Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rogue:Win32/FakeYak Removal

Started by DEME , Oct 09 2011 01:22 AM

  • This topic is locked This topic is locked

#16
Essexboy
Posted 14 October 2011 - 12:48 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements

#17
Essexboy
Posted 17 October 2011 - 03:26 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned
  • 0

#18
DEME
Posted 17 October 2011 - 03:54 PM

DEME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Databaseversie: 7967

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

17/10/2011 23:51:26
mbam-log-2011-10-17 (23-50-52).txt

Scantype: Volledige scan (C:\|D:\|)
Objecten gescand: 543147
Verstreken tijd: 2 uur/uren, 27 minuut/minuten, 9 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 2
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 11

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> No action taken.

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
c:\Users\batmobiel\AppData\Roaming\microsoft\Windows\start menu\Programs\hostaclaudit.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\batmobiel\Desktop\rk_quarantine\aclappbridge.exe.vir (Trojan.FakeAlert) -> No action taken.
c:\Users\batmobiel\Desktop\rk_quarantine\amdrescpl.exe.vir (Trojan.FakeAlert) -> No action taken.
c:\Users\batmobiel\Desktop\rk_quarantine\appaudiohost.exe.vir (Trojan.FakeAlert) -> No action taken.
c:\Users\batmobiel\Desktop\rk_quarantine\audiobaseadm.exe.vir (Trojan.FakeAlert) -> No action taken.
c:\Users\batmobiel\Desktop\rk_quarantine\bootauthui.exe.vir (Trojan.FakeAlert) -> No action taken.
c:\Users\batmobiel\Desktop\rk_quarantine\cryptdbgcore.exe.vir (Trojan.FakeAlert) -> No action taken.
c:\Users\batmobiel\Desktop\rk_quarantine\editprovfat.exe.vir (Trojan.FakeAlert) -> No action taken.
c:\Users\batmobiel\Desktop\rk_quarantine\fataclaudio.exe.vir (Trojan.FakeAlert) -> No action taken.
c:\Users\batmobiel\Desktop\rk_quarantine\uidebugprov.exe.vir (Trojan.FakeAlert) -> No action taken.
c:\Users\batmobiel\downloads\autodesk\student\422\aip_student\Support\dwgviewer\Setup.exe (Heuristics.Shuriken) -> No action taken.


As far as I can tell, the 9 items under rk_quarantine are copies of the original file which has been destroyed by RogueKill. I'm not sure about the other 2, nor about the 2 registry values ...
  • 0

#19
Essexboy
Posted 18 October 2011 - 10:57 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run a fresh OTL for me please with the following script

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#20
DEME
Posted 18 October 2011 - 03:08 PM

DEME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OTL logfile created on: 18/10/2011 22:52:59 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Batmobiel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

2,00 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 59,31% Memory free
4,23 Gb Paging File | 2,59 Gb Available in Paging File | 61,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,44 Gb Total Space | 2,75 Gb Free Space | 2,02% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 1,26 Gb Free Space | 12,60% Space Free | Partition Type: NTFS
Drive E: | 660,36 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: PC_BATMOBIEL | User Name: Batmobiel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/18 22:49:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Batmobiel\Desktop\OTL.exe
PRC - [2011/10/14 08:47:13 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/14 08:47:12 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/01/07 22:09:32 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2009/11/13 13:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/11/13 13:31:12 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/03/12 18:36:24 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
PRC - [2009/01/26 16:31:16 | 002,144,088 | -HS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/11/21 01:24:10 | 000,054,784 | ---- | M] (Macrovision) -- C:\Windows\System32\drivers\CDAC11BA.EXE
PRC - [2007/10/21 18:25:16 | 000,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2007/04/18 06:48:18 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/04/18 05:31:58 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/04/16 17:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/03/15 13:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/03/06 22:38:28 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/03/06 22:37:30 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2007/02/20 14:01:12 | 001,125,088 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/02/13 17:26:46 | 000,049,152 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
PRC - [2006/11/05 12:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 11:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/11/03 18:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 18:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/09/09 01:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2006/09/09 01:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2005/01/18 17:37:30 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe


========== Modules (No Company Name) ==========

MOD - [2011/01/07 22:09:34 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011/01/07 22:09:32 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011/01/07 22:09:32 | 000,352,256 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011/01/07 22:09:32 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011/01/07 22:09:32 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011/01/07 22:09:32 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2010/07/28 20:03:07 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2007/02/20 14:01:18 | 000,105,184 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2006/11/05 11:58:44 | 000,516,096 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006/11/05 11:28:18 | 004,587,520 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006/11/03 18:46:24 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006/11/03 18:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - [2011/10/18 22:37:05 | 003,552,856 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_807ba95.dll -- (Akamai)
SRV - [2011/10/14 08:47:12 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/04 03:27:28 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/03/12 18:36:24 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/21 01:24:10 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\Windows\System32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2007/10/21 18:25:16 | 000,079,360 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/03/06 22:38:28 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/02/13 17:28:14 | 000,032,768 | ---- | M] (Autodesk) [Auto | Stopped] -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe -- (Autodesk Data Management Job Dispatch)
SRV - [2007/02/13 17:26:46 | 000,049,152 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe -- (Autodesk EDM Server)


========== Driver Services (SafeList) ==========

DRV - [2011/08/18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/08/18 15:25:12 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/06/23 10:23:44 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/06/16 15:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2007/11/21 01:24:11 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2007/09/26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Stuurprogramma voor Intel®
DRV - [2007/04/13 02:02:56 | 000,157,184 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/03/06 22:38:52 | 000,323,584 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/27 09:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 09:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 09:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/21 14:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 09:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Stuurprogramma voor Intel®
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/05 02:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/01/31 12:20:03 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/01/31 12:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = pac.telenet.be:8080

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = pac.telenet.be:8080

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-413306250-3151955398-2502198020-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
IE - HKU\S-1-5-21-413306250-3151955398-2502198020-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-413306250-3151955398-2502198020-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Van Dale Woordenboek"
FF - prefs.js..browser.startup.homepage: "https://www.facebook....com/login.php"
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 56646
FF - prefs.js..network.proxy.no_proxies_on: "*.telenet.be, *.pandora.be, 127.0.0.1"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Batmobiel\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/08 19:57:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/08 19:57:46 | 000,000,000 | ---D | M]

[2009/07/09 17:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Extensions
[2009/07/09 17:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/10/08 23:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Firefox\Profiles\qct6qbvs.default\extensions
[2010/08/06 10:43:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Firefox\Profiles\qct6qbvs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/08 23:55:29 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Firefox\Profiles\qct6qbvs.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/10/08 23:55:35 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Firefox\Profiles\qct6qbvs.default\extensions\[email protected]
[2011/10/08 19:57:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/21 23:12:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/09/29 09:28:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/21 23:11:18 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/03/29 11:56:22 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll
[2011/09/29 02:35:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 03:16:03 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2011/09/29 03:16:03 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2011/09/29 03:16:03 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml

O1 HOSTS File: ([2011/10/17 20:19:53 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000..\RunOnce: [*editproxymgr.exe] "C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\editproxymgr.exe" File not found
O4 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000..\RunOnce: [*uibootaction.exe] "C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uibootaction.exe" File not found
O4 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10u_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O4 - Startup: C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spybot - Search & Destroy.lnk = C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
F3 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000 WinNT: Load - (C:\Users\BATMOB~1\AppData\Local\Temp\csrss.exe) - File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.4 195.130.131.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DC71365-4E92-4D5F-AFFB-1E1A12183C2F}: DhcpNameServer = 195.130.130.4 195.130.131.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000 Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000 Winlogon: Shell - (C:\Users\Batmobiel\AppData\Roaming\dwm.exe) - File not found
O24 - Desktop WallPaper: C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/27 23:06:50 | 000,000,000 | ---D | M] - C:\autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/18 22:49:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Batmobiel\Desktop\OTL.exe
[2011/10/17 21:03:06 | 000,000,000 | ---D | C] -- C:\Users\Batmobiel\AppData\Roaming\Malwarebytes
[2011/10/17 21:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/17 21:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/17 21:02:30 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/17 21:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/17 20:32:50 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/10/13 08:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/10/11 23:21:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/10/11 23:21:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/10/11 23:21:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/10/11 22:50:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/10/10 22:24:12 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/10/10 22:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/10/10 22:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/10/10 22:14:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/09 20:50:28 | 000,000,000 | ---D | C] -- C:\Users\Batmobiel\AppData\Local\temp
[2011/10/09 20:20:36 | 000,209,408 | ---- | C] (©if systems) -- C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hostaclaudit.exe
[2011/10/09 20:16:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/09 14:36:19 | 000,000,000 | ---D | C] -- C:\Users\Batmobiel\Desktop\Roguekiller
[2011/10/09 08:40:53 | 000,000,000 | ---D | C] -- C:\Users\Batmobiel\Desktop\RK_Quarantine
[2011/10/08 23:49:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2005/01/01 21:05:00 | 000,456,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\DAO3032.DLL

========== Files - Modified Within 30 Days ==========

[2011/10/18 22:49:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Batmobiel\Desktop\OTL.exe
[2011/10/18 22:43:01 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/18 22:43:01 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/18 22:41:00 | 000,000,970 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/10/18 22:28:00 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/18 20:28:00 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/18 19:26:30 | 000,048,443 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/10/18 19:26:30 | 000,048,443 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/10/18 19:25:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/18 15:10:54 | 000,722,486 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2011/10/18 15:10:54 | 000,641,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/18 15:10:54 | 000,148,962 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2011/10/18 15:10:53 | 000,122,778 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/18 14:28:28 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{58BD6466-5970-429D-873B-F54947271CCC}.job
[2011/10/17 22:31:42 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/10/17 21:02:36 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/17 20:42:54 | 000,000,440 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011/10/17 20:41:22 | 003,991,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/17 20:40:21 | 2143,506,432 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/17 20:39:03 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/10/17 20:19:53 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/10/17 13:50:54 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/10/17 13:50:54 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/10/13 11:57:15 | 000,000,940 | ---- | M] () -- C:\Users\Batmobiel\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook starten.lnk
[2011/10/13 08:57:37 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/10/13 08:57:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/10/11 23:19:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/10/10 22:24:15 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/10/10 22:19:23 | 000,001,659 | ---- | M] () -- C:\Users\Batmobiel\Application Data\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk
[2011/10/10 22:11:24 | 010,268,672 | ---- | M] () -- C:\Users\Batmobiel\Desktop\Ad-Aware95Install.msi
[2011/10/09 08:39:07 | 000,337,457 | ---- | M] () -- C:\Users\Batmobiel\Desktop\PC infected with Win32_Fakeyak - Geeks to Go Forums.pdf
[2011/10/08 19:57:54 | 000,000,872 | ---- | M] () -- C:\Users\Batmobiel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/08 19:57:54 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/24 10:10:20 | 000,007,808 | ---- | M] () -- C:\Users\Batmobiel\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2011/10/17 21:02:36 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/17 20:42:44 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/10/13 08:57:37 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/10/13 08:57:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/10/11 23:19:31 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/10/10 22:24:15 | 000,000,939 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/10/10 22:19:23 | 000,001,659 | ---- | C] () -- C:\Users\Batmobiel\Application Data\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk
[2011/10/10 22:11:23 | 010,268,672 | ---- | C] () -- C:\Users\Batmobiel\Desktop\Ad-Aware95Install.msi
[2011/10/09 08:39:22 | 000,337,457 | ---- | C] () -- C:\Users\Batmobiel\Desktop\PC infected with Win32_Fakeyak - Geeks to Go Forums.pdf
[2011/10/09 08:14:58 | 000,048,443 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/10/09 08:14:41 | 000,048,443 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/10/08 19:57:54 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/08 19:57:54 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/13 09:31:09 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/05/30 19:24:12 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/30 19:24:12 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2009/11/26 08:12:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/26 08:12:06 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/26 04:01:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/09/22 18:34:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/09/10 23:57:03 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/08/07 00:24:27 | 000,016,103 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\UserTile.png
[2008/03/22 10:24:46 | 000,007,808 | ---- | C] () -- C:\Users\Batmobiel\AppData\Local\d3d9caps.dat
[2008/03/22 00:53:07 | 000,008,192 | -HS- | C] () -- C:\Windows\o2cLicStore.bin
[2007/11/26 22:26:08 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2007/10/19 23:00:09 | 000,000,392 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/16 22:12:21 | 000,069,577 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\nvModes.001
[2007/10/16 22:12:20 | 000,069,577 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\nvModes.dat
[2007/10/16 09:53:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/10/16 00:35:11 | 000,248,320 | ---- | C] () -- C:\Users\Batmobiel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/26 19:53:37 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/09/26 12:07:41 | 000,006,656 | ---- | C] () -- C:\Windows\System32\stacutil.dll
[2007/09/26 11:59:13 | 000,002,140 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/11/29 10:44:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 21:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 18:11:51 | 000,722,486 | ---- | C] () -- C:\Windows\System32\perfh013.dat
[2006/11/02 18:11:51 | 000,336,440 | ---- | C] () -- C:\Windows\System32\perfi013.dat
[2006/11/02 18:11:51 | 000,148,962 | ---- | C] () -- C:\Windows\System32\perfc013.dat
[2006/11/02 18:11:51 | 000,041,976 | ---- | C] () -- C:\Windows\System32\perfd013.dat
[2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:47:37 | 003,991,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:33:01 | 000,641,850 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,122,778 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/01/01 21:05:00 | 000,126,976 | ---- | C] () -- C:\Windows\System32\mbUtil.dll
[2005/01/01 21:05:00 | 000,000,662 | ---- | C] () -- C:\Windows\Contact.INI
[2003/04/07 13:10:22 | 000,005,443 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

========== LOP Check ==========

[2008/02/18 12:33:19 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Alias
[2007/10/21 23:02:28 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Ansys
[2010/12/28 00:48:21 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Autodesk
[2011/10/18 00:01:59 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Azureus
[2010/06/14 18:43:00 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Facebook
[2011/04/17 20:57:39 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\HTC
[2011/04/16 22:39:58 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2007/10/24 23:51:34 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\iScreensaver
[2011/04/17 20:57:40 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Outlook
[2010/12/18 00:26:30 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Power MP3 Cutter
[2010/11/11 23:02:10 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/07/09 17:33:40 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\TomTom
[2010/02/20 23:54:52 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\VOWSoft
[2011/04/20 21:38:25 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\HTC
[2011/10/17 22:31:42 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/10/17 20:39:27 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/18 14:28:28 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{58BD6466-5970-429D-873B-F54947271CCC}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 17:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe


< MD5 for: EXPLORER.EXE >
[2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe
[2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/27 01:31:04 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/27 01:31:04 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008/01/19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Viper Suisse:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Torrents:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Ski_Tag:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Ski Tag + Els:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Sabrina dag 4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Sabrina dag 3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Sabrina dag 2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Sabrina dag 1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Liberation:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Kodak januari:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\hydrofoilb.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\hydrofoil.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\harde 2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\V-shape:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Verslagen zwitserland:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\tracklists trancefm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\TomTom:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\StudioTools:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Solar Boat Reportage.mov:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\RVA:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\OldVersions:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\MP3voornovember:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Mijn ontvangen bestanden:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Kreativ Squareheads 1.0:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Inventor:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Inventor renders:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\hulls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\GTA Vice City User Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Boot - nietkdg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Bluetooth-uitwisselingsmap:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Azureus Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\waterklok parijs.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\usb ski:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Sollicitaties:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Scannen0002.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Scannen0001.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Sabrina 2-2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Sabrina 2-1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Italie en passen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\DSC03399.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Dirk en bergrennen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Bodensee rond:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\7230_144463934260_600109260_2679915_8107794_n.jpg:Roxio EMC Stream

< End of report >
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 18/10/2011 22:52:59 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Batmobiel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

2,00 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 59,31% Memory free
4,23 Gb Paging File | 2,59 Gb Available in Paging File | 61,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,44 Gb Total Space | 2,75 Gb Free Space | 2,02% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 1,26 Gb Free Space | 12,60% Space Free | Partition Type: NTFS
Drive E: | 660,36 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: PC_BATMOBIEL | User Name: Batmobiel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-413306250-3151955398-2502198020-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0749F7B4-0B3E-4FA8-9C54-1BE64B5AC3FC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{11D52F22-2834-41BF-AC25-737F9CADEAF1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{15884FF6-ADE2-47CB-8214-5B0916B397F3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1E76F1AC-B735-4AD4-8627-37989C660A1D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{313C3F65-B1FD-4A16-A84F-1B60F7AC110B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{40F101AE-5B81-489C-AD22-5A1CEFFD511E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{44D05461-B071-4BFA-BF7B-789AC0F131DC}" = rport=2869 | protocol=6 | dir=out | app=system |
"{6057EE4A-26F5-4E7A-9AFD-F512C8220B47}" = lport=2869 | protocol=6 | dir=in | app=system |
"{69653DF3-DD0E-424D-8D1F-54176862F6EE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6B871F39-93F4-418E-AC31-6B0C0AEACD5B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7ADCD9E7-038C-4FA4-A90C-D2945C127A2F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7AEE2365-114A-4E66-98A1-BC95313D2323}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8FE58B45-542E-424D-BFD6-28904333DC8C}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{954C80BF-EDC1-41A3-B6E8-BEB2A76974C8}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9DC8A96A-408C-459B-831E-FDCDDFF69802}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A42A23D4-4FEF-4EC0-A5B9-DC1DFE2F26EF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A8FCA046-6623-429C-AFB3-BC45C37D2B1E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D4A9FE0D-DE95-404B-BB2F-4AB20B45BAEB}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D9CEFAB6-D0A1-4F22-9BC8-2F1FFBFC26EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ECDB7351-4BB3-47A4-8F94-ED3FF634ED2E}" = lport=59576 | protocol=6 | dir=in | name=akamai netsession interface |
"{F36D71CB-94DB-4838-B71F-6C031D7AD481}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{FC16379F-9E98-4B6B-90D4-876363AAD2F3}" = lport=49166 | protocol=6 | dir=in | name=akamai netsession interface |
"{FFC8043B-CF4E-4B93-BD92-BF2EBD51395C}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A4182C1-3BEC-4982-A069-291127695E0F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0BB6DACA-673C-4AD7-92F2-92AFB03FDB5D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1963C6AE-4DE8-41CA-BFFF-E29C4D279461}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1BE29DB3-5039-45CB-ABF6-29B7AB4F4A55}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1D8F3C7F-BC4F-4F08-8E96-2672ABBE95F6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2511927C-251C-43A5-A208-308074054707}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{29A2EAEB-6322-4355-AB6D-02AF4632DA3A}" = protocol=6 | dir=in | app=c:\program files\3dsmax\3dsmax.exe |
"{3144DC73-2329-40D1-B51D-E0BA5FCF5752}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{328BE57C-F353-40BE-A97C-157CA258EECB}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{35805CFB-08D9-4A87-BEA9-467AF162B6BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{35927C65-C994-4B89-8178-2BFB6EC2B17A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3A9BEEBF-9A57-4D16-893C-2A3CB428D6DF}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{3DA64934-88FC-486D-91A9-4382E79F207B}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\3dsmax.exe |
"{3E89E447-08F3-44EA-88A8-1C09C32C7990}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{4715123D-0C85-4217-BF2A-16BB8C6DA7D9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{47EAC7F1-2535-4A08-8B23-98FA79BD6B1A}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\3dsmax.exe |
"{488A24AA-2544-40BB-959F-DBC3D7943290}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{56DCB9C4-08AA-4E17-A642-BF56AB9BCA6A}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{574C1247-BD8E-4A63-A3B3-77FFC78D7E5F}" = protocol=58 | dir=in | [email protected],-148 |
"{5CA17F61-2D6B-4A1E-9379-64BDB3477A39}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe |
"{6EE0382B-785B-4528-B566-6A95B4A42A70}" = protocol=17 | dir=in | app=c:\program files\backburner 2\manager.exe |
"{77FCE725-0B9B-4ACB-9A1F-E43BE32DADF0}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe |
"{822995F6-6BBD-4219-9C45-4928C6F5621F}" = protocol=6 | dir=out | app=system |
"{8C2177F8-8663-4CC2-AEC2-A679FE2E4A5E}" = protocol=17 | dir=in | app=c:\program files\backburner 2\server.exe |
"{8ED52B66-D0C6-432F-971B-EC81D254A6F4}" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"{8FE627FE-FBD9-4943-B282-3F3E142046C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{90E1E15E-DB79-4B03-9D42-8DDAFFAE76E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{94FA314B-11F2-4C89-B432-325126BBE76B}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |
"{980ED31C-D97A-4A1F-8DB5-D001ED622A72}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{9A5E0684-6A51-4C53-AECD-885F2CD87A37}" = protocol=17 | dir=in | app=c:\program files\backburner 2\monitor.exe |
"{9C419F26-968E-49CD-856B-BBDCD396B5F6}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe |
"{9DA3B5F5-189C-4840-B6E6-2D2885A4D5DD}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{ABA75BE5-0A1C-403A-A769-FE35C6966C9B}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{AF187047-4CAE-451F-900E-8E854ED8B197}" = protocol=6 | dir=in | app=c:\program files\backburner 2\monitor.exe |
"{BE209D83-6E77-46DF-B4E3-3E4BB2F0F352}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BFCBA2D9-98D9-4116-99BB-C0DEC342D536}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{C36DE486-CB6E-4348-857F-3E42DB0FCEBF}" = protocol=17 | dir=in | app=c:\program files\3dsmax\3dsmax.exe |
"{C3FBFA4C-39C6-40E5-A869-18F15BC94C34}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CC777FEB-12D1-4DBE-A412-369E15D5DDB3}" = protocol=6 | dir=in | app=c:\program files\backburner 2\manager.exe |
"{D33E6973-FAD8-4A23-9D5D-B153448BD168}" = protocol=6 | dir=in | app=c:\program files\backburner 2\server.exe |
"{D646BF28-8901-435C-A4DD-21A78406B937}" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"{DBA1C5C0-D849-41B2-988A-374741B1C3C9}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe |
"{E9C97AFB-5016-4426-AF2C-903934ADC4D5}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{EBAFA577-BCDE-4689-AD92-75F8192B7166}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{13011683-B10B-4356-838B-E87E5D175590}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{21390F38-90B0-4D02-9C91-CC89A38BCD4B}C:\flow3d\v9.3\licenses\lmgrd.exe" = protocol=6 | dir=in | app=c:\flow3d\v9.3\licenses\lmgrd.exe |
"TCP Query User{3FF782A9-F998-4CFD-8BFC-2D691CE24845}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{5104D21D-486B-49EA-8330-E973C2CC42D4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{6653EA6F-899C-48E0-8135-49ECFE4770D0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{6B2F41F0-2883-4B8D-983A-803104707674}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{C2979BF5-FB5A-4074-B15A-B72076EE892D}C:\program files\phoenixrc\phoenixrc.exe" = protocol=6 | dir=in | app=c:\program files\phoenixrc\phoenixrc.exe |
"TCP Query User{C8CC8FF5-E18E-42C3-B834-B5E145444AA2}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{E2693918-231C-4193-B882-668CC56B204A}C:\flow3d\v9.3\licenses\f3dtknux.exe" = protocol=6 | dir=in | app=c:\flow3d\v9.3\licenses\f3dtknux.exe |
"TCP Query User{E57E47B9-865B-4449-BECA-6C8F3878885E}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{0A29CE87-F2F4-45EE-AAD8-B195B910CED9}C:\program files\phoenixrc\phoenixrc.exe" = protocol=17 | dir=in | app=c:\program files\phoenixrc\phoenixrc.exe |
"UDP Query User{37053769-5512-4376-B6BC-072E1AA9C349}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{40F79119-BE34-40C5-B46C-038DD75CAA0B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4347F0BA-4CDB-4F98-8EE3-BB03D94911F7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{65A02E49-C804-4DFF-A915-D575D1DDFB00}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{8D393D5D-C235-4FB7-8B69-07DA53E49C45}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{A771F716-F9EA-4298-80A6-52D4E90AFBBF}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{A89B2475-D22F-4120-BBA5-D662B4ECD668}C:\flow3d\v9.3\licenses\f3dtknux.exe" = protocol=17 | dir=in | app=c:\flow3d\v9.3\licenses\f3dtknux.exe |
"UDP Query User{A949B5F6-555F-4320-9112-C377B4E58E74}C:\flow3d\v9.3\licenses\lmgrd.exe" = protocol=17 | dir=in | app=c:\flow3d\v9.3\licenses\lmgrd.exe |
"UDP Query User{F6F21BC9-1504-4103-A7A7-128815189EA8}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16F8DC9F-5FEE-4494-8EFF-D26D0B9ADC92}" = PhoenixRC
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1FB138CC-5503-4B4A-BC42-81E9C1FF26EE}" = Autodesk Inventor Content Center Libraries 2010 (Desktop Content)
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2385DC1A-40D6-45BE-B253-93A91FA39E5F}" = FLOW3D Version 9.3
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2869F5EA-93C3-48E5-80DF-DB696BC84A91}" = Windows Live Mail
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)
"{2C086D06-187A-4050-ADD4-2F9D033651B4}" = Dell systeem aanpassings wizard
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52969324-463B-4643-BF36-854BE2BECB89}" = Autodesk Inventor 2010 English Language Pack
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{5645FB61-898F-4F59-AF80-52FEF3D63A64}" = HTC Sync
"{5783F2D7-0203-0409-0002-0060B0CE6BBA}" = Mechanical Desktop 2004
"{5783F2D7-6000-0409-0002-0060B0CE6BBA}" = AutoCAD Civil 3D 2008
"{5783F2D7-6013-0409-0002-0060B0CE6BBA}" = Autodesk Mechanical Desktop 2008
"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E8ED61B-9027-4EA3-8E5B-BC2A9EE6B020}" = Autodesk Data Management Server 2008
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F411DB4-EC41-482B-AD46-384957928F69}" = AOEMView 2008
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E1FBCB0-500C-4A0D-AC9C-B1B76E75666B}" = Windows Live aanmeldhulp
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{7F4DD591-1200-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2008
"{7F4DD591-1400-0409-0000-7107D70F3DB4}" = Autodesk Inventor 2010
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Editie 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2A0A82F-025F-458d-A0CD-9BB2320804B5}" = Microsoft Works
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B59E23A5-B3C5-4589-AE7A-EDC4793EF951}" = Playboy - The Mansion
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C20C2630-B3A7-44BA-BDD0-31E256AE490E}" = Windows Live Call
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam-software
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CC38A00D-7EED-46CE-9281-D1D97B81F22A}" = Windows Live Messenger
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E55B00B0-9DBF-4EE1-AC1D-5DEBE12BD097}" = Autodesk Vault 2008
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3}" = Windows Live Essentials
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F153183F-F52F-4014-8D98-87E6E5027D91}" = Alias Studio Personal Learning Edition 13
"{F1B9EBFF-D4D6-42DE-B249-68BF4D60AE05}" = KdG Root Certificaat
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F92AB933-9FE7-4335-92BD-D1C3BA27613C}" = 3ds max 7
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"3D_Interieur_2005_is1" = 3D Interieur 2005
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Akamai" = Akamai NetSession Interface
"AOEMView 2008" = AOEMView 2008
"AutoCAD Civil 3D 2008" = AutoCAD Civil 3D 2008
"Autodesk Data Management Server 2008" = Autodesk Data Management Server 2008
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"Autodesk Express Viewer" = Autodesk Express Viewer
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"Autodesk Inventor 2010" = Autodesk Inventor Professional 2010
"Autodesk Mechanical Desktop 2008" = Autodesk Mechanical Desktop 2008
"Autodesk Student Community Download Tool_is1" = Autodesk Student Community Download Tool
"Autodesk Vault 2008" = Autodesk Vault 2008
"CdaC13Ba" = SafeCast Shared Components
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Delftship free_is1" = Delftship free 3.1
"Delftship_is1" = Delftship professional demo 3.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DWG TrueView 2010" = DWG TrueView 2010
"eMindMaps" = eMindMaps
"FLV Player" = FLV Player 2.0 (build 25)
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"InstallShield_{2385DC1A-40D6-45BE-B253-93A91FA39E5F}" = FLOW3D Version 9.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware versie 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 7.0.1 (x86 nl)" = Mozilla Firefox 7.0.1 (x86 nl)
"NVIDIA Drivers" = NVIDIA Drivers
"Peggle" = Peggle (remove only)
"Peggle Deluxe1.0" = Peggle Deluxe
"Peggle Nights Deluxe 1.00" = Peggle Nights Deluxe 1.00
"PicaLoader" = PicaLoader 1.7.1
"PopCap Browser Plugin" = PopCap Browser Plugin
"Power MP3 Recorder Cutter_is1" = Power MP3 Recorder Cutter v5.2.0.0
"RAR Password Cracker" = RAR Password Cracker 4.12
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Ultimate ZIP Cracker" = Ultimate ZIP Cracker
"VLC media player" = VLC media player 0.9.8a
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-413306250-3151955398-2502198020-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/10/2011 14:37:47 | Computer Name = Pc_Batmobiel | Source = Windows Search Service | ID = 3013
Description =

Error - 17/10/2011 14:37:47 | Computer Name = Pc_Batmobiel | Source = Windows Search Service | ID = 3013
Description =

Error - 17/10/2011 14:37:47 | Computer Name = Pc_Batmobiel | Source = Windows Search Service | ID = 3013
Description =

Error - 17/10/2011 14:37:47 | Computer Name = Pc_Batmobiel | Source = Windows Search Service | ID = 3013
Description =

Error - 17/10/2011 14:37:47 | Computer Name = Pc_Batmobiel | Source = Windows Search Service | ID = 3013
Description =

Error - 17/10/2011 14:37:47 | Computer Name = Pc_Batmobiel | Source = Windows Search Service | ID = 3013
Description =

Error - 17/10/2011 14:37:47 | Computer Name = Pc_Batmobiel | Source = Windows Search Service | ID = 3013
Description =

Error - 17/10/2011 14:37:47 | Computer Name = Pc_Batmobiel | Source = Windows Search Service | ID = 3013
Description =

Error - 17/10/2011 14:37:47 | Computer Name = Pc_Batmobiel | Source = Windows Search Service | ID = 3013
Description =

Error - 18/10/2011 16:52:58 | Computer Name = Pc_Batmobiel | Source = Application Hang | ID = 1002
Description = Programma mbam.exe, versie 1.51.0.1118 reageert niet meer op Windows
en is afgesloten. Als u wilt zien of meer informatie over het probleem beschikbaar
is, kunt u de probleemgeschiedenis in onderdeel Probleemrapporten en -oplossingen
in het Configuratiescherm controleren. Proces-id: 594 Starttijd: 01cc8cff6cbe35c9
Eindtijd:
290

[ System Events ]
Error - 17/10/2011 14:34:44 | Computer Name = Pc_Batmobiel | Source = Service Control Manager | ID = 7034
Description =

Error - 17/10/2011 14:42:24 | Computer Name = Pc_Batmobiel | Source = Service Control Manager | ID = 7009
Description =

Error - 17/10/2011 14:42:24 | Computer Name = Pc_Batmobiel | Source = Service Control Manager | ID = 7000
Description =

Error - 17/10/2011 14:42:24 | Computer Name = Pc_Batmobiel | Source = Service Control Manager | ID = 7000
Description =

Error - 17/10/2011 14:42:24 | Computer Name = Pc_Batmobiel | Source = Service Control Manager | ID = 7000
Description =

Error - 17/10/2011 14:43:19 | Computer Name = Pc_Batmobiel | Source = DCOM | ID = 10000
Description =

Error - 17/10/2011 18:37:37 | Computer Name = Pc_Batmobiel | Source = volsnap | ID = 393252
Description = Bij de schaduwkopieën van volume C: zijn afgebroken omdat de schaduwkopieopslag
niet kan worden uitgebreid vanwege een door de gebruiker opgelegde limiet.

Error - 18/10/2011 13:26:13 | Computer Name = Pc_Batmobiel | Source = Service Control Manager | ID = 7011
Description =

Error - 18/10/2011 14:43:34 | Computer Name = Pc_Batmobiel | Source = DCOM | ID = 10000
Description =

Error - 18/10/2011 16:37:40 | Computer Name = Pc_Batmobiel | Source = Service Control Manager | ID = 7011
Description =


< End of report >
  • 0

#21
Essexboy
Posted 18 October 2011 - 03:14 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Not a great deal showing - what are your current problems

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 56646
    O20 - HKU\S-1-5-21-413306250-3151955398-2502198020-1000 Winlogon: Shell - (C:\Users\Batmobiel\AppData\Roaming\dwm.exe) - File not found
    [2011/10/09 14:36:19 | 000,000,000 | ---D | C] -- C:\Users\Batmobiel\Desktop\Roguekiller
    [2011/10/09 08:40:53 | 000,000,000 | ---D | C] -- C:\Users\Batmobiel\Desktop\RK_Quarantine

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#22
DEME
Posted 18 October 2011 - 03:21 PM

DEME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
There are not really any problems, just thought something was happening since Malwarebytes detected some infected files and I wanted to be sure about the severeness of the infection.

i'm about to run your next script, I'll be back soon.
  • 0

#23
Essexboy
Posted 18 October 2011 - 03:28 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The script will remove the rigue killer quarantine - could you run a quickscan with MBAM once the script has run please :)
  • 0

#24
DEME
Posted 18 October 2011 - 03:58 PM

DEME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OTL logfile created on: 18/10/2011 23:32:15 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Batmobiel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

2,00 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 46,85% Memory free
4,23 Gb Paging File | 2,93 Gb Available in Paging File | 69,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,44 Gb Total Space | 2,63 Gb Free Space | 1,93% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 1,26 Gb Free Space | 12,60% Space Free | Partition Type: NTFS
Drive E: | 660,36 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: PC_BATMOBIEL | User Name: Batmobiel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/18 22:49:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Batmobiel\Desktop\OTL.exe
PRC - [2011/10/14 08:47:13 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/14 08:47:12 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/01/07 22:09:32 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2009/11/13 13:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/11/13 13:31:12 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/03/12 18:36:24 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
PRC - [2009/01/26 16:31:16 | 002,144,088 | -HS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/11/21 01:24:10 | 000,054,784 | ---- | M] (Macrovision) -- C:\Windows\System32\drivers\CDAC11BA.EXE
PRC - [2007/10/21 18:25:16 | 000,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2007/04/18 06:48:18 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/04/18 05:31:58 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/04/16 17:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/03/15 13:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/03/06 22:38:28 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/03/06 22:37:30 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2007/02/20 14:01:12 | 001,125,088 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/02/13 17:28:14 | 000,032,768 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
PRC - [2007/02/13 17:26:46 | 000,049,152 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
PRC - [2006/11/05 12:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 11:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/11/03 18:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 18:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/09/09 01:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2006/09/09 01:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2005/01/18 17:37:30 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe


========== Modules (No Company Name) ==========

MOD - [2011/01/07 22:09:34 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011/01/07 22:09:32 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011/01/07 22:09:32 | 000,352,256 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011/01/07 22:09:32 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011/01/07 22:09:32 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011/01/07 22:09:32 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2007/02/20 14:01:18 | 000,105,184 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2006/11/05 11:58:44 | 000,516,096 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006/11/05 11:28:18 | 004,587,520 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006/11/03 18:46:24 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006/11/03 18:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - [2011/10/18 22:37:05 | 003,552,856 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_807ba95.dll -- (Akamai)
SRV - [2011/10/14 08:47:12 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/04 03:27:28 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/03/12 18:36:24 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/21 01:24:10 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\Windows\System32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2007/10/21 18:25:16 | 000,079,360 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/03/06 22:38:28 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/02/13 17:28:14 | 000,032,768 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe -- (Autodesk Data Management Job Dispatch)
SRV - [2007/02/13 17:26:46 | 000,049,152 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe -- (Autodesk EDM Server)


========== Driver Services (SafeList) ==========

DRV - [2011/08/18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/08/18 15:25:12 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/06/23 10:23:44 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/06/16 15:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2007/11/21 01:24:11 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2007/09/26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Stuurprogramma voor Intel®
DRV - [2007/04/13 02:02:56 | 000,157,184 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/03/06 22:38:52 | 000,323,584 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/27 09:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 09:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 09:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/21 14:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 09:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Stuurprogramma voor Intel®
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/05 02:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/01/31 12:20:03 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/01/31 12:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Van Dale Woordenboek"
FF - prefs.js..browser.startup.homepage: "https://www.facebook....com/login.php"
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.1
FF - prefs.js..network.proxy.no_proxies_on: "*.telenet.be, *.pandora.be, 127.0.0.1"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Batmobiel\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/08 19:57:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/08 19:57:46 | 000,000,000 | ---D | M]

[2009/07/09 17:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Extensions
[2009/07/09 17:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/10/08 23:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Firefox\Profiles\qct6qbvs.default\extensions
[2010/08/06 10:43:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Firefox\Profiles\qct6qbvs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/08 23:55:29 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Firefox\Profiles\qct6qbvs.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/10/08 23:55:35 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Firefox\Profiles\qct6qbvs.default\extensions\[email protected]
[2011/10/08 19:57:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/21 23:12:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/09/29 09:28:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/21 23:11:18 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/03/29 11:56:22 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll
[2011/09/29 02:35:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 03:16:03 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2011/09/29 03:16:03 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2011/09/29 03:16:03 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml

O1 HOSTS File: ([2011/10/18 23:23:44 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [*editproxymgr.exe] "C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\editproxymgr.exe" File not found
O4 - HKCU..\RunOnce: [*uibootaction.exe] "C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uibootaction.exe" File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10u_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O4 - Startup: C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spybot - Search & Destroy.lnk = C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
F3 - HKCU WinNT: Load - (C:\Users\BATMOB~1\AppData\Local\Temp\csrss.exe) - File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.4 195.130.131.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DC71365-4E92-4D5F-AFFB-1E1A12183C2F}: DhcpNameServer = 195.130.130.4 195.130.131.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Batmobiel\AppData\Roaming\dwm.exe) - File not found
O24 - Desktop WallPaper: C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/27 23:06:50 | 000,000,000 | ---D | M] - C:\autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/18 23:23:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/18 22:49:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Batmobiel\Desktop\OTL.exe
[2011/10/17 21:03:06 | 000,000,000 | ---D | C] -- C:\Users\Batmobiel\AppData\Roaming\Malwarebytes
[2011/10/17 21:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/17 21:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/17 21:02:30 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/17 21:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/17 20:32:50 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/10/13 08:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/10/11 23:21:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/10/11 23:21:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/10/11 23:21:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/10/11 22:50:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/10/10 22:24:12 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/10/10 22:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/10/10 22:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/10/10 22:14:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/09 20:50:28 | 000,000,000 | ---D | C] -- C:\Users\Batmobiel\AppData\Local\temp
[2011/10/09 20:20:36 | 000,209,408 | ---- | C] (©if systems) -- C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hostaclaudit.exe
[2011/10/09 20:16:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/08 23:49:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2005/01/01 21:05:00 | 000,456,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\DAO3032.DLL

========== Files - Modified Within 30 Days ==========

[2011/10/18 23:41:00 | 000,000,970 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/10/18 23:30:02 | 000,007,808 | ---- | M] () -- C:\Users\Batmobiel\AppData\Local\d3d9caps.dat
[2011/10/18 23:29:46 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/18 23:29:05 | 000,048,443 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/10/18 23:27:46 | 000,000,440 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011/10/18 23:27:08 | 000,048,443 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/10/18 23:27:06 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/18 23:26:57 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/18 23:26:57 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/18 23:26:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/18 23:26:29 | 2145,583,104 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/18 23:23:44 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/10/18 22:49:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Batmobiel\Desktop\OTL.exe
[2011/10/18 15:10:54 | 000,722,486 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2011/10/18 15:10:54 | 000,641,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/18 15:10:54 | 000,148,962 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2011/10/18 15:10:53 | 000,122,778 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/18 14:28:28 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{58BD6466-5970-429D-873B-F54947271CCC}.job
[2011/10/17 21:02:36 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/17 20:41:22 | 003,991,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/17 20:39:03 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/10/17 13:50:54 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/10/17 13:50:54 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/10/13 11:57:15 | 000,000,940 | ---- | M] () -- C:\Users\Batmobiel\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook starten.lnk
[2011/10/13 08:57:37 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/10/13 08:57:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/10/11 23:19:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/10/10 22:24:15 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/10/10 22:19:23 | 000,001,659 | ---- | M] () -- C:\Users\Batmobiel\Application Data\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk
[2011/10/10 22:11:24 | 010,268,672 | ---- | M] () -- C:\Users\Batmobiel\Desktop\Ad-Aware95Install.msi
[2011/10/09 08:39:07 | 000,337,457 | ---- | M] () -- C:\Users\Batmobiel\Desktop\PC infected with Win32_Fakeyak - Geeks to Go Forums.pdf
[2011/10/08 19:57:54 | 000,000,872 | ---- | M] () -- C:\Users\Batmobiel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/08 19:57:54 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2011/10/17 21:02:36 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 08:57:37 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/10/13 08:57:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/10/11 23:19:31 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/10/10 22:24:15 | 000,000,939 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/10/10 22:19:23 | 000,001,659 | ---- | C] () -- C:\Users\Batmobiel\Application Data\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk
[2011/10/10 22:11:23 | 010,268,672 | ---- | C] () -- C:\Users\Batmobiel\Desktop\Ad-Aware95Install.msi
[2011/10/09 08:39:22 | 000,337,457 | ---- | C] () -- C:\Users\Batmobiel\Desktop\PC infected with Win32_Fakeyak - Geeks to Go Forums.pdf
[2011/10/09 08:14:58 | 000,048,443 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/10/09 08:14:41 | 000,048,443 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/10/08 19:57:54 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/08 19:57:54 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/13 09:31:09 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/05/30 19:24:12 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/30 19:24:12 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2009/11/26 08:12:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/26 08:12:06 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/26 04:01:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/09/22 18:34:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/09/10 23:57:03 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/08/07 00:24:27 | 000,016,103 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\UserTile.png
[2008/03/22 10:24:46 | 000,007,808 | ---- | C] () -- C:\Users\Batmobiel\AppData\Local\d3d9caps.dat
[2008/03/22 00:53:07 | 000,008,192 | -HS- | C] () -- C:\Windows\o2cLicStore.bin
[2007/11/26 22:26:08 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2007/10/19 23:00:09 | 000,000,392 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/16 22:12:21 | 000,069,577 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\nvModes.001
[2007/10/16 22:12:20 | 000,069,577 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\nvModes.dat
[2007/10/16 09:53:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/10/16 00:35:11 | 000,248,320 | ---- | C] () -- C:\Users\Batmobiel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/26 19:53:37 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/09/26 12:07:41 | 000,006,656 | ---- | C] () -- C:\Windows\System32\stacutil.dll
[2007/09/26 11:59:13 | 000,002,140 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/11/29 10:44:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 21:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 18:11:51 | 000,722,486 | ---- | C] () -- C:\Windows\System32\perfh013.dat
[2006/11/02 18:11:51 | 000,336,440 | ---- | C] () -- C:\Windows\System32\perfi013.dat
[2006/11/02 18:11:51 | 000,148,962 | ---- | C] () -- C:\Windows\System32\perfc013.dat
[2006/11/02 18:11:51 | 000,041,976 | ---- | C] () -- C:\Windows\System32\perfd013.dat
[2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:47:37 | 003,991,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:33:01 | 000,641,850 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,122,778 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/01/01 21:05:00 | 000,126,976 | ---- | C] () -- C:\Windows\System32\mbUtil.dll
[2005/01/01 21:05:00 | 000,000,662 | ---- | C] () -- C:\Windows\Contact.INI
[2003/04/07 13:10:22 | 000,005,443 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

========== LOP Check ==========

[2008/02/18 12:33:19 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Alias
[2007/10/21 23:02:28 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Ansys
[2010/12/28 00:48:21 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Autodesk
[2011/10/18 00:01:59 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Azureus
[2010/06/14 18:43:00 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Facebook
[2011/04/17 20:57:39 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\HTC
[2011/04/16 22:39:58 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2007/10/24 23:51:34 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\iScreensaver
[2011/04/17 20:57:40 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Outlook
[2010/12/18 00:26:30 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Power MP3 Cutter
[2010/11/11 23:02:10 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/07/09 17:33:40 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\TomTom
[2010/02/20 23:54:52 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\VOWSoft
[2011/10/17 20:39:27 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/18 14:28:28 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{58BD6466-5970-429D-873B-F54947271CCC}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Viper Suisse:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Torrents:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Ski_Tag:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Ski Tag + Els:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Sabrina dag 4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Sabrina dag 3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Sabrina dag 2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Sabrina dag 1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Liberation:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Kodak januari:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\hydrofoilb.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\hydrofoil.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\harde 2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\V-shape:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Verslagen zwitserland:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\tracklists trancefm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\TomTom:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\StudioTools:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Solar Boat Reportage.mov:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\RVA:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\OldVersions:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\MP3voornovember:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Mijn ontvangen bestanden:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Kreativ Squareheads 1.0:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Inventor:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Inventor renders:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\hulls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\GTA Vice City User Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Boot - nietkdg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Bluetooth-uitwisselingsmap:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Azureus Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\waterklok parijs.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\usb ski:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Sollicitaties:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Scannen0002.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Scannen0001.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Sabrina 2-2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Sabrina 2-1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Italie en passen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\DSC03399.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Dirk en bergrennen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Bodensee rond:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\7230_144463934260_600109260_2679915_8107794_n.jpg:Roxio EMC Stream

< End of report >
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Databaseversie: 7967

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

18/10/2011 23:57:17
mbam-log-2011-10-18 (23-57-06).txt

Scantype: Snelle scan
Objecten gescand: 259986
Verstreken tijd: 7 minuut/minuten, 13 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 2
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> No action taken.

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)


Still two registry entries
  • 0

#25
Essexboy
Posted 19 October 2011 - 10:55 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm there are two more that appeared in the OTL scan that weren't there yesterday, so something must be hidden that I am not seeing

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKCU..\RunOnce: [*editproxymgr.exe] "C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\editproxymgr.exe" File not found
    O4 - HKCU..\RunOnce: [*uibootaction.exe] "C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uibootaction.exe" File not found
    F3 - HKCU WinNT: Load - (C:\Users\BATMOB~1\AppData\Local\Temp\csrss.exe) - File not found
    O20 - HKCU Winlogon: Shell - (C:\Users\Batmobiel\AppData\Roaming\dwm.exe) - File not found

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

Advertisements

#26
DEME
Posted 19 October 2011 - 05:11 PM

DEME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OTL:

OTL logfile created on: 20/10/2011 0:19:32 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Batmobiel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

2,00 Gb Total Physical Memory | 0,48 Gb Available Physical Memory | 23,92% Memory free
4,23 Gb Paging File | 2,54 Gb Available in Paging File | 60,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,44 Gb Total Space | 2,74 Gb Free Space | 2,01% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 1,26 Gb Free Space | 12,60% Space Free | Partition Type: NTFS

Computer Name: PC_BATMOBIEL | User Name: Batmobiel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/18 22:49:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Batmobiel\Desktop\OTL.exe
PRC - [2011/10/14 08:47:13 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/14 08:47:12 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/09/29 09:28:21 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/07 22:09:32 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2009/11/13 13:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/11/13 13:31:12 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/03/12 18:36:24 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
PRC - [2009/01/26 16:31:16 | 002,144,088 | -HS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/11/21 01:24:10 | 000,054,784 | ---- | M] (Macrovision) -- C:\Windows\System32\drivers\CDAC11BA.EXE
PRC - [2007/10/21 18:25:16 | 000,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2007/04/18 06:48:18 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/04/18 05:31:58 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/04/16 17:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/03/15 13:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/03/06 22:38:28 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/03/06 22:37:30 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2007/02/20 14:01:12 | 001,125,088 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/02/13 17:28:14 | 000,032,768 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
PRC - [2007/02/13 17:26:46 | 000,049,152 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
PRC - [2006/11/05 12:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 11:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/11/03 18:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 18:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/09/09 01:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2006/09/09 01:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2005/01/18 17:37:30 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/29 09:28:21 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 22:24:04 | 000,076,800 | ---- | M] () -- C:\Users\Batmobiel\AppData\Roaming\Mozilla\Firefox\Profiles\qct6qbvs.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko7.dll
MOD - [2011/01/07 22:09:34 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011/01/07 22:09:32 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011/01/07 22:09:32 | 000,352,256 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011/01/07 22:09:32 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011/01/07 22:09:32 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011/01/07 22:09:32 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2007/02/20 14:01:18 | 000,105,184 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2006/11/05 11:58:44 | 000,516,096 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006/11/05 11:28:18 | 004,587,520 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006/11/03 18:46:24 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006/11/03 18:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - [2011/10/18 22:37:05 | 003,552,856 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_807ba95.dll -- (Akamai)
SRV - [2011/10/14 08:47:12 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/04 03:27:28 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/08/24 13:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/03/12 18:36:24 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/21 01:24:10 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\Windows\System32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2007/10/21 18:25:16 | 000,079,360 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/03/06 22:38:28 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/02/13 17:28:14 | 000,032,768 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe -- (Autodesk Data Management Job Dispatch)
SRV - [2007/02/13 17:26:46 | 000,049,152 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe -- (Autodesk EDM Server)


========== Driver Services (SafeList) ==========

DRV - [2011/08/18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/08/18 15:25:12 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/06/23 10:23:44 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/06/16 15:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2007/11/21 01:24:11 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2007/09/26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Stuurprogramma voor Intel®
DRV - [2007/04/13 02:02:56 | 000,157,184 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/03/06 22:38:52 | 000,323,584 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/27 09:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 09:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 09:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/21 14:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 09:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Stuurprogramma voor Intel®
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/05 02:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/01/31 12:20:03 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/01/31 12:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Van Dale Woordenboek"
FF - prefs.js..browser.startup.homepage: "https://www.facebook....com/login.php"
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.1
FF - prefs.js..network.proxy.no_proxies_on: "*.telenet.be, *.pandora.be, 127.0.0.1"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Batmobiel\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/08 19:57:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/08 19:57:46 | 000,000,000 | ---D | M]

[2009/07/09 17:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Extensions
[2009/07/09 17:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/10/08 23:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Firefox\Profiles\qct6qbvs.default\extensions
[2010/08/06 10:43:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Firefox\Profiles\qct6qbvs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/08 23:55:29 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Firefox\Profiles\qct6qbvs.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/10/08 23:55:35 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Batmobiel\AppData\Roaming\mozilla\Firefox\Profiles\qct6qbvs.default\extensions\[email protected]
[2011/10/08 19:57:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/21 23:12:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/09/29 09:28:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/21 23:11:18 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/03/29 11:56:22 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll
[2011/09/29 02:35:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 03:16:03 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2011/09/29 03:16:03 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2011/09/29 03:16:03 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml

O1 HOSTS File: ([2011/10/20 00:09:22 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [*editproxymgr.exe] "C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\editproxymgr.exe" File not found
O4 - HKCU..\RunOnce: [*uibootaction.exe] "C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uibootaction.exe" File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10u_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O4 - Startup: C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spybot - Search & Destroy.lnk = C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
F3 - HKCU WinNT: Load - (C:\Users\BATMOB~1\AppData\Local\Temp\csrss.exe) - File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.131.132 195.130.130.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DC71365-4E92-4D5F-AFFB-1E1A12183C2F}: DhcpNameServer = 195.130.131.132 195.130.130.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Batmobiel\AppData\Roaming\dwm.exe) - File not found
O24 - Desktop WallPaper: C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/27 23:06:50 | 000,000,000 | ---D | M] - C:\autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/20 00:23:27 | 004,266,378 | ---- | C] (Swearware) -- C:\Users\Batmobiel\Desktop\ComboFix.exe
[2011/10/18 23:23:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/18 22:49:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Batmobiel\Desktop\OTL.exe
[2011/10/17 21:03:06 | 000,000,000 | ---D | C] -- C:\Users\Batmobiel\AppData\Roaming\Malwarebytes
[2011/10/17 21:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/17 21:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/17 21:02:30 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/17 21:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/17 20:32:50 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/10/13 08:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/10/11 23:21:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/10/11 23:21:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/10/11 23:21:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/10/11 22:50:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/10/10 22:24:12 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/10/10 22:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/10/10 22:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/10/10 22:14:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/09 20:50:28 | 000,000,000 | ---D | C] -- C:\Users\Batmobiel\AppData\Local\temp
[2011/10/09 20:20:36 | 000,209,408 | ---- | C] (©if systems) -- C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hostaclaudit.exe
[2011/10/09 20:16:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/08 23:49:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2005/01/01 21:05:00 | 000,456,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\DAO3032.DLL

========== Files - Modified Within 30 Days ==========

[2011/10/20 00:23:52 | 004,266,378 | ---- | M] (Swearware) -- C:\Users\Batmobiel\Desktop\ComboFix.exe
[2011/10/20 00:21:02 | 000,000,970 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/10/20 00:15:45 | 000,048,443 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/10/20 00:14:18 | 000,000,440 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011/10/20 00:14:03 | 000,048,443 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/10/20 00:14:02 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/20 00:13:55 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/20 00:13:55 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/20 00:13:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/20 00:13:43 | 2145,583,104 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/20 00:12:09 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/10/20 00:09:22 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/10/19 23:28:00 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/19 15:09:26 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{58BD6466-5970-429D-873B-F54947271CCC}.job
[2011/10/18 23:30:02 | 000,007,808 | ---- | M] () -- C:\Users\Batmobiel\AppData\Local\d3d9caps.dat
[2011/10/18 22:49:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Batmobiel\Desktop\OTL.exe
[2011/10/18 15:10:54 | 000,722,486 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2011/10/18 15:10:54 | 000,641,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/18 15:10:54 | 000,148,962 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2011/10/18 15:10:53 | 000,122,778 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/17 21:02:36 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/17 20:41:22 | 003,991,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/17 13:50:54 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/10/17 13:50:54 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/10/13 11:57:15 | 000,000,940 | ---- | M] () -- C:\Users\Batmobiel\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook starten.lnk
[2011/10/13 08:57:37 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/10/13 08:57:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/10/11 23:19:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/10/10 22:24:15 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/10/10 22:19:23 | 000,001,659 | ---- | M] () -- C:\Users\Batmobiel\Application Data\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk
[2011/10/10 22:11:24 | 010,268,672 | ---- | M] () -- C:\Users\Batmobiel\Desktop\Ad-Aware95Install.msi
[2011/10/09 08:39:07 | 000,337,457 | ---- | M] () -- C:\Users\Batmobiel\Desktop\PC infected with Win32_Fakeyak - Geeks to Go Forums.pdf
[2011/10/08 19:57:54 | 000,000,872 | ---- | M] () -- C:\Users\Batmobiel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/08 19:57:54 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2011/10/17 21:02:36 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 08:57:37 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/10/13 08:57:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/10/11 23:19:31 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/10/10 22:24:15 | 000,000,939 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/10/10 22:19:23 | 000,001,659 | ---- | C] () -- C:\Users\Batmobiel\Application Data\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk
[2011/10/10 22:11:23 | 010,268,672 | ---- | C] () -- C:\Users\Batmobiel\Desktop\Ad-Aware95Install.msi
[2011/10/09 08:39:22 | 000,337,457 | ---- | C] () -- C:\Users\Batmobiel\Desktop\PC infected with Win32_Fakeyak - Geeks to Go Forums.pdf
[2011/10/09 08:14:58 | 000,048,443 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/10/09 08:14:41 | 000,048,443 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/10/08 19:57:54 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/08 19:57:54 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/13 09:31:09 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/05/30 19:24:12 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/30 19:24:12 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2009/11/26 08:12:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/26 08:12:06 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/26 04:01:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/09/22 18:34:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/09/10 23:57:03 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/08/07 00:24:27 | 000,016,103 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\UserTile.png
[2008/03/22 10:24:46 | 000,007,808 | ---- | C] () -- C:\Users\Batmobiel\AppData\Local\d3d9caps.dat
[2008/03/22 00:53:07 | 000,008,192 | -HS- | C] () -- C:\Windows\o2cLicStore.bin
[2007/11/26 22:26:08 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2007/10/19 23:00:09 | 000,000,392 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/16 22:12:21 | 000,069,577 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\nvModes.001
[2007/10/16 22:12:20 | 000,069,577 | ---- | C] () -- C:\Users\Batmobiel\AppData\Roaming\nvModes.dat
[2007/10/16 09:53:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/10/16 00:35:11 | 000,248,320 | ---- | C] () -- C:\Users\Batmobiel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/26 19:53:37 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/09/26 12:07:41 | 000,006,656 | ---- | C] () -- C:\Windows\System32\stacutil.dll
[2007/09/26 11:59:13 | 000,002,140 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/11/29 10:44:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 21:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 18:11:51 | 000,722,486 | ---- | C] () -- C:\Windows\System32\perfh013.dat
[2006/11/02 18:11:51 | 000,336,440 | ---- | C] () -- C:\Windows\System32\perfi013.dat
[2006/11/02 18:11:51 | 000,148,962 | ---- | C] () -- C:\Windows\System32\perfc013.dat
[2006/11/02 18:11:51 | 000,041,976 | ---- | C] () -- C:\Windows\System32\perfd013.dat
[2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:47:37 | 003,991,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:33:01 | 000,641,850 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,122,778 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/01/01 21:05:00 | 000,126,976 | ---- | C] () -- C:\Windows\System32\mbUtil.dll
[2005/01/01 21:05:00 | 000,000,662 | ---- | C] () -- C:\Windows\Contact.INI
[2003/04/07 13:10:22 | 000,005,443 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

========== LOP Check ==========

[2008/02/18 12:33:19 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Alias
[2007/10/21 23:02:28 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Ansys
[2010/12/28 00:48:21 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Autodesk
[2011/10/20 00:00:58 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Azureus
[2010/06/14 18:43:00 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Facebook
[2011/04/17 20:57:39 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\HTC
[2011/04/16 22:39:58 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2007/10/24 23:51:34 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\iScreensaver
[2011/04/17 20:57:40 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Outlook
[2010/12/18 00:26:30 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\Power MP3 Cutter
[2010/11/11 23:02:10 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/07/09 17:33:40 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\TomTom
[2010/02/20 23:54:52 | 000,000,000 | ---D | M] -- C:\Users\Batmobiel\AppData\Roaming\VOWSoft
[2011/10/20 00:12:25 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/19 15:09:26 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{58BD6466-5970-429D-873B-F54947271CCC}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Viper Suisse:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Torrents:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Ski_Tag:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Ski Tag + Els:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Sabrina dag 4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Sabrina dag 3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Sabrina dag 2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Sabrina dag 1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Liberation:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Kodak januari:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\hydrofoilb.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\hydrofoil.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\harde 2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\V-shape:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Verslagen zwitserland:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\tracklists trancefm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\TomTom:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\StudioTools:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Solar Boat Reportage.mov:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\RVA:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\OldVersions:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\MP3voornovember:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Mijn ontvangen bestanden:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Kreativ Squareheads 1.0:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Inventor:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Inventor renders:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\hulls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\GTA Vice City User Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Boot - nietkdg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Bluetooth-uitwisselingsmap:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Documents\Azureus Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\waterklok parijs.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\usb ski:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Sollicitaties:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Scannen0002.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Scannen0001.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Sabrina 2-2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Sabrina 2-1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Italie en passen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\DSC03399.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Dirk en bergrennen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\Bodensee rond:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Batmobiel\Desktop\7230_144463934260_600109260_2679915_8107794_n.jpg:Roxio EMC Stream

< End of report >
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ComboFix:

ComboFix 11-10-19.06 - Batmobiel 20/10/2011 0:35.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2045.681 [GMT 2:00]
Gestart vanuit: c:\users\Batmobiel\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-09-19 to 2011-10-19 ))))))))))))))))))))))))))))))
.
.
2011-10-19 22:13 . 2011-10-19 22:13 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C29888A-C59A-49B3-B879-1C4B57DA7212}\offreg.dll
2011-10-18 21:23 . 2011-10-18 21:23 -------- d-----w- C:\_OTL
2011-10-18 08:53 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C29888A-C59A-49B3-B879-1C4B57DA7212}\mpengine.dll
2011-10-17 19:03 . 2011-10-17 19:03 -------- d-----w- c:\users\Batmobiel\AppData\Roaming\Malwarebytes
2011-10-17 19:02 . 2011-10-17 19:02 -------- d-----w- c:\programdata\Malwarebytes
2011-10-17 19:02 . 2011-10-18 21:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-17 19:02 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-13 19:45 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-10-13 06:58 . 2011-10-13 06:58 -------- d-----w- c:\program files\Windows Portable Devices
2011-10-13 06:38 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-10-13 06:38 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-10-13 06:38 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-10-13 06:37 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-10-13 06:37 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-10-13 06:37 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-10-13 06:37 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-10-13 06:37 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-10-13 06:37 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-10-13 06:37 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-10-12 09:29 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-10-12 09:29 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-10-12 09:29 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-10-12 09:29 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-10-12 09:29 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-10-12 09:29 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-10-12 09:29 . 2011-01-20 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-10-12 09:29 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-10-12 09:29 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-10-12 09:29 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-10-12 09:29 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-10-12 09:29 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-10-12 09:29 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-10-12 09:27 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-12 09:27 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-12 09:27 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-10-12 09:26 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-10-11 21:21 . 2011-10-11 21:21 -------- d-----w- c:\windows\system32\ca-ES
2011-10-11 21:21 . 2011-10-11 21:21 -------- d-----w- c:\windows\system32\eu-ES
2011-10-11 21:21 . 2011-10-11 21:21 -------- d-----w- c:\windows\system32\vi-VN
2011-10-11 20:50 . 2011-10-11 20:50 -------- d-----w- c:\windows\system32\EventProviders
2011-10-10 20:24 . 2011-08-18 13:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-10 20:23 . 2011-10-10 20:23 -------- d-----w- c:\program files\Lavasoft
2011-10-09 18:50 . 2011-10-19 22:46 -------- d-----w- c:\users\Batmobiel\AppData\Local\temp
2011-10-09 18:50 . 2009-04-11 04:39 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-10-09 18:20 . 2011-10-09 18:20 209408 ----a-w- c:\users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hostaclaudit.exe
2011-10-08 21:49 . 2011-10-13 06:28 -------- d-----w- c:\windows\system32\MpEngineStore
2011-10-08 17:57 . 2011-09-29 07:28 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-10-08 17:57 . 2011-09-29 07:28 773080 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-10-08 17:57 . 2011-09-29 07:28 1833944 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-10-08 17:57 . 2011-09-29 07:28 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-10-08 17:57 . 2011-09-29 07:28 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-10-08 17:57 . 2011-09-29 07:28 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-10-08 17:57 . 2011-09-29 00:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-10-08 17:57 . 2011-09-29 00:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-01-01 19:05 . 2005-01-01 19:05 456976 ----a-w- c:\program files\Common Files\DAO3032.DLL
2011-09-29 07:28 . 2011-10-08 17:57 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-28 18:03 . 2008-09-24 19:10 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-04-15 10:33 2515552 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-04-18 159744]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-28 30192]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-20 213936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-07 585728]
"SigmatelSysTrayApp"="sttray.exe" [2007-03-06 303104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mozilla Firefox.lnk - c:\program files\Mozilla Firefox\firefox.exe [2007-10-16 924632]
Spybot - Search & Destroy.lnk - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-1-19 5365592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-9-26 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 gupdate1ca03336c81a5f0;Google Updateservice (gupdate1ca03336c81a5f0);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 133104]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-28 30192]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 133104]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-09 24576]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-08-18 64512]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-10-14 2151640]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-08-18 15232]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Akamai REG_MULTI_SZ Akamai
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de 'Gedeelde Taken' map
.
2011-10-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-12 21:40]
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 20:57]
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 20:57]
.
2011-10-19 c:\windows\Tasks\User_Feed_Synchronization-{58BD6466-5970-429D-873B-F54947271CCC}.job
- c:\windows\system32\msfeedssync.exe [2011-10-12 21:29]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
TCP: DhcpNameServer = 195.130.131.132 195.130.130.4
FF - ProfilePath - c:\users\Batmobiel\AppData\Roaming\Mozilla\Firefox\Profiles\qct6qbvs.default\
FF - prefs.js: browser.search.selectedEngine - Van Dale Woordenboek
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/login.php
FF - prefs.js: network.proxy.type - 4
.
.
------- Bestandsassociaties -------
.
.scr=DWGTrueViewScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-20 00:46
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2011-10-20 00:50:21
ComboFix-quarantined-files.txt 2011-10-19 22:50
.
Pre-Run: 2.761.932.800 bytes beschikbaar
Post-Run: 2.626.297.856 bytes beschikbaar
.
- - End Of File - - 6A9AE8461EAA11F9B2E1F891531075C6



Computer still running ok. MBAM Quick Scan reports the same register entries ...Maybe I can try to overwrite/delete them manually?

I'll be running a full scan overnight, see u back tomorrow!
  • 0

#27
DEME
Posted 20 October 2011 - 12:39 AM

DEME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
MBAM Full Scan:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Databaseversie: 7985

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

20/10/2011 8:36:48
mbam-log-2011-10-20 (08-36-36).txt

Scantype: Volledige scan (C:\|)
Objecten gescand: 528123
Verstreken tijd: 1 uur/uren, 54 minuut/minuten, 21 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 2
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 11

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> No action taken.

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
c:\Users\batmobiel\AppData\Roaming\microsoft\Windows\start menu\Programs\hostaclaudit.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\batmobiel\downloads\autodesk\student\422\aip_student\Support\dwgviewer\Setup.exe (Heuristics.Shuriken) -> No action taken.
c:\_OTL\movedfiles\10182011_232337\C_Users\batmobiel\Desktop\rk_quarantine\aclappbridge.exe.vir (Trojan.FakeAlert) -> No action taken.
c:\_OTL\movedfiles\10182011_232337\C_Users\batmobiel\Desktop\rk_quarantine\amdrescpl.exe.vir (Trojan.FakeAlert) -> No action taken.
c:\_OTL\movedfiles\10182011_232337\C_Users\batmobiel\Desktop\rk_quarantine\appaudiohost.exe.vir (Trojan.FakeAlert) -> No action taken.
c:\_OTL\movedfiles\10182011_232337\C_Users\batmobiel\Desktop\rk_quarantine\audiobaseadm.exe.vir (Trojan.FakeAlert) -> No action taken.
c:\_OTL\movedfiles\10182011_232337\C_Users\batmobiel\Desktop\rk_quarantine\bootauthui.exe.vir (Trojan.FakeAlert) -> No action taken.
c:\_OTL\movedfiles\10182011_232337\C_Users\batmobiel\Desktop\rk_quarantine\cryptdbgcore.exe.vir (Trojan.FakeAlert) -> No action taken.
c:\_OTL\movedfiles\10182011_232337\C_Users\batmobiel\Desktop\rk_quarantine\editprovfat.exe.vir (Trojan.FakeAlert) -> No action taken.
c:\_OTL\movedfiles\10182011_232337\C_Users\batmobiel\Desktop\rk_quarantine\fataclaudio.exe.vir (Trojan.FakeAlert) -> No action taken.
c:\_OTL\movedfiles\10182011_232337\C_Users\batmobiel\Desktop\rk_quarantine\uidebugprov.exe.vir (Trojan.FakeAlert) -> No action taken.
  • 0

#28
Essexboy
Posted 20 October 2011 - 11:29 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Combofix does not appear to be seeing them

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\Users\batmobiel\AppData\Roaming\microsoft\Windows\start menu\Programs\hostaclaudit.exe
C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\editproxymgr.exe
C:\Users\Batmobiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uibootaction.exe



Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

THEN

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
Megaupload
  • 0

#29
DEME
Posted 20 October 2011 - 02:18 PM

DEME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I'll do this tomorrow, not enough time today. Sorry
  • 0

#30
Essexboy
Posted 20 October 2011 - 02:27 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem I understand real life rules :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP