69, proces-id 0x1578, starttijd
van toepassing 0x01cc86587083798b.

Error - 9/10/2011 4:06:22 | Computer Name = Pc_Batmobiel | Source = Application Error | ID = 1000
Description = Toepassing met fout SearchProtocolHost.exe, versie 7.0.6001.16503,
tijdstempel 0x483b9996, module met fout unknown, versie 0.0.0.0, tijdstempel 0x00000000,
uitzonderingscode 0xc0000005, foutmarge 0x616c6c69, proces-id 0x13dc, starttijd
van toepassing 0x01cc865a54ff565b.

Error - 9/10/2011 8:01:49 | Computer Name = Pc_Batmobiel | Source = Application Error | ID = 1000
Description = Toepassing met fout SearchProtocolHost.exe, versie 7.0.6001.16503,
tijdstempel 0x483b9996, module met fout unknown, versie 0.0.0.0, tijdstempel 0x00000000,
uitzonderingscode 0xc0000005, foutmarge 0x616c6c69, proces-id 0x26f4, starttijd
van toepassing 0x01cc867b34ae7690.

Error - 9/10/2011 8:08:16 | Computer Name = Pc_Batmobiel | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/10/2011 8:09:34 | Computer Name = Pc_Batmobiel | Source = VSS | ID = 8194
Description =

Error - 9/10/2011 8:34:37 | Computer Name = Pc_Batmobiel | Source = Autodesk Data Management Job Dispatch | ID = 0
Description = JobService.GetAllJobs() failure Er is een time-out opgetreden voor
de bewerking

Error - 9/10/2011 8:35:29 | Computer Name = Pc_Batmobiel | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/10/2011 8:36:27 | Computer Name = Pc_Batmobiel | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 9/10/2011 9:22:52 | Computer Name = Pc_Batmobiel | Source = WinDefend | ID = 3006
Description = %%827 Real-Time Protection-agent heeft een fout aangetroffen bij het
ondernemen van actie tegen spyware en andere potentieel ongewenste software. Zie
voor meer informatie: http://go.microsoft....threatid=149015

Scan-id:
{ED5E553F-8569-48A6-BF5A-7ED6A9285A68} Gebruiker: Pc_Batmobiel\Batmobiel Naam: Rogue:Win32/FakeYak

Id:
149015 Ernst-id: 5 Categorie-id: 8 Path: Type waarschuwing: %%805 Actie: %%811 Foutcode:
0x80508022 Foutbeschrijving: U moet de computer opnieuw opstarten om het verwijderen
van spyware en andere mogelijk ongewenste software te voltooien.

Error - 9/10/2011 9:31:38 | Computer Name = Pc_Batmobiel | Source = volsnap | ID = 393252
Description = Bij de schaduwkopieën van volume C: zijn afgebroken omdat de schaduwkopieopslag
niet kan worden uitgebreid vanwege een door de gebruiker opgelegde limiet.

Error - 9/10/2011 9:51:52 | Computer Name = Pc_Batmobiel | Source = WinDefend | ID = 3006
Description = %%827 Real-Time Protection-agent heeft een fout aangetroffen bij het
ondernemen van actie tegen spyware en andere potentieel ongewenste software. Zie
voor meer informatie: http://go.microsoft....threatid=149015

Scan-id:
{DB428C61-C7E8-4A71-A80E-1B1A62F4E242} Gebruiker: Pc_Batmobiel\Batmobiel Naam: Rogue:Win32/FakeYak

Id:
149015 Ernst-id: 5 Categorie-id: 8 Path: Type waarschuwing: %%805 Actie: %%811 Foutcode:
0x80508022 Foutbeschrijving: U moet de computer opnieuw opstarten om het verwijderen
van spyware en andere mogelijk ongewenste software te voltooien.

Error - 9/10/2011 9:56:30 | Computer Name = Pc_Batmobiel | Source = WinDefend | ID = 3006
Description = %%827 Real-Time Protection-agent heeft een fout aangetroffen bij het
ondernemen van actie tegen spyware en andere potentieel ongewenste software. Zie
voor meer informatie: http://go.microsoft....threatid=149015

Scan-id:
{C38DB22A-B030-4F54-82B3-EF7AD963F70C} Gebruiker: Pc_Batmobiel\Batmobiel Naam: Rogue:Win32/FakeYak

Id:
149015 Ernst-id: 5 Categorie-id: 8 Path: Type waarschuwing: %%805 Actie: %%811 Foutcode:
0x80508022 Foutbeschrijving: U moet de computer opnieuw opstarten om het verwijderen
van spyware en andere mogelijk ongewenste software te voltooien.

Error - 9/10/2011 10:53:32 | Computer Name = Pc_Batmobiel | Source = WinDefend | ID = 3006
Description = %%827 Real-Time Protection-agent heeft een fout aangetroffen bij het
ondernemen van actie tegen spyware en andere potentieel ongewenste software. Zie
voor meer informatie: http://go.microsoft....threatid=149015

Scan-id:
{9C410BEA-94FD-428D-B60F-A73B9C65D095} Gebruiker: Pc_Batmobiel\Batmobiel Naam: Rogue:Win32/FakeYak

Id:
149015 Ernst-id: 5 Categorie-id: 8 Path: Type waarschuwing: %%805 Actie: %%811 Foutcode:
0x80508022 Foutbeschrijving: U moet de computer opnieuw opstarten om het verwijderen
van spyware en andere mogelijk ongewenste software te voltooien.

Error - 9/10/2011 10:55:06 | Computer Name = Pc_Batmobiel | Source = WinDefend | ID = 3006
Description = %%827 Real-Time Protection-agent heeft een fout aangetroffen bij het
ondernemen van actie tegen spyware en andere potentieel ongewenste software. Zie
voor meer informatie: http://go.microsoft....threatid=149015

Scan-id:
{926AA2F8-B0D8-4AA0-8038-B19CFCAC59D4} Gebruiker: Pc_Batmobiel\Batmobiel Naam: Rogue:Win32/FakeYak

Id:
149015 Ernst-id: 5 Categorie-id: 8 Path: Type waarschuwing: %%805 Actie: %%811 Foutcode:
0x80508022 Foutbeschrijving: U moet de computer opnieuw opstarten om het verwijderen
van spyware en andere mogelijk ongewenste software te voltooien.

Error - 9/10/2011 11:03:57 | Computer Name = Pc_Batmobiel | Source = WinDefend | ID = 3006
Description = %%827 Real-Time Protection-agent heeft een fout aangetroffen bij het
ondernemen van actie tegen spyware en andere potentieel ongewenste software. Zie
voor meer informatie: http://go.microsoft....threatid=149015

Scan-id:
{B591D591-F4FB-45F2-9B0D-77CC67640DB0} Gebruiker: Pc_Batmobiel\Batmobiel Naam: Rogue:Win32/FakeYak

Id:
149015 Ernst-id: 5 Categorie-id: 8 Path: Type waarschuwing: %%805 Actie: %%811 Foutcode:
0x80508022 Foutbeschrijving: U moet de computer opnieuw opstarten om het verwijderen
van spyware en andere mogelijk ongewenste software te voltooien.

Error - 9/10/2011 11:05:26 | Computer Name = Pc_Batmobiel | Source = WinDefend | ID = 3006
Description = %%827 Real-Time Protection-agent heeft een fout aangetroffen bij het
ondernemen van actie tegen spyware en andere potentieel ongewenste software. Zie
voor meer informatie: http://go.microsoft....threatid=149015

Scan-id:
{68E41168-4548-4D97-A154-FA32DB22FB70} Gebruiker: Pc_Batmobiel\Batmobiel Naam: Rogue:Win32/FakeYak

Id:
149015 Ernst-id: 5 Categorie-id: 8 Path: Type waarschuwing: %%805 Actie: %%811 Foutcode:
0x80508022 Foutbeschrijving: U moet de computer opnieuw opstarten om het verwijderen
van spyware en andere mogelijk ongewenste software te voltooien.

Error - 9/10/2011 11:06:48 | Computer Name = Pc_Batmobiel | Source = WinDefend | ID = 3006
Description = %%827 Real-Time Protection-agent heeft een fout aangetroffen bij het
ondernemen van actie tegen spyware en andere potentieel ongewenste software. Zie
voor meer informatie: http://go.microsoft....threatid=149015

Scan-id:
{C79E5390-2885-4F95-9C1B-821E19E26F38} Gebruiker: Pc_Batmobiel\Batmobiel Naam: Rogue:Win32/FakeYak

Id:
149015 Ernst-id: 5 Categorie-id: 8 Path: Type waarschuwing: %%805 Actie: %%811 Foutcode:
0x80508022 Foutbeschrijving: U moet de computer opnieuw opstarten om het verwijderen
van spyware en andere mogelijk ongewenste software te voltooien.

Error - 9/10/2011 11:07:38 | Computer Name = Pc_Batmobiel | Source = WinDefend | ID = 3006
Description = %%827 Real-Time Protection-agent heeft een fout aangetroffen bij het
ondernemen van actie tegen spyware en andere potentieel ongewenste software. Zie
voor meer informatie: http://go.microsoft....threatid=149015

Scan-id:
{AECF6718-AC3B-4B67-ABA7-C3E5CA1F373F} Gebruiker: Pc_Batmobiel\Batmobiel Naam: Rogue:Win32/FakeYak

Id:
149015 Ernst-id: 5 Categorie-id: 8 Path: Type waarschuwing: %%805 Actie: %%811 Foutcode:
0x80508022 Foutbeschrijving: U moet de computer opnieuw opstarten om het verwijderen
van spyware en andere mogelijk ongewenste software te voltooien.


< End of report >
  • 0

#4
DEME

DEME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OTL.txt:

OTL logfile created on: 9/10/2011 17:05:13 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Batmobiel\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

2,00 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 56,20% Memory free
4,23 Gb Paging File | 2,81 Gb Available in Paging File | 66,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,44 Gb Total Space | 0,60 Gb Free Space | 0,44% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 1,26 Gb Free Space | 12,60% Space Free | Partition Type: NTFS

Computer Name: PC_BATMOBIEL | User Name: Batmobiel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/09 17:02:58 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Batmobiel\Desktop\OTL.exe
PRC - [2011/01/07 22:09:32 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2009/11/13 13:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/11/13 13:31:12 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/03/12 18:36:24 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
PRC - [2009/01/26 16:31:16 | 002,144,088 | -HS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 09:33:04 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007/11/21 01:24:10 | 000,054,784 | ---- | M] (Macrovision) -- C:\Windows\System32\drivers\CDAC11BA.EXE
PRC - [2007/10/21 18:25:16 | 000,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2007/04/18 06:48:18 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/04/18 05:31:58 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/04/16 17:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/03/15 13:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/03/06 22:38:28 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/02/20 14:01:12 | 001,125,088 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/02/13 17:28:14 | 000,032,768 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
PRC - [2007/02/13 17:26:46 | 000,049,152 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
PRC - [2006/11/05 12:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 11:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/11/03 18:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 18:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/09/09 01:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2006/09/09 01:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2005/01/18 17:37:30 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe


========== Modules (No Company Name) ==========

MOD - [2011/01/07 22:09:34 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011/01/07 22:09:32 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011/01/07 22:09:32 | 000,352,256 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011/01/07 22:09:32 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011/01/07 22:09:32 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011/01/07 22:09:32 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2010/07/28 20:03:07 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2007/02/20 14:01:18 | 000,105,184 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2006/11/05 11:58:44 | 000,516,096 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006/11/05 11:28:18 | 004,587,520 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006/11/03 18:46:24 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006/11/03 18:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - [2011/09/22 19:53:45 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_b31de1e.dll -- (Akamai)
SRV - [2011/09/02 15:29:30 | 002,152,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/04 03:27:28 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/03/12 18:36:24 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/21 01:24:10 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\Windows\System32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2007/10/21 18:25:16 | 000,079,360 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/03/06 22:38:28 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/02/13 17:28:14 | 000,032,768 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe -- (Autodesk Data Management Job Dispatch)
SRV - [2007/02/13 17:26:46 | 000,049,152 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe -- (Autodesk EDM Server)


========== Driver Services (SafeList) ==========

DRV - [2011/10/09 17:05:26 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\byjcugox.sys -- (byjcugox)
DRV - [2011/10/09 17:03:57 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\lbjouqdk.sys -- (lbjouqdk)
DRV - [2011/10/09 16:55:06 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tairnakj.sys -- (tairnakj)
DRV - [2011/10/09 16:53:32 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\rrkgjgko.sys -- (rrkgjgko)
DRV - [2011/10/09 15:56:30 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\xwepzlxq.sys -- (xwepzlxq)
DRV - [2011/10/09 15:51:52 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mvpjfvcu.sys -- (mvpjfvcu)
DRV - [2011/10/09 15:22:52 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ltpbqsas.sys -- (ltpbqsas)
DRV - [2011/10/09 15:22:11 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\qedrqkhp.sys -- (qedrqkhp)
DRV - [2011/10/09 14:57:09 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\uldcgfsu.sys -- (uldcgfsu)
DRV - [2011/10/09 14:48:46 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\johrbaai.sys -- (johrbaai)
DRV - [2011/10/09 14:48:07 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\rtzlvfcj.sys -- (rtzlvfcj)
DRV - [2011/10/09 14:46:32 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\lukzfbnp.sys -- (lukzfbnp)
DRV - [2011/10/09 14:44:10 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ppshbqfp.sys -- (ppshbqfp)
DRV - [2011/10/09 14:43:35 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\cnqjqfnc.sys -- (cnqjqfnc)
DRV - [2011/10/09 14:42:57 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\qvbdlqod.sys -- (qvbdlqod)
DRV - [2011/10/09 14:38:58 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ahgeowjl.sys -- (ahgeowjl)
DRV - [2011/05/25 02:00:36 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/05/25 02:00:36 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/06/23 10:23:44 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/06/16 15:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2007/11/21 01:24:11 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2007/09/26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Stuurprogramma voor Intel®
DRV - [2007/04/13 02:02:56 | 000,157,184 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/03/06 22:38:52 | 000,323,584 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/27 09:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 09:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 09:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/21 14:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 09:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Stuurprogramma voor Intel®
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/05 02:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/01/31 12:20:03 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/01/31 12:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = pac.telenet.be:8080

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = pac.telenet.be:8080

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-413306250-3151955398-2502198020-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.be...=be&ibd=2070926
IE - HKU\S-1-5-21-413306250-3151955398-2502198020-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-413306250-3151955398-2502198020-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
IE - HKU\S-1-5-21-413306250-3151955398-2502198020-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-413306250-3151955398-2502198020-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Van Dale Woordenboek"
FF - prefs.js..browser.startup.homepage: "https://www.facebook....com/login.php"
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 56646
FF - prefs.js..network.proxy.no_proxies_on: "*.telenet.be, *.pandora.be, 127.0.0.1"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Batmobiel\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/08 19:57:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/08 19:57:46 | 000,000,000 | ---D | M]

[2009/07/09 17:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Extensions
[2009/07/09 17:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/10/08 23:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Firefox\Profiles\qct6qbvs.default\extensions
[2010/08/06 10:43:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Firefox\Profiles\qct6qbvs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/08 23:55:29 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Firefox\Profiles\qct6qbvs.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/10/08 23:55:35 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Firefox\Profiles\qct6qbvs.default\extensions\[email protected]
[2011/10/08 19:57:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/21 23:12:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/09/29 09:28:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/21 23:11:18 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/03/29 11:56:22 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll
[2011/09/29 02:35:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 03:16:03 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2011/09/29 03:16:03 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2011/09/29 03:16:03 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000..\RunOnce: [*editproxymgr.exe] "C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\editproxymgr.exe" File not found
O4 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000..\RunOnce: [*fileapimsg.exe] C:\Users\Batmobiel\fileapimsg.exe (©if systems)
O4 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000..\RunOnce: [*uibootaction.exe] "C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uibootaction.exe" File not found
O4 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10u_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mgrprovdns.exe ()
O4 - Startup: C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O4 - Startup: C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spybot - Search & Destroy.lnk = C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
F3 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000 WinNT: Load - (C:\Users\BATMOB~1\AppData\Local\Temp\csrss.exe) - File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...l/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.4 195.130.131.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DC71365-4E92-4D5F-AFFB-1E1A12183C2F}: DhcpNameServer = 195.130.130.4 195.130.131.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000 Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000 Winlogon: Shell - (C:\Users\Batmobiel\AppData\Roaming\dwm.exe) - File not found
O24 - Desktop WallPaper: C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O32 - Unable to open key or key not present!
O32 - AutoRun File - [2010/12/27 23:06:50 | 000,000,000 | ---D | M] - C:\autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/09 17:07:38 | 000,209,408 | ---- | C] (©if systems) -- C:\Users\Batmobiel\fileapimsg.exe
[2011/10/09 17:02:53 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Batmobiel\Desktop\OTL.exe
[2011/10/09 14:36:19 | 000,000,000 | ---D | C] -- C:\Users\Batmobiel\Desktop\Roguekiller
[2011/10/09 08:40:53 | 000,000,000 | ---D | C] -- C:\Users\Batmobiel\Desktop\RK_Quarantine
[2011/10/08 23:49:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2011/09/14 22:46:13 | 000,000,000 | ---D | C] -- C:\Users\Batmobiel\Desktop\Werk
[2011/09/13 23:00:58 | 000,000,000 | ---D | C] -- C:\Users\Batmobiel\Desktop\Waterski
[2005/01/01 21:05:00 | 000,456,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\DAO3032.DLL
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/09 17:07:38 | 000,209,408 | ---- | M] (©if systems) -- C:\Users\Batmobiel\fileapimsg.exe
[2011/10/09 17:07:38 | 000,209,408 | ---- | M] () -- C:\ProgramData\provcfgui.exe
[2011/10/09 17:06:48 | 000,209,408 | ---- | M] () -- C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mgrprovdns.exe
[2011/10/09 17:03:57 | 000,209,408 | ---- | M] () -- C:\Users\Batmobiel\AppData\Roaming\proxyqueuecat.exe
[2011/10/09 17:02:58 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Batmobiel\Desktop\OTL.exe
[2011/10/09 17:01:00 | 000,000,970 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/10/09 16:53:32 | 000,209,408 | ---- | M] () -- C:\Users\Batmobiel\respackcsc.exe
[2011/10/09 16:31:40 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/09 16:31:40 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/09 16:23:00 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/09 15:51:52 | 000,209,408 | ---- | M] () -- C:\ProgramData\uiresparse.exe
[2011/10/09 15:22:11 | 000,209,408 | ---- | M] () -- C:\Users\Batmobiel\dnswinproxy.exe
[2011/10/09 14:57:09 | 000,209,408 | ---- | M] () -- C:\Users\Batmobiel\AppData\Local\cabdiagaudio.exe
[2011/10/09 14:46:32 | 000,209,408 | ---- | M] () -- C:\ProgramData\cscactionedit.exe
[2011/10/09 14:44:10 | 000,209,408 | ---- | M] () -- C:\ProgramData\diagadvdev.exe
[2011/10/09 14:32:28 | 000,032,251 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/10/09 14:32:15 | 000,000,440 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011/10/09 14:31:53 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/09 14:31:52 | 000,032,251 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/10/09 14:31:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/09 14:31:29 | 2145,583,104 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/09 14:30:38 | 000,001,660 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/10/09 08:39:07 | 000,337,457 | ---- | M] () -- C:\Users\Batmobiel\Desktop\PC infected with Win32_Fakeyak - Geeks to Go Forums.pdf
[2011/10/08 19:57:54 | 000,000,872 | ---- | M] () -- C:\Users\Batmobiel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/08 19:57:54 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/08 19:07:28 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{58BD6466-5970-429D-873B-F54947271CCC}.job
[2011/10/07 19:23:05 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/10/07 18:22:31 | 000,000,000 | ---- | M] () -- C:\Windows\4253496989
[2011/10/03 21:25:57 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/10/03 21:25:57 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/09/25 23:31:10 | 000,722,486 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2011/09/25 23:31:10 | 000,641,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/25 23:31:10 | 000,148,962 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2011/09/25 23:31:10 | 000,122,778 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/24 10:10:20 | 000,007,808 | ---- | M] () -- C:\Users\Batmobiel\AppData\Local\d3d9caps.dat
[2011/09/18 11:40:17 | 001,184,791 | ---- | M] () -- C:\Users\Batmobiel\Desktop\wolfsven_2010.pdf
[2011/09/17 12:20:12 | 000,000,940 | ---- | M] () -- C:\Users\Batmobiel\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook starten.lnk
[2011/09/14 22:12:47 | 002,270,973 | ---- | M] () -- C:\Users\Batmobiel\Documents\vlarem_ii_versie_20111404.pdf
[2011/09/13 23:05:05 | 000,000,743 | ---- | M] () -- C:\Users\Batmobiel\Application Data\Microsoft\Internet Explorer\Quick Launch\FSCapture - Snelkoppeling (2).lnk
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/09 17:06:48 | 000,209,408 | ---- | C] () -- C:\ProgramData\provcfgui.exe
[2011/10/09 17:05:26 | 000,209,408 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mgrprovdns.exe
[2011/10/09 17:04:45 | 000,209,408 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apibasewin.exe
[2011/10/09 17:03:19 | 000,209,408 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\proxyqueuecat.exe
[2011/10/09 16:54:25 | 000,209,408 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\svcauditprov.exe
[2011/10/09 16:49:37 | 000,209,408 | ---- | C] () -- C:\Users\Batmobiel\respackcsc.exe
[2011/10/09 15:22:52 | 000,209,408 | ---- | C] () -- C:\ProgramData\uiresparse.exe
[2011/10/09 15:22:11 | 000,209,408 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\certbootscan.exe
[2011/10/09 15:13:30 | 000,209,408 | ---- | C] () -- C:\Users\Batmobiel\dnswinproxy.exe
[2011/10/09 14:56:19 | 000,209,408 | ---- | C] () -- C:\Users\Batmobiel\AppData\Local\cabdiagaudio.exe
[2011/10/09 14:47:27 | 000,209,408 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ntfsparsemsg.exe
[2011/10/09 14:45:44 | 000,209,408 | ---- | C] () -- C:\ProgramData\cscactionedit.exe
[2011/10/09 14:43:35 | 000,209,408 | ---- | C] () -- C:\ProgramData\diagadvdev.exe
[2011/10/09 14:42:58 | 000,209,408 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wincenterproxy.exe
[2011/10/09 14:29:57 | 000,209,408 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\bootauthui.exe
[2011/10/09 08:39:22 | 000,337,457 | ---- | C] () -- C:\Users\Batmobiel\Desktop\PC infected with Win32_Fakeyak - Geeks to Go Forums.pdf
[2011/10/09 08:14:58 | 000,032,251 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/10/09 08:14:41 | 000,032,251 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/10/08 19:57:54 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/08 19:57:54 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/07 00:19:09 | 000,000,000 | ---- | C] () -- C:\Windows\4253496989
[2011/10/06 02:42:41 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/09/18 11:40:17 | 001,184,791 | ---- | C] () -- C:\Users\Batmobiel\Desktop\wolfsven_2010.pdf
[2011/09/14 22:12:47 | 002,270,973 | ---- | C] () -- C:\Users\Batmobiel\Documents\vlarem_ii_versie_20111404.pdf
[2011/09/13 23:04:59 | 000,000,743 | ---- | C] () -- C:\Users\Batmobiel\Application Data\Microsoft\Internet Explorer\Quick Launch\FSCapture - Snelkoppeling (2).lnk
[2011/08/13 09:31:09 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/05/30 19:24:12 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/30 19:24:12 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/05/27 21:00:07 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/05/26 23:54:26 | 000,000,168 | ---- | C] () -- C:\ProgramData\~34397944r
[2011/05/26 23:54:25 | 000,000,144 | ---- | C] () -- C:\ProgramData\~34397944
[2011/05/26 23:53:53 | 000,000,328 | ---- | C] () -- C:\ProgramData\34397944
[2009/12/26 15:25:30 | 000,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
[2009/11/26 04:01:34 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/26 04:01:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/09/22 18:34:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/09/10 23:57:03 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/09/10 14:30:18 | 000,081,920 | R--- | C] () -- C:\Windows\bwUnin-6.1.4.68-8876480L.exe
[2008/08/07 00:24:27 | 000,016,103 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\UserTile.png
[2008/03/22 10:24:46 | 000,007,808 | ---- | C] () -- C:\Users\Batmobiel\AppData\Local\d3d9caps.dat
[2008/03/22 00:53:07 | 000,008,192 | -HS- | C] () -- C:\Windows\o2cLicStore.bin
[2007/11/26 22:26:08 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2007/10/19 23:00:09 | 000,000,392 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/16 22:12:21 | 000,069,577 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\nvModes.001
[2007/10/16 22:12:20 | 000,069,577 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\nvModes.dat
[2007/10/16 09:53:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/10/16 00:35:11 | 000,248,320 | ---- | C] () -- C:\Users\Batmobiel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/26 19:53:37 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/09/26 12:07:41 | 000,006,656 | ---- | C] () -- C:\Windows\System32\stacutil.dll
[2007/09/26 11:59:13 | 000,001,660 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/11/29 10:44:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 21:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 18:11:51 | 000,722,486 | ---- | C] () -- C:\Windows\System32\perfh013.dat
[2006/11/02 18:11:51 | 000,336,440 | ---- | C] () -- C:\Windows\System32\perfi013.dat
[2006/11/02 18:11:51 | 000,148,962 | ---- | C] () -- C:\Windows\System32\perfc013.dat
[2006/11/02 18:11:51 | 000,041,976 | ---- | C] () -- C:\Windows\System32\perfd013.dat
[2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:47:37 | 003,991,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:33:01 | 000,641,850 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,122,778 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/01/01 21:05:00 | 000,126,976 | ---- | C] () -- C:\Windows\System32\mbUtil.dll
[2005/01/01 21:05:00 | 000,000,662 | ---- | C] () -- C:\Windows\Contact.INI
[2003/04/07 13:10:22 | 000,005,443 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

========== LOP Check ==========

[2008/02/18 12:33:19 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Alias
[2007/10/21 23:02:28 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Ansys
[2010/12/28 00:48:21 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Autodesk
[2011/10/09 00:01:58 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Azureus
[2010/06/14 18:43:00 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Facebook
[2011/04/17 20:57:39 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\HTC
[2011/04/16 22:39:58 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2007/10/24 23:51:34 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\iScreensaver
[2011/04/17 20:57:40 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Outlook
[2010/12/18 00:26:30 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Power MP3 Cutter
[2010/11/11 23:02:10 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/07/09 17:33:40 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\TomTom
[2010/02/20 23:54:52 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\VOWSoft
[2011/04/20 21:38:25 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\HTC
[2011/10/07 19:23:05 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/10/09 14:30:36 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/08 19:07:28 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{58BD6466-5970-429D-873B-F54947271CCC}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 17:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe


< MD5 for: EXPLORER.EXE >
[2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/27 01:31:04 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/27 01:31:04 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:\Windows\assembly\tmp\U /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 784 bytes -> C:\Windows\4253496989:1657370626.exe
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Viper Suisse:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Torrents:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Ski_Tag:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Ski Tag + Els:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Sabrina dag 4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Sabrina dag 3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Sabrina dag 2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Sabrina dag 1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Liberation:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Kodak januari:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\hydrofoilb.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\hydrofoil.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\harde 2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\V-shape:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Verslagen zwitserland:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\tracklists trancefm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\TomTom:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\StudioTools:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Solar Boat Reportage.mov:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\RVA:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\OldVersions:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\MP3voornovember:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Mijn ontvangen bestanden:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Kreativ Squareheads 1.0:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Inventor:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Inventor renders:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\hulls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\GTA Vice City User Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Boot - nietkdg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Bluetooth-uitwisselingsmap:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Azureus Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\waterklok parijs.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\usb ski:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Sollicitaties:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Scannen0002.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Scannen0001.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Sabrina 2-2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Sabrina 2-1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Italie en passen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\DSC03399.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Dirk en bergrennen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Bodensee rond:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\7230_144463934260_600109260_2679915_8107794_ngsm.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\7230_144463934260_600109260_2679915_8107794_n.jpg:Roxio EMC Stream
@Alternate Data Stream - 676 bytes -> C:\Windows\System32\drivers\xwepzlxq.sys:changelist
@Alternate Data Stream - 668 bytes -> C:\Windows\System32\drivers\nbnvxnsu.sys:changelist
@Alternate Data Stream - 660 bytes -> C:\Windows\System32\drivers\tairnakj.sys:changelist
@Alternate Data Stream - 660 bytes -> C:\Windows\System32\drivers\rtzlvfcj.sys:changelist
@Alternate Data Stream - 660 bytes -> C:\Windows\System32\drivers\ltpbqsas.sys:changelist
@Alternate Data Stream - 652 bytes -> C:\Windows\System32\drivers\byjcugox.sys:changelist
@Alternate Data Stream - 588 bytes -> C:\Windows\System32\drivers\lbjouqdk.sys:changelist
@Alternate Data Stream - 580 bytes -> C:\Windows\System32\drivers\uldcgfsu.sys:changelist
@Alternate Data Stream - 548 bytes -> C:\Windows\System32\drivers\qedrqkhp.sys:changelist
@Alternate Data Stream - 548 bytes -> C:\Windows\System32\drivers\lukzfbnp.sys:changelist
@Alternate Data Stream - 544 bytes -> C:\Windows\System32\drivers\rrkgjgko.sys:changelist
@Alternate Data Stream - 536 bytes -> C:\Windows\System32\drivers\mvpjfvcu.sys:changelist
@Alternate Data Stream - 532 bytes -> C:\Windows\System32\drivers\dlhnqwbd.sys:changelist
@Alternate Data Stream - 400 bytes -> C:\Windows\System32\drivers\cnqjqfnc.sys:changelist
@Alternate Data Stream - 392 bytes -> C:\Windows\System32\drivers\qvbdlqod.sys:changelist
@Alternate Data Stream - 392 bytes -> C:\Windows\System32\drivers\ahgeowjl.sys:changelist
@Alternate Data Stream - 284 bytes -> C:\Windows\System32\drivers\johrbaai.sys:changelist
@Alternate Data Stream - 276 bytes -> C:\Windows\System32\drivers\ppshbqfp.sys:changelist

< End of report >
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi still lots to kill I am afraid, there is a possible zero access infection which I will need to remove with a stronger tool

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - [2011/10/09 17:05:26 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\byjcugox.sys -- (byjcugox)
    DRV - [2011/10/09 17:03:57 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\lbjouqdk.sys -- (lbjouqdk)
    DRV - [2011/10/09 16:55:06 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tairnakj.sys -- (tairnakj)
    DRV - [2011/10/09 16:53:32 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\rrkgjgko.sys -- (rrkgjgko)
    DRV - [2011/10/09 15:56:30 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\xwepzlxq.sys -- (xwepzlxq)
    DRV - [2011/10/09 15:51:52 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mvpjfvcu.sys -- (mvpjfvcu)
    DRV - [2011/10/09 15:22:52 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ltpbqsas.sys -- (ltpbqsas)
    DRV - [2011/10/09 15:22:11 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\qedrqkhp.sys -- (qedrqkhp)
    DRV - [2011/10/09 14:57:09 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\uldcgfsu.sys -- (uldcgfsu)
    DRV - [2011/10/09 14:48:46 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\johrbaai.sys -- (johrbaai)
    DRV - [2011/10/09 14:48:07 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\rtzlvfcj.sys -- (rtzlvfcj)
    DRV - [2011/10/09 14:46:32 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\lukzfbnp.sys -- (lukzfbnp)
    DRV - [2011/10/09 14:44:10 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ppshbqfp.sys -- (ppshbqfp)
    DRV - [2011/10/09 14:43:35 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\cnqjqfnc.sys -- (cnqjqfnc)
    DRV - [2011/10/09 14:42:57 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\qvbdlqod.sys -- (qvbdlqod)
    DRV - [2011/10/09 14:38:58 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ahgeowjl.sys -- (ahgeowjl)
    O4 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000..\RunOnce: [*editproxymgr.exe] "C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\editproxymgr.exe" File not found
    O4 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000..\RunOnce: [*fileapimsg.exe] C:\Users\Batmobiel\fileapimsg.exe (©if systems)
    O4 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000..\RunOnce: [*uibootaction.exe] "C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uibootaction.exe" File not found
    O4 - Startup: C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mgrprovdns.exe ()
    F3 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000 WinNT: Load - (C:\Users\BATMOB~1\AppData\Local\Temp\csrss.exe) - File not found
    O20 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000 Winlogon: Shell - (C:\Users\Batmobiel\AppData\Roaming\dwm.exe) - File not found
    [2011/10/09 17:07:38 | 000,209,408 | ---- | M] (©if systems) -- C:\Users\Batmobiel\fileapimsg.exe
    [2011/10/09 17:07:38 | 000,209,408 | ---- | M] () -- C:\ProgramData\provcfgui.exe
    [2011/10/09 17:06:48 | 000,209,408 | ---- | M] () -- C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mgrprovdns.exe
    [2011/10/09 17:03:57 | 000,209,408 | ---- | M] () -- C:\Users\Batmobiel\AppData\Roaming\proxyqueuecat.exe
    [2011/10/09 16:53:32 | 000,209,408 | ---- | M] () -- C:\Users\Batmobiel\respackcsc.exe
    [2011/10/09 15:51:52 | 000,209,408 | ---- | M] () -- C:\ProgramData\uiresparse.exe
    [2011/10/09 15:22:11 | 000,209,408 | ---- | M] () -- C:\Users\Batmobiel\dnswinproxy.exe
    [2011/10/09 14:57:09 | 000,209,408 | ---- | M] () -- C:\Users\Batmobiel\AppData\Local\cabdiagaudio.exe
    [2011/10/09 14:46:32 | 000,209,408 | ---- | M] () -- C:\ProgramData\cscactionedit.exe
    [2011/10/09 14:44:10 | 000,209,408 | ---- | M] () -- C:\ProgramData\diagadvdev.exe
    [2011/10/07 18:22:31 | 000,000,000 | ---- | M] () -- C:\Windows\4253496989
    [2011/10/09 17:06:48 | 000,209,408 | ---- | C] () -- C:\ProgramData\provcfgui.exe
    [2011/10/09 17:05:26 | 000,209,408 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mgrprovdns.exe
    [2011/10/09 17:04:45 | 000,209,408 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apibasewin.exe
    [2011/10/09 17:03:19 | 000,209,408 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\proxyqueuecat.exe
    [2011/10/09 16:54:25 | 000,209,408 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\svcauditprov.exe
    [2011/10/09 16:49:37 | 000,209,408 | ---- | C] () -- C:\Users\Batmobiel\respackcsc.exe
    [2011/10/09 15:22:52 | 000,209,408 | ---- | C] () -- C:\ProgramData\uiresparse.exe
    [2011/10/09 15:22:11 | 000,209,408 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\certbootscan.exe
    [2011/10/09 15:13:30 | 000,209,408 | ---- | C] () -- C:\Users\Batmobiel\dnswinproxy.exe
    [2011/10/09 14:56:19 | 000,209,408 | ---- | C] () -- C:\Users\Batmobiel\AppData\Local\cabdiagaudio.exe
    [2011/10/09 14:47:27 | 000,209,408 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ntfsparsemsg.exe
    [2011/10/09 14:45:44 | 000,209,408 | ---- | C] () -- C:\ProgramData\cscactionedit.exe
    [2011/10/09 14:43:35 | 000,209,408 | ---- | C] () -- C:\ProgramData\diagadvdev.exe
    [2011/10/09 14:42:58 | 000,209,408 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wincenterproxy.exe
    [2011/10/09 14:29:57 | 000,209,408 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\bootauthui.exe
    [2011/05/26 23:54:26 | 000,000,168 | ---- | C] () -- C:\ProgramData\~34397944r
    [2011/05/26 23:54:25 | 000,000,144 | ---- | C] () -- C:\ProgramData\~34397944
    [2011/05/26 23:53:53 | 000,000,328 | ---- | C] () -- C:\ProgramData\34397944
    @Alternate Data Stream - 784 bytes -> C:\Windows\4253496989:1657370626.exe
    @Alternate Data Stream - 676 bytes -> C:\Windows\System32\drivers\xwepzlxq.sys:changelist
    @Alternate Data Stream - 668 bytes -> C:\Windows\System32\drivers\nbnvxnsu.sys:changelist
    @Alternate Data Stream - 660 bytes -> C:\Windows\System32\drivers\tairnakj.sys:changelist
    @Alternate Data Stream - 660 bytes -> C:\Windows\System32\drivers\rtzlvfcj.sys:changelist
    @Alternate Data Stream - 660 bytes -> C:\Windows\System32\drivers\ltpbqsas.sys:changelist
    @Alternate Data Stream - 652 bytes -> C:\Windows\System32\drivers\byjcugox.sys:changelist
    @Alternate Data Stream - 588 bytes -> C:\Windows\System32\drivers\lbjouqdk.sys:changelist
    @Alternate Data Stream - 580 bytes -> C:\Windows\System32\drivers\uldcgfsu.sys:changelist
    @Alternate Data Stream - 548 bytes -> C:\Windows\System32\drivers\qedrqkhp.sys:changelist
    @Alternate Data Stream - 548 bytes -> C:\Windows\System32\drivers\lukzfbnp.sys:changelist
    @Alternate Data Stream - 544 bytes -> C:\Windows\System32\drivers\rrkgjgko.sys:changelist
    @Alternate Data Stream - 536 bytes -> C:\Windows\System32\drivers\mvpjfvcu.sys:changelist
    @Alternate Data Stream - 532 bytes -> C:\Windows\System32\drivers\dlhnqwbd.sys:changelist
    @Alternate Data Stream - 400 bytes -> C:\Windows\System32\drivers\cnqjqfnc.sys:changelist
    @Alternate Data Stream - 392 bytes -> C:\Windows\System32\drivers\qvbdlqod.sys:changelist
    @Alternate Data Stream - 392 bytes -> C:\Windows\System32\drivers\ahgeowjl.sys:changelist
    @Alternate Data Stream - 284 bytes -> C:\Windows\System32\drivers\johrbaai.sys:changelist
    @Alternate Data Stream - 276 bytes -> C:\Windows\System32\drivers\ppshbqfp.sys:changelist

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#6
DEME

DEME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thanks, my computer appears to be running normally. Had a small problem with the internet connection at the start but a reboot fixed it (as told by Combofix). Here are the logs:

OTL logfile created on: 9/10/2011 20:04:07 - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Batmobiel\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

2,00 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 47,97% Memory free
4,22 Gb Paging File | 3,14 Gb Available in Paging File | 74,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,44 Gb Total Space | 3,14 Gb Free Space | 2,30% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 1,26 Gb Free Space | 12,60% Space Free | Partition Type: NTFS

Computer Name: PC_BATMOBIEL | User Name: Batmobiel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/09 17:02:58 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Batmobiel\Desktop\OTL.exe
PRC - [2011/09/29 09:28:21 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/18 20:43:00 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10u_Plugin.exe
PRC - [2011/01/07 22:09:32 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2009/11/13 13:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/11/13 13:31:12 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/03/12 18:36:24 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
PRC - [2009/01/26 16:31:16 | 002,144,088 | -HS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:12 | 005,365,592 | -HS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 09:33:35 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
PRC - [2008/01/19 09:33:04 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007/11/21 01:24:10 | 000,054,784 | ---- | M] (Macrovision) -- C:\Windows\System32\drivers\CDAC11BA.EXE
PRC - [2007/10/21 18:25:16 | 000,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2007/04/18 06:48:18 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/04/18 05:31:58 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/04/16 17:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/03/15 13:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/03/06 22:38:28 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/03/06 22:37:30 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2007/02/20 14:01:12 | 001,125,088 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/02/13 17:28:14 | 000,032,768 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
PRC - [2007/02/13 17:26:46 | 000,049,152 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
PRC - [2006/11/05 12:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 11:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/11/03 18:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 18:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/09/09 01:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2006/09/09 01:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2005/01/18 17:47:30 | 000,458,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\ISStart.exe
PRC - [2005/01/18 17:37:30 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/01/18 17:07:54 | 000,196,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\ManifestEngine.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/29 09:28:21 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/01/07 22:09:34 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011/01/07 22:09:32 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011/01/07 22:09:32 | 000,352,256 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011/01/07 22:09:32 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011/01/07 22:09:32 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011/01/07 22:09:32 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2008/06/19 18:35:36 | 000,333,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\sqlite3.dll
MOD - [2007/02/20 14:01:18 | 000,105,184 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2006/11/05 11:58:44 | 000,516,096 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006/11/05 11:28:18 | 004,587,520 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006/11/03 18:46:24 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006/11/03 18:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - [2011/09/22 19:53:45 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_b31de1e.dll -- (Akamai)
SRV - [2011/09/02 15:29:30 | 002,152,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/04 03:27:28 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/03/12 18:36:24 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/21 01:24:10 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\Windows\System32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2007/10/21 18:25:16 | 000,079,360 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/03/06 22:38:28 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/02/13 17:28:14 | 000,032,768 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe -- (Autodesk Data Management Job Dispatch)
SRV - [2007/02/13 17:26:46 | 000,049,152 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe -- (Autodesk EDM Server)


========== Driver Services (SafeList) ==========

DRV - [2011/05/25 02:00:36 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/05/25 02:00:36 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/06/23 10:23:44 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/06/16 15:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2007/11/21 01:24:11 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2007/09/26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Stuurprogramma voor Intel®
DRV - [2007/04/13 02:02:56 | 000,157,184 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/03/06 22:38:52 | 000,323,584 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/27 09:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 09:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 09:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/21 14:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 09:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Stuurprogramma voor Intel®
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/05 02:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/01/31 12:20:03 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/01/31 12:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.be...=be&ibd=2070926
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Van Dale Woordenboek"
FF - prefs.js..browser.startup.homepage: "https://www.facebook....com/login.php"
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 56646
FF - prefs.js..network.proxy.no_proxies_on: "*.telenet.be, *.pandora.be, 127.0.0.1"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Batmobiel\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/08 19:57:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/08 19:57:46 | 000,000,000 | ---D | M]

[2009/07/09 17:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Extensions
[2009/07/09 17:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/10/08 23:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Firefox\Profiles\qct6qbvs.default\extensions
[2010/08/06 10:43:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Firefox\Profiles\qct6qbvs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/08 23:55:29 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Firefox\Profiles\qct6qbvs.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/10/08 23:55:35 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Firefox\Profiles\qct6qbvs.default\extensions\[email protected]
[2011/10/08 19:57:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/21 23:12:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/09/29 09:28:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/21 23:11:18 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/03/29 11:56:22 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll
[2011/09/29 02:35:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 03:16:03 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2011/09/29 03:16:03 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2011/09/29 03:16:03 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml

O1 HOSTS File: ([2011/10/09 19:36:48 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\RunOnce: [*autoadmdns.exe] C:\ProgramData\autoadmdns.exe (©if systems)
O4 - Startup: C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O4 - Startup: C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spybot - Search & Destroy.lnk = C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...l/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.4 195.130.131.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DC71365-4E92-4D5F-AFFB-1E1A12183C2F}: DhcpNameServer = 195.130.130.4 195.130.131.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O32 - Unable to open key or key not present!
O32 - AutoRun File - [2010/12/27 23:06:50 | 000,000,000 | ---D | M] - C:\autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/09 19:36:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/09 17:40:46 | 000,209,408 | ---- | C] (©if systems) -- C:\ProgramData\autoadmdns.exe
[2011/10/09 17:02:53 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Batmobiel\Desktop\OTL.exe
[2011/10/09 14:36:19 | 000,000,000 | ---D | C] -- C:\Users\Batmobiel\Desktop\Roguekiller
[2011/10/09 08:40:53 | 000,000,000 | ---D | C] -- C:\Users\Batmobiel\Desktop\RK_Quarantine
[2011/10/08 23:49:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2011/09/14 22:46:13 | 000,000,000 | ---D | C] -- C:\Users\Batmobiel\Desktop\Werk
[2011/09/13 23:00:58 | 000,000,000 | ---D | C] -- C:\Users\Batmobiel\Desktop\Waterski
[2005/01/01 21:05:00 | 000,456,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\DAO3032.DLL
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/09 20:02:32 | 000,032,251 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/10/09 20:02:00 | 000,000,440 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011/10/09 20:01:12 | 000,032,251 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/10/09 20:01:10 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/09 20:01:04 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/09 20:01:04 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/09 20:00:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/09 20:00:50 | 2143,510,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/09 19:48:38 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{58BD6466-5970-429D-873B-F54947271CCC}.job
[2011/10/09 19:40:59 | 000,000,970 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/10/09 19:36:48 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/10/09 19:23:01 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/09 17:40:46 | 000,209,408 | ---- | M] (©if systems) -- C:\ProgramData\autoadmdns.exe
[2011/10/09 17:02:58 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Batmobiel\Desktop\OTL.exe
[2011/10/09 14:30:38 | 000,001,660 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/10/09 08:39:07 | 000,337,457 | ---- | M] () -- C:\Users\Batmobiel\Desktop\PC infected with Win32_Fakeyak - Geeks to Go Forums.pdf
[2011/10/08 19:57:54 | 000,000,872 | ---- | M] () -- C:\Users\Batmobiel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/08 19:57:54 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/07 19:23:05 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/10/03 21:25:57 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/10/03 21:25:57 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/09/25 23:31:10 | 000,722,486 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2011/09/25 23:31:10 | 000,641,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/25 23:31:10 | 000,148,962 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2011/09/25 23:31:10 | 000,122,778 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/24 10:10:20 | 000,007,808 | ---- | M] () -- C:\Users\Batmobiel\AppData\Local\d3d9caps.dat
[2011/09/18 11:40:17 | 001,184,791 | ---- | M] () -- C:\Users\Batmobiel\Desktop\wolfsven_2010.pdf
[2011/09/17 12:20:12 | 000,000,940 | ---- | M] () -- C:\Users\Batmobiel\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook starten.lnk
[2011/09/14 22:12:47 | 002,270,973 | ---- | M] () -- C:\Users\Batmobiel\Documents\vlarem_ii_versie_20111404.pdf
[2011/09/13 23:05:05 | 000,000,743 | ---- | M] () -- C:\Users\Batmobiel\Application Data\Microsoft\Internet Explorer\Quick Launch\FSCapture - Snelkoppeling (2).lnk
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/09 08:39:22 | 000,337,457 | ---- | C] () -- C:\Users\Batmobiel\Desktop\PC infected with Win32_Fakeyak - Geeks to Go Forums.pdf
[2011/10/09 08:14:58 | 000,032,251 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/10/09 08:14:41 | 000,032,251 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/10/08 19:57:54 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/08 19:57:54 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/06 02:42:41 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/09/18 11:40:17 | 001,184,791 | ---- | C] () -- C:\Users\Batmobiel\Desktop\wolfsven_2010.pdf
[2011/09/14 22:12:47 | 002,270,973 | ---- | C] () -- C:\Users\Batmobiel\Documents\vlarem_ii_versie_20111404.pdf
[2011/09/13 23:04:59 | 000,000,743 | ---- | C] () -- C:\Users\Batmobiel\Application Data\Microsoft\Internet Explorer\Quick Launch\FSCapture - Snelkoppeling (2).lnk
[2011/08/13 09:31:09 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/05/30 19:24:12 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/30 19:24:12 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/05/27 21:00:07 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/12/26 15:25:30 | 000,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
[2009/11/26 04:01:34 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/26 04:01:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/09/22 18:34:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/09/10 23:57:03 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/09/10 14:30:18 | 000,081,920 | R--- | C] () -- C:\Windows\bwUnin-6.1.4.68-8876480L.exe
[2008/08/07 00:24:27 | 000,016,103 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\UserTile.png
[2008/03/22 10:24:46 | 000,007,808 | ---- | C] () -- C:\Users\Batmobiel\AppData\Local\d3d9caps.dat
[2008/03/22 00:53:07 | 000,008,192 | -HS- | C] () -- C:\Windows\o2cLicStore.bin
[2007/11/26 22:26:08 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2007/10/19 23:00:09 | 000,000,392 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/16 22:12:21 | 000,069,577 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\nvModes.001
[2007/10/16 22:12:20 | 000,069,577 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\nvModes.dat
[2007/10/16 09:53:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/10/16 00:35:11 | 000,248,320 | ---- | C] () -- C:\Users\Batmobiel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/26 19:53:37 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/09/26 12:07:41 | 000,006,656 | ---- | C] () -- C:\Windows\System32\stacutil.dll
[2007/09/26 11:59:13 | 000,001,660 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/11/29 10:44:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 21:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 18:11:51 | 000,722,486 | ---- | C] () -- C:\Windows\System32\perfh013.dat
[2006/11/02 18:11:51 | 000,336,440 | ---- | C] () -- C:\Windows\System32\perfi013.dat
[2006/11/02 18:11:51 | 000,148,962 | ---- | C] () -- C:\Windows\System32\perfc013.dat
[2006/11/02 18:11:51 | 000,041,976 | ---- | C] () -- C:\Windows\System32\perfd013.dat
[2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:47:37 | 003,991,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:33:01 | 000,641,850 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,122,778 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/01/01 21:05:00 | 000,126,976 | ---- | C] () -- C:\Windows\System32\mbUtil.dll
[2005/01/01 21:05:00 | 000,000,662 | ---- | C] () -- C:\Windows\Contact.INI
[2003/04/07 13:10:22 | 000,005,443 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

========== LOP Check ==========

[2008/02/18 12:33:19 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Alias
[2007/10/21 23:02:28 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Ansys
[2010/12/28 00:48:21 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Autodesk
[2011/10/09 00:01:58 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Azureus
[2010/06/14 18:43:00 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Facebook
[2011/04/17 20:57:39 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\HTC
[2011/04/16 22:39:58 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2007/10/24 23:51:34 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\iScreensaver
[2011/04/17 20:57:40 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Outlook
[2010/12/18 00:26:30 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Power MP3 Cutter
[2010/11/11 23:02:10 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/07/09 17:33:40 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\TomTom
[2010/02/20 23:54:52 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\VOWSoft
[2011/10/07 19:23:05 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/10/09 14:30:36 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/09 19:48:38 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{58BD6466-5970-429D-873B-F54947271CCC}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Viper Suisse:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Torrents:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Ski_Tag:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Ski Tag + Els:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Sabrina dag 4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Sabrina dag 3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Sabrina dag 2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Sabrina dag 1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Liberation:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Kodak januari:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\hydrofoilb.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\hydrofoil.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\harde 2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\V-shape:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Verslagen zwitserland:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\tracklists trancefm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\TomTom:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\StudioTools:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Solar Boat Reportage.mov:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\RVA:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\OldVersions:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\MP3voornovember:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Mijn ontvangen bestanden:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Kreativ Squareheads 1.0:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Inventor:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Inventor renders:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\hulls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\GTA Vice City User Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Boot - nietkdg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Bluetooth-uitwisselingsmap:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Azureus Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\waterklok parijs.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\usb ski:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Sollicitaties:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Scannen0002.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Scannen0001.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Sabrina 2-2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Sabrina 2-1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Italie en passen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\DSC03399.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Dirk en bergrennen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Bodensee rond:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\7230_144463934260_600109260_2679915_8107794_ngsm.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\7230_144463934260_600109260_2679915_8107794_n.jpg:Roxio EMC Stream

< End of report >


----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ComboFix 11-10-09.01 - Batmobiel 09/10/2011 20:31:37.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.32.1043.18.2045.927 [GMT 2:00]
Gestart vanuit: c:\users\Batmobiel\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\$recycle$
c:\$recycle$\B8DEA5BB0E0.exe
c:\programdata\sysReserve.ini
C:\sy5tw21.bin
C:\syte821.bin
c:\syte821.bin\B3E7876E059C093
c:\windows\$NtUninstallKB58676$
c:\windows\$NtUninstallKB58676$\1025785193
c:\windows\$NtUninstallKB58676$\2637596669\@
c:\windows\$NtUninstallKB58676$\2637596669\bckfg.tmp
c:\windows\$NtUninstallKB58676$\2637596669\cfg.ini
c:\windows\$NtUninstallKB58676$\2637596669\Desktop.ini
c:\windows\$NtUninstallKB58676$\2637596669\kwrd.dll
c:\windows\$NtUninstallKB58676$\2637596669\L\qnbwvoto
c:\windows\$NtUninstallKB58676$\2637596669\U\[email protected]
c:\windows\$NtUninstallKB58676$\2637596669\U\[email protected]
c:\windows\$NtUninstallKB58676$\2637596669\U\[email protected]
c:\windows\$NtUninstallKB58676$\2637596669\U\[email protected]
c:\windows\bwUnin-6.1.4.68-8876480L.exe
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\IsUn0413.exe
c:\windows\system32\comct332.ocx
.
c:\windows\system32\drivers\cdrom.sys was verdwenen
Hersteld exemplaar van - c:\windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_9d3687fd
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-09-09 to 2011-10-09 ))))))))))))))))))))))))))))))
.
.
2011-10-09 18:52 . 2011-10-09 18:52 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC4A5BDA-DE40-499E-8297-A0A6B7E40BAA}\offreg.dll
2011-10-09 17:36 . 2011-10-09 17:36 -------- d-----w- C:\_OTL
2011-10-08 17:57 . 2011-09-29 07:28 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-10-08 17:57 . 2011-09-29 07:28 773080 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-10-08 17:57 . 2011-09-29 07:28 1833944 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-10-08 17:57 . 2011-09-29 07:28 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-10-08 17:57 . 2011-09-29 07:28 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-10-08 17:57 . 2011-09-29 07:28 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-10-08 17:57 . 2011-09-29 00:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-10-08 17:57 . 2011-09-29 00:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-10-07 18:28 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC4A5BDA-DE40-499E-8297-A0A6B7E40BAA}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-09 18:20 . 2011-10-09 18:20 209408 ----a-w- c:\users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hostaclaudit.exe
2011-07-18 18:43 . 2011-07-18 18:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2005-01-01 19:05 . 2005-01-01 19:05 456976 ----a-w- c:\program files\Common Files\DAO3032.DLL
2011-09-29 07:28 . 2011-10-08 17:57 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-28 18:03 . 2008-09-24 19:10 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-04-15 10:33 2515552 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-04-18 159744]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-28 30192]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-20 213936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SigmatelSysTrayApp"="sttray.exe" [2007-03-06 303104]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-07 585728]
.
c:\users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mozilla Firefox.lnk - c:\program files\Mozilla Firefox\firefox.exe [2007-10-16 924632]
Spybot - Search & Destroy.lnk - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-1-19 5365592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-9-26 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R1 acyhgdzr;acyhgdzr;c:\windows\system32\drivers\acyhgdzr.sys [x]
R1 aeyrzqpe;aeyrzqpe;c:\windows\system32\drivers\aeyrzqpe.sys [x]
R1 arbnqyyk;arbnqyyk;c:\windows\system32\drivers\arbnqyyk.sys [x]
R1 aynfxaug;aynfxaug;c:\windows\system32\drivers\aynfxaug.sys [x]
R1 beawmqdf;beawmqdf;c:\windows\system32\drivers\beawmqdf.sys [x]
R1 bhzvzemn;bhzvzemn;c:\windows\system32\drivers\bhzvzemn.sys [x]
R1 bjkmcaoq;bjkmcaoq;c:\windows\system32\drivers\bjkmcaoq.sys [x]
R1 buerknqf;buerknqf;c:\windows\system32\drivers\buerknqf.sys [x]
R1 bzzbvkqn;bzzbvkqn;c:\windows\system32\drivers\bzzbvkqn.sys [x]
R1 ckzucvbv;ckzucvbv;c:\windows\system32\drivers\ckzucvbv.sys [x]
R1 clypxioj;clypxioj;c:\windows\system32\drivers\clypxioj.sys [x]
R1 ctgdiqhj;ctgdiqhj;c:\windows\system32\drivers\ctgdiqhj.sys [x]
R1 cybyfxvg;cybyfxvg;c:\windows\system32\drivers\cybyfxvg.sys [x]
R1 dlhnqwbd;dlhnqwbd;c:\windows\system32\drivers\dlhnqwbd.sys [x]
R1 dnlrabxp;dnlrabxp;c:\windows\system32\drivers\dnlrabxp.sys [x]
R1 dnmtgwuy;dnmtgwuy;c:\windows\system32\drivers\dnmtgwuy.sys [x]
R1 dnqodjyt;dnqodjyt;c:\windows\system32\drivers\dnqodjyt.sys [x]
R1 ebolgrrd;ebolgrrd;c:\windows\system32\drivers\ebolgrrd.sys [x]
R1 egvzgryl;egvzgryl;c:\windows\system32\drivers\egvzgryl.sys [x]
R1 eiqlcvxc;eiqlcvxc;c:\windows\system32\drivers\eiqlcvxc.sys [x]
R1 ejnfzbry;ejnfzbry;c:\windows\system32\drivers\ejnfzbry.sys [x]
R1 eowzpclo;eowzpclo;c:\windows\system32\drivers\eowzpclo.sys [x]
R1 eqxjauag;eqxjauag;c:\windows\system32\drivers\eqxjauag.sys [x]
R1 errxwwlk;errxwwlk;c:\windows\system32\drivers\errxwwlk.sys [x]
R1 faxwoaua;faxwoaua;c:\windows\system32\drivers\faxwoaua.sys [x]
R1 fekkezfi;fekkezfi;c:\windows\system32\drivers\fekkezfi.sys [x]
R1 gdimdynh;gdimdynh;c:\windows\system32\drivers\gdimdynh.sys [x]
R1 gdzyexfi;gdzyexfi;c:\windows\system32\drivers\gdzyexfi.sys [x]
R1 gmptnqqq;gmptnqqq;c:\windows\system32\drivers\gmptnqqq.sys [x]
R1 gnzoiwud;gnzoiwud;c:\windows\system32\drivers\gnzoiwud.sys [x]
R1 gunhcbel;gunhcbel;c:\windows\system32\drivers\gunhcbel.sys [x]
R1 gyrauhqb;gyrauhqb;c:\windows\system32\drivers\gyrauhqb.sys [x]
R1 heyjuozl;heyjuozl;c:\windows\system32\drivers\heyjuozl.sys [x]
R1 hiqqgoqw;hiqqgoqw;c:\windows\system32\drivers\hiqqgoqw.sys [x]
R1 htmofnmi;htmofnmi;c:\windows\system32\drivers\htmofnmi.sys [x]
R1 htrnsddf;htrnsddf;c:\windows\system32\drivers\htrnsddf.sys [x]
R1 hvpilqng;hvpilqng;c:\windows\system32\drivers\hvpilqng.sys [x]
R1 ieveupwr;ieveupwr;c:\windows\system32\drivers\ieveupwr.sys [x]
R1 indgzcbj;indgzcbj;c:\windows\system32\drivers\indgzcbj.sys [x]
R1 ivpnsofq;ivpnsofq;c:\windows\system32\drivers\ivpnsofq.sys [x]
R1 jilzdbru;jilzdbru;c:\windows\system32\drivers\jilzdbru.sys [x]
R1 jivtexqz;jivtexqz;c:\windows\system32\drivers\jivtexqz.sys [x]
R1 jjaagjuk;jjaagjuk;c:\windows\system32\drivers\jjaagjuk.sys [x]
R1 jmnririd;jmnririd;c:\windows\system32\drivers\jmnririd.sys [x]
R1 joabcvvm;joabcvvm;c:\windows\system32\drivers\joabcvvm.sys [x]
R1 jqcidtjw;jqcidtjw;c:\windows\system32\drivers\jqcidtjw.sys [x]
R1 jubglpct;jubglpct;c:\windows\system32\drivers\jubglpct.sys [x]
R1 jxfiiqye;jxfiiqye;c:\windows\system32\drivers\jxfiiqye.sys [x]
R1 jxyyvact;jxyyvact;c:\windows\system32\drivers\jxyyvact.sys [x]
R1 kbnbkheb;kbnbkheb;c:\windows\system32\drivers\kbnbkheb.sys [x]
R1 kbppxrrg;kbppxrrg;c:\windows\system32\drivers\kbppxrrg.sys [x]
R1 kjbkpoyz;kjbkpoyz;c:\windows\system32\drivers\kjbkpoyz.sys [x]
R1 kwogkchx;kwogkchx;c:\windows\system32\drivers\kwogkchx.sys [x]
R1 lbfghepe;lbfghepe;c:\windows\system32\drivers\lbfghepe.sys [x]
R1 lfahbwql;lfahbwql;c:\windows\system32\drivers\lfahbwql.sys [x]
R1 lfwjtynb;lfwjtynb;c:\windows\system32\drivers\lfwjtynb.sys [x]
R1 liaqwger;liaqwger;c:\windows\system32\drivers\liaqwger.sys [x]
R1 ltiexlqz;ltiexlqz;c:\windows\system32\drivers\ltiexlqz.sys [x]
R1 lvatelbw;lvatelbw;c:\windows\system32\drivers\lvatelbw.sys [x]
R1 lxwepnwv;lxwepnwv;c:\windows\system32\drivers\lxwepnwv.sys [x]
R1 moauyqik;moauyqik;c:\windows\system32\drivers\moauyqik.sys [x]
R1 mrsamdly;mrsamdly;c:\windows\system32\drivers\mrsamdly.sys [x]
R1 mtqljnro;mtqljnro;c:\windows\system32\drivers\mtqljnro.sys [x]
R1 muxtwnuc;muxtwnuc;c:\windows\system32\drivers\muxtwnuc.sys [x]
R1 nbnvxnsu;nbnvxnsu;c:\windows\system32\drivers\nbnvxnsu.sys [x]
R1 nsbvxuhg;nsbvxuhg;c:\windows\system32\drivers\nsbvxuhg.sys [x]
R1 obmkocvy;obmkocvy;c:\windows\system32\drivers\obmkocvy.sys [x]
R1 okijqpkh;okijqpkh;c:\windows\system32\drivers\okijqpkh.sys [x]
R1 omanaiar;omanaiar;c:\windows\system32\drivers\omanaiar.sys [x]
R1 orfavfsp;orfavfsp;c:\windows\system32\drivers\orfavfsp.sys [x]
R1 pilqaevr;pilqaevr;c:\windows\system32\drivers\pilqaevr.sys [x]
R1 ploewios;ploewios;c:\windows\system32\drivers\ploewios.sys [x]
R1 pmqnhtyo;pmqnhtyo;c:\windows\system32\drivers\pmqnhtyo.sys [x]
R1 pnsjopnt;pnsjopnt;c:\windows\system32\drivers\pnsjopnt.sys [x]
R1 poxxxipo;poxxxipo;c:\windows\system32\drivers\poxxxipo.sys [x]
R1 ppniqvia;ppniqvia;c:\windows\system32\drivers\ppniqvia.sys [x]
R1 qmeqeraj;qmeqeraj;c:\windows\system32\drivers\qmeqeraj.sys [x]
R1 qocmwalu;qocmwalu;c:\windows\system32\drivers\qocmwalu.sys [x]
R1 qsdksqbk;qsdksqbk;c:\windows\system32\drivers\qsdksqbk.sys [x]
R1 rkzzazjk;rkzzazjk;c:\windows\system32\drivers\rkzzazjk.sys [x]
R1 rncqngws;rncqngws;c:\windows\system32\drivers\rncqngws.sys [x]
R1 rqkprqei;rqkprqei;c:\windows\system32\drivers\rqkprqei.sys [x]
R1 rvlcltil;rvlcltil;c:\windows\system32\drivers\rvlcltil.sys [x]
R1 sgmqlwac;sgmqlwac;c:\windows\system32\drivers\sgmqlwac.sys [x]
R1 slfpdgka;slfpdgka;c:\windows\system32\drivers\slfpdgka.sys [x]
R1 sqijyaue;sqijyaue;c:\windows\system32\drivers\sqijyaue.sys [x]
R1 srsdgegm;srsdgegm;c:\windows\system32\drivers\srsdgegm.sys [x]
R1 tchantzu;tchantzu;c:\windows\system32\drivers\tchantzu.sys [x]
R1 temynwwl;temynwwl;c:\windows\system32\drivers\temynwwl.sys [x]
R1 thtsaipj;thtsaipj;c:\windows\system32\drivers\thtsaipj.sys [x]
R1 tpplbiju;tpplbiju;c:\windows\system32\drivers\tpplbiju.sys [x]
R1 uqpbzwdl;uqpbzwdl;c:\windows\system32\drivers\uqpbzwdl.sys [x]
R1 utdlepuh;utdlepuh;c:\windows\system32\drivers\utdlepuh.sys [x]
R1 uzwgmhjc;uzwgmhjc;c:\windows\system32\drivers\uzwgmhjc.sys [x]
R1 vfwexkvp;vfwexkvp;c:\windows\system32\drivers\vfwexkvp.sys [x]
R1 vhylezxq;vhylezxq;c:\windows\system32\drivers\vhylezxq.sys [x]
R1 vlbvkgud;vlbvkgud;c:\windows\system32\drivers\vlbvkgud.sys [x]
R1 vmsupaqb;vmsupaqb;c:\windows\system32\drivers\vmsupaqb.sys [x]
R1 vpsjmasb;vpsjmasb;c:\windows\system32\drivers\vpsjmasb.sys [x]
R1 vrpgthve;vrpgthve;c:\windows\system32\drivers\vrpgthve.sys [x]
R1 wvjbecqx;wvjbecqx;c:\windows\system32\drivers\wvjbecqx.sys [x]
R1 wzhxqejy;wzhxqejy;c:\windows\system32\drivers\wzhxqejy.sys [x]
R1 xurllzee;xurllzee;c:\windows\system32\drivers\xurllzee.sys [x]
R1 yevjgwqq;yevjgwqq;c:\windows\system32\drivers\yevjgwqq.sys [x]
R2 gupdate1ca03336c81a5f0;Google Updateservice (gupdate1ca03336c81a5f0);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 133104]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-28 30192]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 133104]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-09 24576]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-05-25 15232]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-05-25 64512]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Akamai REG_MULTI_SZ Akamai
.
Inhoud van de 'Gedeelde Taken' map
.
2011-10-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-05-25 07:40]
.
2011-10-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-12 21:40]
.
2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 20:57]
.
2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 20:57]
.
2011-10-09 c:\windows\Tasks\User_Feed_Synchronization-{58BD6466-5970-429D-873B-F54947271CCC}.job
- c:\windows\system32\msfeedssync.exe [2011-06-16 04:32]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
TCP: DhcpNameServer = 195.130.130.4 195.130.131.4
FF - ProfilePath - c:\users\Batmobiel\AppData\Roaming\Mozilla\Firefox\Profiles\qct6qbvs.default\
FF - prefs.js: browser.search.selectedEngine - Van Dale Woordenboek
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/login.php
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 56646
FF - prefs.js: network.proxy.type - 4
.
.
------- Bestandsassociaties -------
.
.scr=DWGTrueViewScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-09 20:58
Windows 6.0.6001 Service Pack 1 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(4408)
c:\windows\system32\btncopy.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
c:\program files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\sttray.exe
c:\windows\System32\rundll32.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
.
**************************************************************************
.
Voltooingstijd: 2011-10-09 21:10:45 - machine werd herstart
ComboFix-quarantined-files.txt 2011-10-09 19:10
.
Pre-Run: 2.438.455.296 bytes beschikbaar
Post-Run: 2.439.532.544 bytes beschikbaar
.
- - End Of File - - CF56ED4D05879BD5E6D72FEAC9CBAF3B

--------------------------------------------------------------------------------------------------------------------------------------------------

Couldn't help my autorun programs to start up while Combofix was writing its log, but it appears not to have infected its function. Although I get messages again from Spybot S&D about the deleted register entries. Example:

Category: System startup global entry
Edit: Deleted Value
Entry: Windows Defender
Old data: %Program Files%\Windows Defender\MSASCui.exe
New data: (none)

Is it ok to accept these? I suppose it is but I haven't so far ...

Thanks already!
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
A reboot will cure that - but we still have a ways to go

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\drivers\acyhgdzr.sys
c:\windows\system32\drivers\aeyrzqpe.sys
c:\windows\system32\drivers\arbnqyyk.sys
c:\windows\system32\drivers\aynfxaug.sys
c:\windows\system32\drivers\beawmqdf.sys
c:\windows\system32\drivers\bhzvzemn.sys
c:\windows\system32\drivers\bjkmcaoq.sys
c:\windows\system32\drivers\buerknqf.sys
c:\windows\system32\drivers\bzzbvkqn.sys
c:\windows\system32\drivers\ckzucvbv.sys
c:\windows\system32\drivers\clypxioj.sys
c:\windows\system32\drivers\ctgdiqhj.sys
c:\windows\system32\drivers\cybyfxvg.sys
c:\windows\system32\drivers\dlhnqwbd.sys
c:\windows\system32\drivers\dnlrabxp.sys
c:\windows\system32\drivers\dnmtgwuy.sys
c:\windows\system32\drivers\dnqodjyt.sys
c:\windows\system32\drivers\ebolgrrd.sys
c:\windows\system32\drivers\egvzgryl.sys
c:\windows\system32\drivers\eiqlcvxc.sys
c:\windows\system32\drivers\ejnfzbry.sys
c:\windows\system32\drivers\eowzpclo.sys
c:\windows\system32\drivers\eqxjauag.sys
c:\windows\system32\drivers\errxwwlk.sys
c:\windows\system32\drivers\faxwoaua.sys
c:\windows\system32\drivers\fekkezfi.sys
c:\windows\system32\drivers\gdimdynh.sys
c:\windows\system32\drivers\gmptnqqq.sys
c:\windows\system32\drivers\gnzoiwud.sys
c:\windows\system32\drivers\gunhcbel.sys
c:\windows\system32\drivers\gnzoiwud.sys
c:\windows\system32\drivers\gunhcbel.sys
c:\windows\system32\drivers\gyrauhqb.sys
c:\windows\system32\drivers\heyjuozl.sys
c:\windows\system32\drivers\hiqqgoqw.sys
c:\windows\system32\drivers\htmofnmi.sys
c:\windows\system32\drivers\htrnsddf.sys
c:\windows\system32\drivers\hvpilqng.sys
c:\windows\system32\drivers\ieveupwr.sys
c:\windows\system32\drivers\indgzcbj.sys
c:\windows\system32\drivers\ivpnsofq.sys
c:\windows\system32\drivers\jilzdbru.sys
c:\windows\system32\drivers\jivtexqz.sys
c:\windows\system32\drivers\jjaagjuk.sys
c:\windows\system32\drivers\jmnririd.sys
c:\windows\system32\drivers\joabcvvm.sys
c:\windows\system32\drivers\jqcidtjw.sys
c:\windows\system32\drivers\jubglpct.sys
c:\windows\system32\drivers\jxfiiqye.sys
c:\windows\system32\drivers\jxyyvact.sys
c:\windows\system32\drivers\kbnbkheb.sys
c:\windows\system32\drivers\kbppxrrg.sys
c:\windows\system32\drivers\kjbkpoyz.sys
c:\windows\system32\drivers\kwogkchx.sys
c:\windows\system32\drivers\lbfghepe.sys
c:\windows\system32\drivers\lfahbwql.sys
c:\windows\system32\drivers\lfwjtynb.sys
c:\windows\system32\drivers\liaqwger.sys
c:\windows\system32\drivers\ltiexlqz.sys
c:\windows\system32\drivers\lvatelbw.sys
c:\windows\system32\drivers\lxwepnwv.sys
c:\windows\system32\drivers\moauyqik.sys
c:\windows\system32\drivers\mrsamdly.sys
c:\windows\system32\drivers\mtqljnro.sys
c:\windows\system32\drivers\muxtwnuc.sys
c:\windows\system32\drivers\nbnvxnsu.sys
c:\windows\system32\drivers\nsbvxuhg.sys
c:\windows\system32\drivers\obmkocvy.sys
c:\windows\system32\drivers\okijqpkh.sys
c:\windows\system32\drivers\omanaiar.sys
c:\windows\system32\drivers\orfavfsp.sys
c:\windows\system32\drivers\pilqaevr.sys
c:\windows\system32\drivers\ploewios.sys
c:\windows\system32\drivers\pmqnhtyo.sys
c:\windows\system32\drivers\pnsjopnt.sys
c:\windows\system32\drivers\poxxxipo.sys
c:\windows\system32\drivers\ppniqvia.sys
c:\windows\system32\drivers\qmeqeraj.sys
c:\windows\system32\drivers\qocmwalu.sys
c:\windows\system32\drivers\qsdksqbk.sys
c:\windows\system32\drivers\rkzzazjk.sys
c:\windows\system32\drivers\rncqngws.sys
c:\windows\system32\drivers\rqkprqei.sys
c:\windows\system32\drivers\rvlcltil.sys
c:\windows\system32\drivers\sgmqlwac.sys
c:\windows\system32\drivers\slfpdgka.sys
c:\windows\system32\drivers\sqijyaue.sys
c:\windows\system32\drivers\srsdgegm.sys
c:\windows\system32\drivers\tchantzu.sys
c:\windows\system32\drivers\temynwwl.sys
c:\windows\system32\drivers\thtsaipj.sys
c:\windows\system32\drivers\tpplbiju.sys
c:\windows\system32\drivers\uqpbzwdl.sys
c:\windows\system32\drivers\utdlepuh.sys
c:\windows\system32\drivers\uzwgmhjc.sys
c:\windows\system32\drivers\vfwexkvp.sys
c:\windows\system32\drivers\vhylezxq.sys
c:\windows\system32\drivers\vlbvkgud.sys
c:\windows\system32\drivers\vmsupaqb.sys
c:\windows\system32\drivers\vpsjmasb.sys
c:\windows\system32\drivers\wvjbecqx.sys
c:\windows\system32\drivers\wzhxqejy.sys
c:\windows\system32\drivers\xurllzee.sys
c:\windows\system32\drivers\yevjgwqq.sys

Driver::
acyhgdzr
aeyrzqpe
arbnqyyk
aynfxaug
beawmqdf
bhzvzemn
bjkmcaoq
buerknqf
bzzbvkqn
ckzucvbv
clypxioj
ctgdiqhj
cybyfxvg
dlhnqwbd
dnlrabxp
dnmtgwuy
dnqodjyt
ebolgrrd
egvzgryl
eiqlcvxc
ejnfzbry
eowzpclo
eqxjauag
errxwwlk
faxwoaua
fekkezfi
gdimdynh
gdzyexfi
gmptnqqq
gnzoiwud
gunhcbel
gyrauhqb
heyjuozl
hiqqgoqw
htmofnmi
htrnsddf
hvpilqng
ieveupwr
indgzcbj
ivpnsofq
jilzdbru
jivtexqz
jjaagjuk
jmnririd
joabcvvm
jqcidtjw
jubglpct
jxfiiqye
jxyyvact
kbnbkheb
kbppxrrg
kjbkpoyz
kwogkchx
lbfghepe
lfahbwql
lfwjtynb
liaqwger
ltiexlqz
lvatelbw
lxwepnwv
moauyqik
mrsamdly
mtqljnro
muxtwnuc
nbnvxnsu
nsbvxuhg
obmkocvy
okijqpkh
omanaiar
orfavfsp
pilqaevr
ploewios
pmqnhtyo
pnsjopnt
poxxxipo
ppniqvia
qmeqeraj
qocmwalu
qsdksqbk
rkzzazjk
rncqngws
rqkprqei
rvlcltil
sgmqlwac
slfpdgka
sqijyaue
srsdgegm
tchantzu
temynwwl
thtsaipj
tpplbiju
uqpbzwdl
utdlepuh
uzwgmhjc
vfwexkvp
vhylezxq
vlbvkgud
vmsupaqb
vpsjmasb
vrpgthve
wvjbecqx
wzhxqejy
xurllzee
yevjgwqq

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#8
DEME

DEME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Computer still running normal, no more info about changed register entries or anything else whatsoever but all antivirus protection is off, so I don't know what's going on exactly :)

Here is the log you asked for:

ComboFix 11-10-09.01 - Batmobiel 10/10/2011 1:35.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.32.1043.18.2045.1275 [GMT 2:00]
Gestart vanuit: c:\users\Batmobiel\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Batmobiel\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
FILE ::
"c:\windows\system32\drivers\acyhgdzr.sys"
"c:\windows\system32\drivers\aeyrzqpe.sys"
"c:\windows\system32\drivers\arbnqyyk.sys"
"c:\windows\system32\drivers\aynfxaug.sys"
"c:\windows\system32\drivers\beawmqdf.sys"
"c:\windows\system32\drivers\bhzvzemn.sys"
"c:\windows\system32\drivers\bjkmcaoq.sys"
"c:\windows\system32\drivers\buerknqf.sys"
"c:\windows\system32\drivers\bzzbvkqn.sys"
"c:\windows\system32\drivers\ckzucvbv.sys"
"c:\windows\system32\drivers\clypxioj.sys"
"c:\windows\system32\drivers\ctgdiqhj.sys"
"c:\windows\system32\drivers\cybyfxvg.sys"
"c:\windows\system32\drivers\dlhnqwbd.sys"
"c:\windows\system32\drivers\dnlrabxp.sys"
"c:\windows\system32\drivers\dnmtgwuy.sys"
"c:\windows\system32\drivers\dnqodjyt.sys"
"c:\windows\system32\drivers\ebolgrrd.sys"
"c:\windows\system32\drivers\egvzgryl.sys"
"c:\windows\system32\drivers\eiqlcvxc.sys"
"c:\windows\system32\drivers\ejnfzbry.sys"
"c:\windows\system32\drivers\eowzpclo.sys"
"c:\windows\system32\drivers\eqxjauag.sys"
"c:\windows\system32\drivers\errxwwlk.sys"
"c:\windows\system32\drivers\faxwoaua.sys"
"c:\windows\system32\drivers\fekkezfi.sys"
"c:\windows\system32\drivers\gdimdynh.sys"
"c:\windows\system32\drivers\gmptnqqq.sys"
"c:\windows\system32\drivers\gnzoiwud.sys"
"c:\windows\system32\drivers\gunhcbel.sys"
"c:\windows\system32\drivers\gyrauhqb.sys"
"c:\windows\system32\drivers\heyjuozl.sys"
"c:\windows\system32\drivers\hiqqgoqw.sys"
"c:\windows\system32\drivers\htmofnmi.sys"
"c:\windows\system32\drivers\htrnsddf.sys"
"c:\windows\system32\drivers\hvpilqng.sys"
"c:\windows\system32\drivers\ieveupwr.sys"
"c:\windows\system32\drivers\indgzcbj.sys"
"c:\windows\system32\drivers\ivpnsofq.sys"
"c:\windows\system32\drivers\jilzdbru.sys"
"c:\windows\system32\drivers\jivtexqz.sys"
"c:\windows\system32\drivers\jjaagjuk.sys"
"c:\windows\system32\drivers\jmnririd.sys"
"c:\windows\system32\drivers\joabcvvm.sys"
"c:\windows\system32\drivers\jqcidtjw.sys"
"c:\windows\system32\drivers\jubglpct.sys"
"c:\windows\system32\drivers\jxfiiqye.sys"
"c:\windows\system32\drivers\jxyyvact.sys"
"c:\windows\system32\drivers\kbnbkheb.sys"
"c:\windows\system32\drivers\kbppxrrg.sys"
"c:\windows\system32\drivers\kjbkpoyz.sys"
"c:\windows\system32\drivers\kwogkchx.sys"
"c:\windows\system32\drivers\lbfghepe.sys"
"c:\windows\system32\drivers\lfahbwql.sys"
"c:\windows\system32\drivers\lfwjtynb.sys"
"c:\windows\system32\drivers\liaqwger.sys"
"c:\windows\system32\drivers\ltiexlqz.sys"
"c:\windows\system32\drivers\lvatelbw.sys"
"c:\windows\system32\drivers\lxwepnwv.sys"
"c:\windows\system32\drivers\moauyqik.sys"
"c:\windows\system32\drivers\mrsamdly.sys"
"c:\windows\system32\drivers\mtqljnro.sys"
"c:\windows\system32\drivers\muxtwnuc.sys"
"c:\windows\system32\drivers\nbnvxnsu.sys"
"c:\windows\system32\drivers\nsbvxuhg.sys"
"c:\windows\system32\drivers\obmkocvy.sys"
"c:\windows\system32\drivers\okijqpkh.sys"
"c:\windows\system32\drivers\omanaiar.sys"
"c:\windows\system32\drivers\orfavfsp.sys"
"c:\windows\system32\drivers\pilqaevr.sys"
"c:\windows\system32\drivers\ploewios.sys"
"c:\windows\system32\drivers\pmqnhtyo.sys"
"c:\windows\system32\drivers\pnsjopnt.sys"
"c:\windows\system32\drivers\poxxxipo.sys"
"c:\windows\system32\drivers\ppniqvia.sys"
"c:\windows\system32\drivers\qmeqeraj.sys"
"c:\windows\system32\drivers\qocmwalu.sys"
"c:\windows\system32\drivers\qsdksqbk.sys"
"c:\windows\system32\drivers\rkzzazjk.sys"
"c:\windows\system32\drivers\rncqngws.sys"
"c:\windows\system32\drivers\rqkprqei.sys"
"c:\windows\system32\drivers\rvlcltil.sys"
"c:\windows\system32\drivers\sgmqlwac.sys"
"c:\windows\system32\drivers\slfpdgka.sys"
"c:\windows\system32\drivers\sqijyaue.sys"
"c:\windows\system32\drivers\srsdgegm.sys"
"c:\windows\system32\drivers\tchantzu.sys"
"c:\windows\system32\drivers\temynwwl.sys"
"c:\windows\system32\drivers\thtsaipj.sys"
"c:\windows\system32\drivers\tpplbiju.sys"
"c:\windows\system32\drivers\uqpbzwdl.sys"
"c:\windows\system32\drivers\utdlepuh.sys"
"c:\windows\system32\drivers\uzwgmhjc.sys"
"c:\windows\system32\drivers\vfwexkvp.sys"
"c:\windows\system32\drivers\vhylezxq.sys"
"c:\windows\system32\drivers\vlbvkgud.sys"
"c:\windows\system32\drivers\vmsupaqb.sys"
"c:\windows\system32\drivers\vpsjmasb.sys"
"c:\windows\system32\drivers\wvjbecqx.sys"
"c:\windows\system32\drivers\wzhxqejy.sys"
"c:\windows\system32\drivers\xurllzee.sys"
"c:\windows\system32\drivers\yevjgwqq.sys"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_acyhgdzr
-------\Service_aeyrzqpe
-------\Service_arbnqyyk
-------\Service_aynfxaug
-------\Service_beawmqdf
-------\Service_bhzvzemn
-------\Service_bjkmcaoq
-------\Service_buerknqf
-------\Service_bzzbvkqn
-------\Service_ckzucvbv
-------\Service_clypxioj
-------\Service_ctgdiqhj
-------\Service_cybyfxvg
-------\Service_dlhnqwbd
-------\Service_dnlrabxp
-------\Service_dnmtgwuy
-------\Service_dnqodjyt
-------\Service_ebolgrrd
-------\Service_egvzgryl
-------\Service_eiqlcvxc
-------\Service_ejnfzbry
-------\Service_eowzpclo
-------\Service_eqxjauag
-------\Service_errxwwlk
-------\Service_faxwoaua
-------\Service_fekkezfi
-------\Service_gdimdynh
-------\Service_gdzyexfi
-------\Service_gmptnqqq
-------\Service_gnzoiwud
-------\Service_gunhcbel
-------\Service_gyrauhqb
-------\Service_heyjuozl
-------\Service_hiqqgoqw
-------\Service_htmofnmi
-------\Service_htrnsddf
-------\Service_hvpilqng
-------\Service_ieveupwr
-------\Service_indgzcbj
-------\Service_ivpnsofq
-------\Service_jilzdbru
-------\Service_jivtexqz
-------\Service_jjaagjuk
-------\Service_jmnririd
-------\Service_joabcvvm
-------\Service_jqcidtjw
-------\Service_jubglpct
-------\Service_jxfiiqye
-------\Service_jxyyvact
-------\Service_kbnbkheb
-------\Service_kbppxrrg
-------\Service_kjbkpoyz
-------\Service_kwogkchx
-------\Service_lbfghepe
-------\Service_lfahbwql
-------\Service_lfwjtynb
-------\Service_liaqwger
-------\Service_ltiexlqz
-------\Service_lvatelbw
-------\Service_lxwepnwv
-------\Service_moauyqik
-------\Service_mrsamdly
-------\Service_mtqljnro
-------\Service_muxtwnuc
-------\Service_nbnvxnsu
-------\Service_nsbvxuhg
-------\Service_obmkocvy
-------\Service_okijqpkh
-------\Service_omanaiar
-------\Service_orfavfsp
-------\Service_pilqaevr
-------\Service_ploewios
-------\Service_pmqnhtyo
-------\Service_pnsjopnt
-------\Service_poxxxipo
-------\Service_ppniqvia
-------\Service_qmeqeraj
-------\Service_qocmwalu
-------\Service_qsdksqbk
-------\Service_rkzzazjk
-------\Service_rncqngws
-------\Service_rqkprqei
-------\Service_rvlcltil
-------\Service_sgmqlwac
-------\Service_slfpdgka
-------\Service_sqijyaue
-------\Service_srsdgegm
-------\Service_tchantzu
-------\Service_temynwwl
-------\Service_thtsaipj
-------\Service_tpplbiju
-------\Service_uqpbzwdl
-------\Service_utdlepuh
-------\Service_uzwgmhjc
-------\Service_vfwexkvp
-------\Service_vhylezxq
-------\Service_vlbvkgud
-------\Service_vmsupaqb
-------\Service_vpsjmasb
-------\Service_vrpgthve
-------\Service_wvjbecqx
-------\Service_wzhxqejy
-------\Service_xurllzee
-------\Service_yevjgwqq
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-09-09 to 2011-10-09 ))))))))))))))))))))))))))))))
.
.
2011-10-09 23:45 . 2011-10-09 23:45 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC4A5BDA-DE40-499E-8297-A0A6B7E40BAA}\offreg.dll
2011-10-09 23:43 . 2011-10-09 23:43 -------- d-----w- c:\users\TEMP.Pc_Batmobiel\AppData\Local\temp
2011-10-09 23:43 . 2011-10-09 23:43 -------- d-----w- c:\users\Lieverd\AppData\Local\temp
2011-10-09 23:43 . 2011-10-09 23:43 -------- d-----w- c:\users\Gast\AppData\Local\temp
2011-10-09 23:43 . 2011-10-09 23:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-09 18:50 . 2011-10-09 23:48 -------- d-----w- c:\users\Batmobiel\AppData\Local\temp
2011-10-09 18:50 . 2009-04-11 04:39 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-10-09 17:36 . 2011-10-09 17:36 -------- d-----w- C:\_OTL
2011-10-08 21:49 . 2011-10-09 03:23 -------- d-----w- c:\windows\system32\MpEngineStore
2011-10-08 17:57 . 2011-09-29 07:28 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-10-08 17:57 . 2011-09-29 07:28 773080 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-10-08 17:57 . 2011-09-29 07:28 1833944 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-10-08 17:57 . 2011-09-29 07:28 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-10-08 17:57 . 2011-09-29 07:28 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-10-08 17:57 . 2011-09-29 07:28 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-10-08 17:57 . 2011-09-29 00:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-10-08 17:57 . 2011-09-29 00:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-10-07 18:28 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC4A5BDA-DE40-499E-8297-A0A6B7E40BAA}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-09 18:20 . 2011-10-09 18:20 209408 ----a-w- c:\users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hostaclaudit.exe
2011-07-18 18:43 . 2011-07-18 18:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2005-01-01 19:05 . 2005-01-01 19:05 456976 ----a-w- c:\program files\Common Files\DAO3032.DLL
2011-09-29 07:28 . 2011-10-08 17:57 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-28 18:03 . 2008-09-24 19:10 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-04-15 10:33 2515552 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10u_Plugin.exe" [2011-07-18 243360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-04-18 159744]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-28 30192]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-20 213936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SigmatelSysTrayApp"="sttray.exe" [2007-03-06 303104]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-07 585728]
.
c:\users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mozilla Firefox.lnk - c:\program files\Mozilla Firefox\firefox.exe [2007-10-16 924632]
Spybot - Search & Destroy.lnk - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-1-19 5365592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-9-26 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="explorer.exe,c:\users\Batmobiel\AppData\Roaming\dwm.exe"
.
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=c:\users\BATMOB~1\AppData\Local\Temp\csrss.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 gupdate1ca03336c81a5f0;Google Updateservice (gupdate1ca03336c81a5f0);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 133104]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-28 30192]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 133104]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-09 24576]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-05-25 15232]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-05-25 64512]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Akamai REG_MULTI_SZ Akamai
.
Inhoud van de 'Gedeelde Taken' map
.
2011-10-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-05-25 07:40]
.
2011-10-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-12 21:40]
.
2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 20:57]
.
2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 20:57]
.
2011-10-09 c:\windows\Tasks\User_Feed_Synchronization-{58BD6466-5970-429D-873B-F54947271CCC}.job
- c:\windows\system32\msfeedssync.exe [2011-06-16 04:32]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
TCP: DhcpNameServer = 195.130.130.4 195.130.131.4
FF - ProfilePath - c:\users\Batmobiel\AppData\Roaming\Mozilla\Firefox\Profiles\qct6qbvs.default\
FF - prefs.js: browser.search.selectedEngine - Van Dale Woordenboek
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/login.php
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 56646
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKCU-RunOnce-*uibootaction.exe - c:\users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uibootaction.exe
HKCU-RunOnce-*editproxymgr.exe - c:\users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\editproxymgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-10 01:46
Windows 6.0.6001 Service Pack 1 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(3512)
c:\windows\system32\btncopy.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
c:\program files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\system32\conime.exe
c:\windows\sttray.exe
c:\windows\System32\rundll32.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\windows\system32\consent.exe
.
**************************************************************************
.
Voltooingstijd: 2011-10-10 01:57:01 - machine werd herstart
ComboFix-quarantined-files.txt 2011-10-09 23:56
ComboFix2.txt 2011-10-09 19:10
.
Pre-Run: 3.169.783.808 bytes beschikbaar
Post-Run: 2.930.159.616 bytes beschikbaar
.
- - End Of File - - F747D19E12B0173FDB4711F70B3D129B
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now try to start Ad-Aware and let me know if it works or if an error is generated. If there is an error could you let me know what it is
  • 0

#10
DEME

DEME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
If I want to run it as it is installed on the computer, it says "Connection error, Failed to connect to server". If I want to upgrade and install a newer version, it says "The installer has unsufficient privileges to modify this file: C:\Program Files\Lavasoft\Ad-Aware\AAWservice.exe".

In the properties of this map:
Names of groups or users:
MAKER OWNER Allowed: Special privileges Denied: none
SYSTEM Allowed: All except special privileges
Administrators (Pc_Batmobiel\Administrators) Allowed: All except special privileges
Users (Pc_Batmobiel\Gebruikers) Allowed: Read and execute, Show folder content, write
TrustedInstaller Allowed: Show folder content, Special privileges

I think I should get rid of the first two and the last, but no action taken so far.
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you download a fresh copy of ad-aware to your desktop.
Disconnect from the internet
Uninstall ad-aware
Reboot
Install the fresh copy

Let me know if that works
  • 0

#12
DEME

DEME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Downloaded newest version of Ad-Aware
Disconnected internet
Uninstalled Ad-Aware
Removed the folder it was in under C:\Program Files
Cleaned Garbage Bin
Rebooted
Installed newest version of Ad-Aware
Run complete check


Logfile created: 11/10/2011 08:55:17
Ad-Aware version: 9.5.0
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: Batmobiel

*********************** Definitions database information ***********************
Lavasoft definition file: 1.0
Genotype definition file version: Unknown

******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 356898
Objects detected: 0


Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0



Scan and cleaning complete: Finished correctly after 6855 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Full Scan
ID: folderstoscan, enabled:1, value: C:\,D:\
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: N/A

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Mon Oct 10 22:24:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Mon Oct 10 04:24:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Mon Oct 10 10:24:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Mon Oct 10 16:24:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Mon Oct 10 22:24:00 2011
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: true
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: true
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: maintainbackup, enabled:1, value: true


****************************** System information ******************************
Computer name: PC_BATMOBIEL
Processor name: Intel® Core™2 Duo CPU T7500 @ 2.20GHz
Processor identifier: x86 Family 6 Model 15 Stepping 10
Processor speed: ~2193MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3850, number of processors 2, processor features: [MMX,SSE,SSE2,SSE3]
Physical memory available: 1031340032 bytes
Physical memory total: 2144813056 bytes
Virtual memory available: 1979097088 bytes
Virtual memory total: 2147352576 bytes
Memory load: 51%
Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Windows startup mode:

Running processes:
PID: 492 name: C:\Windows\System32\smss.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 572 name: C:\Windows\System32\csrss.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 632 name: C:\Windows\System32\wininit.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 644 name: C:\Windows\System32\csrss.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 676 name: C:\Windows\System32\services.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 692 name: C:\Windows\System32\lsass.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 700 name: C:\Windows\System32\lsm.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 808 name: C:\Windows\System32\winlogon.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 884 name: C:\Windows\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 932 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 960 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 996 name: C:\Windows\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1084 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1124 name: C:\Windows\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1136 name: C:\Windows\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1252 name: C:\Windows\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1268 name: C:\Windows\System32\SLsvc.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1308 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1440 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1520 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1772 name: C:\Windows\System32\spoolsv.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1796 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1956 name: C:\Windows\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1988 name: C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 352 name: C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 420 name: C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 748 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 648 name: C:\Windows\System32\drivers\CDAC11BA.EXE owner: SYSTEEM domain: NT AUTHORITY
PID: 1216 name: C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1480 name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 2076 name: C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 2132 name: C:\Windows\System32\dwm.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 2252 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 2264 name: C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 2288 name: C:\Windows\explorer.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 2408 name: C:\Windows\System32\taskeng.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 2608 name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 2628 name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 2660 name: C:\Windows\System32\stacsv.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 2744 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2804 name: C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 2872 name: C:\Windows\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 2920 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 2984 name: C:\Windows\System32\drivers\XAudio.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 3040 name: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 3204 name: C:\Program Files\DellTPad\Apoint.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 3696 name: C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 3704 name: C:\Program Files\Dell\MediaDirect\PCMService.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 3720 name: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 3756 name: C:\Program Files\Logitech\Video\LogiTray.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 3920 name: C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 3952 name: C:\Windows\sttray.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 3992 name: C:\Windows\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 4036 name: C:\Windows\System32\rundll32.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 1288 name: C:\Program Files\Common Files\Java\Java Update\jusched.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 2992 name: C:\Program Files\DellTPad\ApMsgFwd.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 2064 name: C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 3192 name: C:\Program Files\DellSupport\DSAgnt.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 2460 name: C:\Program Files\Windows Live\Messenger\msnmsgr.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 2372 name: C:\Windows\ehome\ehtray.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 1356 name: C:\Program Files\Windows Sidebar\sidebar.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 1408 name: C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 1348 name: C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 1600 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 3392 name: C:\Program Files\Windows Media Player\wmpnscfg.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 3448 name: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 2124 name: C:\Program Files\Dell\QuickSet\quickset.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 2440 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 2892 name: C:\Windows\ehome\ehmsas.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 1704 name: C:\Program Files\DellTPad\hidfind.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 3264 name: C:\Program Files\DellTPad\ApntEx.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 2548 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 2788 name: C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 4612 name: C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 5048 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 2384 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 5352 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 4576 name: C:\Windows\System32\rundll32.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 4536 name: C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 1716 name: C:\Windows\System32\wuauclt.exe owner: Batmobiel domain: Pc_Batmobiel
PID: 5280 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Batmobiel domain: Pc_Batmobiel

Startup items:
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: Apoint
imagepath: C:\Program Files\DellTPad\Apoint.exe
Name: ISUSScheduler
imagepath: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
Name: RoxWatchTray
imagepath: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
Name: PCMService
imagepath: "C:\Program Files\Dell\MediaDirect\PCMService.exe"
Name: dscactivate
imagepath: c:\dell\dsca.exe 3
Name: Google Desktop Search
imagepath: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
Name: ISUSPM Startup
imagepath: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
Name: QuickTime Task
imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Name: LogitechVideoRepair
imagepath: C:\Program Files\Logitech\Video\ISStart.exe /RegAll
Name: LogitechVideoTray
imagepath: C:\Program Files\Logitech\Video\LogiTray.exe
Name: ISUSPM
imagepath: "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
Name: SigmatelSysTrayApp
imagepath: sttray.exe
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Name: NVHotkey
imagepath: rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
Name: Adobe Reader Speed Launcher
imagepath: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Name: SunJavaUpdateSched
imagepath: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Name: AdobeAAMUpdater-1.0
imagepath: "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Name: SwitchBoard
imagepath: C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
Name: AdobeCS5ServiceManager
imagepath: "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
Name: HTC Sync Loader
imagepath: "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
imagepath: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Name:
imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
imagepath: C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe

Bootexecute items:
Name:
imagepath: autocheck autochk *

Running services:
Name: AeLookupSvc
displayname: Application Experience
Name: Akamai
displayname: Akamai NetSession Interface
Name: ALG
displayname: Application Layer Gateway-service
Name: Appinfo
displayname: Application Information
Name: AudioEndpointBuilder
displayname: Windows Audio Endpoint Builder
Name: Audiosrv
displayname: Windows Audio
Name: Autodesk Data Management Job Dispatch
displayname: Autodesk Data Management Job Dispatch
Name: Autodesk EDM Server
displayname: Autodesk EDM Server
Name: Autodesk Licensing Service
displayname: Autodesk Licensing Service
Name: BFE
displayname: Base Filtering Engine
Name: BITS
displayname: Background Intelligent Transfer Service
Name: BthServ
displayname: Bluetooth Support-service
Name: C-DillaCdaC11BA
displayname: C-DillaCdaC11BA
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: DPS
displayname: Diagnostic Policy Service
Name: EapHost
displayname: Extensible Authentication Protocol
Name: EMDMgmt
displayname: ReadyBoost
Name: Eventlog
displayname: Windows Event Log
Name: EventSystem
displayname: COM+ Event System
Name: fdPHost
displayname: Function Discovery Provider Host
Name: FDResPub
displayname: Function Discovery Resource Publication
Name: gpsvc
displayname: Group Policy Client
Name: hidserv
displayname: Human Interface Device Access
Name: IKEEXT
displayname: IKE and AuthIP IPsec Keying Modules
Name: iphlpsvc
displayname: IP Helper
Name: KeyIso
displayname: CNG Key Isolation
Name: KtmRm
displayname: KtmRm for Distributed Transaction Coordinator
Name: LanmanServer
displayname: Server
Name: LanmanWorkstation
displayname: Workstation
Name: lmhosts
displayname: TCP/IP NetBIOS Helper
Name: mi-raysat_3dsmax2010_32
displayname: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit
Name: MMCSS
displayname: Multimedia Class Scheduler
Name: MpsSvc
displayname: Windows Firewall
Name: MSSQL$AUTODESKVAULT
displayname: SQL Server (AUTODESKVAULT)
Name: Netman
displayname: Network Connections
Name: netprofm
displayname: Network List-service
Name: NlaSvc
displayname: Network Location Awareness
Name: nsi
displayname: Network Store Interface-service
Name: nvsvc
displayname: NVIDIA Display Driver Service
Name: PassThru Service
displayname: Internet Pass-Through Service
Name: PcaSvc
displayname: Program Compatibility Assistant-service
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPsec Policy Agent
Name: ProfSvc
displayname: User Profile-service
Name: RasMan
displayname: Remote Access Connection Manager
Name: RoxMediaDB9
displayname: RoxMediaDB9
Name: RoxWatch9
displayname: Roxio Hard Drive Watcher 9
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: SBSDWSCService
displayname: SBSD Security Center Service
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification-service
Name: SharedAccess
displayname: Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: slsvc
displayname: Software Licensing
Name: Spooler
displayname: Print Spooler
Name: SQLBrowser
displayname: SQL Server Browser
Name: SQLWriter
displayname: SQL Server VSS Writer
Name: SSDPSRV
displayname: SSDP Discovery
Name: SstpSvc
displayname: SSTP-service (Secure Socket Tunneling Protocol)
Name: STacSV
displayname: SigmaTel Audio Service
Name: stisvc
displayname: WIA (Windows Image Acquisition)
Name: SysMain
displayname: Superfetch
Name: TabletInputService
displayname: Tablet PC Input-service
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TomTomHOMEService
displayname: TomTomHOMEService
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: upnphost
displayname: UPnP Device Host
Name: UxSms
displayname: Desktop Window Manager Session Manager
Name: W32Time
displayname: Windows Time
Name: WdiSystemHost
displayname: Diagnostic System Host
Name: WebClient
displayname: WebClient
Name: WerSvc
displayname: Windows Error Reporting-service
Name: WinDefend
displayname: Windows Defender
Name: Winmgmt
displayname: Windows Management Instrumentation
Name: Wlansvc
displayname: WLAN Auto Config
Name: WMPNetworkSvc
displayname: Windows Media Player Network Sharing-service
Name: WPDBusEnum
displayname: Portable Device Enumerator-service
Name: wscsvc
displayname: Security Center
Name: WSearch
displayname: Windows Search
Name: wuauserv
displayname: Windows Update
Name: wudfsvc
displayname: Windows Driver Foundation - User-mode Driver Framework
Name: XAudioService
displayname: XAudioService
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
------------------------------------------------------------------------------------------------------------

System appears to be running stable, no more indications of malware whatsoever.

Grtz
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now check windows updates for me please to ensure that it works correctly, and any further problems ?
  • 0

#14
DEME

DEME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
No more updates to be done, lasts were:

KB948465: Windows Vista Service Pack 2 (completed) 11/10/2011
Definition Update for Windows Defender - KB15597 (completed) 11/10/2011

Furthermore no issues except my CD-drive was missing until this very moment. As I was typing, I wanted to ensure that it was missing but all of a sudden it works again :)

Further questions or am I officially spyware-free?
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :yes:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP