Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Is my laptop hacked or infected with a root kit!? [Solved]

Started by SpyCatsher , Jan 27 2012 11:29 PM

This topic is locked

#16
SpyCatsher

Posted 08 February 2012 - 12:36 PM

Member

Topic Starter
Member
141 posts

Hi Render,

Here is the scan result you requested, with one note: AVG is already removed a while back. The AVG files mentioned in the report were not possible to remove then, or couldn't locate them. Also AVG service is disabled, AVG Real Time File was removed then, and AVG Registry Keys. I had a warning about Real Time AVG Anti Virus 2012 from CombFix but I went on with the scan. Yesterday I didn't have this warning.

Many thanks already

ComboFix 12-02-07.01 - Eigenaar 08-02-2012 18:14:28.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.766.481 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFixFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Eigenaar\Bureaublad\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\docume~1\Eigenaar\LOCALS~1\Temp\HNM.exe"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_HNM
-------\Service_HNM
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-01-08 to 2012-02-08 ))))))))))))))))))))))))))))))
.
.
2012-02-08 16:02 . 2012-01-06 04:19 6557240 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EDDB77C3-4ABE-4429-8099-D8930EF09F83}\mpengine.dll
2012-02-07 09:30 . 2012-02-08 17:07 -------- dc-h--r- c:\documents and settings\Eigenaar\Onlangs geopend
2012-01-20 12:45 . 2012-01-20 12:45 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-01-11 08:52 . 2012-01-11 08:52 -------- dc----w- c:\program files\Speccy
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2011-12-23 18:32 237072 -c----w- c:\windows\system32\MpSigStub.exe
2012-01-06 04:19 . 2011-12-24 14:41 6557240 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-26 17:28 . 2011-12-26 17:28 101720 -c--a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-10 14:24 . 2012-01-04 18:11 20464 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 18:16 . 2011-12-02 11:15 637240 -c--a-w- c:\program files\autoruns.exe
2011-12-07 18:16 . 2011-12-02 11:15 557368 -c--a-w- c:\program files\autorunsc.exe
2011-11-28 18:01 . 2011-12-07 21:46 41184 -c--a-w- c:\windows\avastSS.scr
2011-11-25 21:57 . 2003-07-23 21:30 293888 -c--a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2003-07-23 21:29 1859712 -c--a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2003-07-23 21:18 60928 -c--a-w- c:\windows\system32\packager.exe
2011-11-16 14:22 . 2003-07-23 21:30 354816 -c--a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:22 . 2003-07-23 21:22 152064 -c--a-w- c:\windows\system32\schannel.dll
2011-09-09 14:05 . 2011-09-09 14:05 58948168 -c--a-w- c:\program files\setup_av_free.exe
2012-01-29 15:55 . 2011-09-10 15:17 134104 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-07_20.55.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-08 17:22 . 2012-02-08 17:22 40960 c:\windows\temp\rtdrvmon.exe
+ 2012-02-07 21:52 . 2012-02-07 21:52 189000 c:\windows\system32\FNTCACHE.DAT
+ 2011-09-11 13:02 . 2012-02-08 17:22 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2011-09-11 13:02 . 2012-02-07 09:29 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-10-27 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-10-27 118784]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 270336]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"RAM Idle Professional"="c:\program files\TweakNow PowerPack 2011\Module32\RAM2_XP.exe" [2011-04-14 82280]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
2011-05-15 19:53 325512 ------w- c:\program files\BillP Studios\WinPatrol\WinPatrol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol [FREE Edition]]
2011-05-15 19:53 325512 ------w- c:\program files\BillP Studios\WinPatrol\WinPatrol.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22-7-2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12-7-2011 22:55 67664]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [21-6-2011 17:57 196912]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [19-4-2011 7:44 993848]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [1-9-2010 9:30 15544]
S1 MpKsl806b5706;MpKsl806b5706;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EDDB77C3-4ABE-4429-8099-D8930EF09F83}\MpKsl806b5706.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EDDB77C3-4ABE-4429-8099-D8930EF09F83}\MpKsl806b5706.sys [?]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [19-4-2011 7:44 399416]
S3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [19-7-2011 1:02 116608]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3-11-2011 12:06 2152152]
S4 ApacheS1;ApacheS1;"c:\uniserver\usr\local\apache2\bin\Apache.exe" -k runservice --> c:\uniserver\usr\local\apache2\bin\Apache.exe [?]
S4 MySQLS1;MySQLS1;c:\uniserver\usr\local\mysql\bin\mysqld-opt.exe --defaults-file=C:/UniServer/usr/local/mysql/my.ini MySQLS1 --> c:\uniserver\usr\local\mysql\bin\mysqld-opt.exe --defaults-file=C:/UniServer/usr/local/mysql/my.ini MySQLS1 [?]
S4 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [8-12-2011 1:40 246624]
.
Inhoud van de 'Gedeelde Taken' map
.
2012-02-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 11:06]
.
2012-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
.
------- Bijkomende Scan -------
.
uLocal Page =
TCP: DhcpNameServer = 192.168.2.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\
FF - prefs.js: browser.search.selectedEngine - WOT Safe Search
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-08 18:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
RAM Idle Professional = c:\program files\TweakNow PowerPack 2011\Module32\RAM2_XP.exe?????????=?c:\program files\TweakNow PowerPack 2011\Module32\
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQLS1]
"ImagePath"="c:\uniserver\usr\local\mysql\bin\mysqld-opt.exe --defaults-file=C:/UniServer/usr/local/mysql/my.ini MySQLS1"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(616)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(3740)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
c:\windows\System32\locator.exe
c:\windows\BCMSMMSG.exe
c:\program files\Dell AIO Printer A920\dlbkbmon.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
.
**************************************************************************
.
Voltooingstijd: 2012-02-08 18:26:23 - machine werd herstart
ComboFix-quarantined-files.txt 2012-02-08 17:26
ComboFix2.txt 2012-02-07 20:58
.
Pre-Run: 11.932.966.912 bytes beschikbaar
Post-Run: 11.885.223.936 bytes beschikbaar
.
- - End Of File - - AEEBB5CAE0CF288135CDE82D449330AB

#17
Render

Posted 08 February 2012 - 12:43 PM

Trusted Helper

Malware Removal
4,195 posts

OK. Do the following please:

Download AppRemover and run it.

Click Next >>
Posted Image

Ensure "Remove Security Application" is collected and click Next >>
Posted Image

AppRemover will scan all the security applications on your PC
Posted Image

Select Any AVG entries from the applications offered and click Next >> twice.
Posted Image

Follow any further on-screen instructions. If asked to reboot, please do so.

NEXT...

Posted Image

OTL Custom Scan

Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Select Scan all users
Check the boxes beside LOP Check and Purity Check.

Under the Custom Scans/Fixes box copy and paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open OTL.Txt in Notepad window.
Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

When completed the above, please post back the following in the order asked for:

OTL scan log

#18
SpyCatsher

Posted 08 February 2012 - 01:41 PM

Member

Topic Starter
Member
141 posts

Hi Render,

The AppRemover didn't find any AVG entry, even after searching further with other options. The only active AV program is MS Essentials en was marked with green check mark. If it's ok with you I'll try to delete the AVG files with File Assassin. OTL scan went fine:

OTL logfile created on: 8-2-2012 20:15:24 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Eigenaar\Bureaublad
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

766,33 Mb Total Physical Memory | 587,71 Mb Available Physical Memory | 76,69% Memory free
1,83 Gb Paging File | 1,60 Gb Available in Paging File | 87,76% Paging File free
Paging file location(s): C:\pagefile.sys 1149 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18,78 Gb Total Space | 11,06 Gb Free Space | 58,89% Space Free | Partition Type: NTFS
Drive D: | 11,71 Gb Total Space | 11,63 Gb Free Space | 99,27% Space Free | Partition Type: NTFS
Drive E: | 1004,03 Mb Total Space | 622,93 Mb Free Space | 62,04% Space Free | Partition Type: NTFS
Drive F: | 996,18 Mb Total Space | 980,83 Mb Free Space | 98,46% Space Free | Partition Type: NTFS
Drive G: | 17,58 Gb Total Space | 17,52 Gb Free Space | 99,64% Space Free | Partition Type: NTFS
Drive I: | 5,85 Gb Total Space | 5,81 Gb Free Space | 99,34% Space Free | Partition Type: NTFS

Computer Name: CREATIEF | User Name: Eigenaar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-02-06 19:27:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\OTL.exe
PRC - [2011-06-21 17:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
PRC - [2011-06-15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011-04-27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011-04-19 07:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011-04-19 07:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011-04-14 20:46:44 | 000,082,280 | ---- | M] () -- C:\Program Files\TweakNow PowerPack 2011\Module32\RAM2_XP.exe
PRC - [2008-04-14 21:33:00 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003-06-02 19:50:58 | 000,053,248 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
PRC - [2003-06-02 19:22:54 | 000,270,336 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe

========== Modules (No Company Name) ==========

MOD - [2011-04-14 20:46:44 | 000,082,280 | ---- | M] () -- C:\Program Files\TweakNow PowerPack 2011\Module32\RAM2_XP.exe
MOD - [2003-04-30 20:43:32 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBKPP5C.DLL
MOD - [2003-02-11 19:56:20 | 000,049,152 | ---- | M] () -- C:\Program Files\Dell AIO Printer A920\ConvDIB.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (MySQLS1)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Disabled | Stopped] -- -- (ApacheS1)
SRV - [2011-12-08 01:40:13 | 000,246,624 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011-12-08 00:54:28 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011-11-03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011-06-21 17:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2011-04-27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011-04-19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011-04-19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011-08-17 12:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011-08-17 12:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011-08-17 12:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011-08-17 12:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011-07-22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011-07-12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-09-01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2003-11-07 18:23:58 | 000,248,752 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2003-09-26 08:41:12 | 000,044,032 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003-08-29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2002-10-09 08:20:52 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1085031214-436374069-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKU\S-1-5-21-1085031214-436374069-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "WOT Safe Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}:
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-02-04 12:27:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-11-01 16:12:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: K:\Mozilla\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: K:\Mozilla\plugins

[2011-09-10 18:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Extensions
[2012-02-06 18:04:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions
[2011-12-28 20:21:35 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011-12-08 01:40:34 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar
[2012-01-10 23:48:32 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\[email protected]
[2012-01-10 11:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\kkayrnn2.default\extensions
[2012-02-04 12:21:03 | 000,002,306 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\searchplugins\wot-safe-search.xml
[2012-02-04 12:27:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\EIGENAAR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6SZJK2RX.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\EIGENAAR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6SZJK2RX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\EIGENAAR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6SZJK2RX.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012-01-29 16:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010-12-31 00:39:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012-01-29 14:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-01-29 14:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012-02-08 18:23:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Dell AIO Printer A920] C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe (Dell Computer Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RAM Idle Professional] C:\Program Files\TweakNow PowerPack 2011\Module32\RAM2_XP.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-436374069-1060284298-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1085031214-436374069-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1085031214-436374069-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1085031214-436374069-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35751F28-AEA5-4E74-B19B-CA68D7DF5B51}: DhcpNameServer = 192.168.2.254
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-09-09 11:50:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-11-11 10:32:48 | 000,000,000 | R--D | M] - E:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-11-11 10:32:48 | 000,000,000 | R--D | M] - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-02-08 19:59:20 | 009,200,064 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Eigenaar\Bureaublad\AppRemover.exe
[2012-02-08 18:26:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012-02-07 21:48:14 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-02-07 21:46:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-02-07 21:46:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-02-07 21:46:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-02-07 21:46:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-02-07 21:44:33 | 004,398,288 | R--- | C] (Swearware) -- C:\Documents and Settings\Eigenaar\Bureaublad\ComboFixFix.exe
[2012-02-07 21:40:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012-02-07 21:40:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-02-07 21:40:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Eigenaar\Menu Start\Programma's\Systeembeheer
[2012-02-07 21:40:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Eigenaar\Mijn documenten\Mijn video's
[2012-02-07 21:40:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documenten\Mijn video's
[2012-02-07 21:39:12 | 004,398,288 | ---- | C] (Swearware) -- C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
[2012-02-07 10:30:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Eigenaar\Onlangs geopend
[2012-02-06 19:27:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\OTL.exe
[2012-02-06 19:01:14 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Eigenaar\Bureaublad\aswMBR.exe
[2012-01-20 13:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012-01-11 09:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Menu Start\Programma's\Speccy
[2012-01-11 09:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012-01-11 09:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Mijn documenten\WEBBEELDEN120111
[2011-12-02 12:15:40 | 000,637,240 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autoruns.exe
[2011-12-02 12:15:40 | 000,557,368 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autorunsc.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-02-08 19:59:52 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Eigenaar\Bureaublad\AppRemover.exe
[2012-02-08 18:38:19 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Mijn documenten\bestanden met de naam HNM.fnd
[2012-02-08 18:23:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-02-08 18:22:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-02-08 18:09:43 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2012-02-07 22:52:02 | 000,189,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-02-07 21:44:35 | 004,398,288 | R--- | M] (Swearware) -- C:\Documents and Settings\Eigenaar\Bureaublad\ComboFixFix.exe
[2012-02-07 21:42:20 | 004,398,288 | ---- | M] (Swearware) -- C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
[2012-02-07 17:40:59 | 000,000,450 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2012-02-06 19:27:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\OTL.exe
[2012-02-06 19:14:49 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Bureaublad\MBR.dat
[2012-02-06 19:02:03 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Eigenaar\Bureaublad\aswMBR.exe
[2012-02-06 18:34:22 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012-02-06 18:33:53 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012-02-06 18:33:53 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012-02-06 14:52:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-02-04 12:27:14 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-02-04 12:27:13 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Mozilla Firefox.lnk
[2012-01-31 13:44:05 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012-01-26 22:38:22 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk
[2012-01-20 16:10:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-01-20 13:52:19 | 000,001,743 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Dell printersupplies - inkjet.lnk
[2012-01-11 23:20:21 | 000,003,012 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Mijn documenten\cc_20120111_232010.reg
[2012-01-11 11:18:00 | 000,001,046 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Bureaublad\Snelkoppeling naar SpyCatcher0.jpeg.lnk
[2012-01-11 09:52:31 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Bureaublad\Speccy.lnk
[2012-01-10 17:07:35 | 000,001,010 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Mijn documenten\Avg.reg
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-02-08 18:38:19 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Mijn documenten\bestanden met de naam HNM.fnd
[2012-02-07 22:52:02 | 000,189,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-02-07 21:48:21 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2012-02-07 21:48:16 | 000,261,936 | RHS- | C] () -- C:\cmldr
[2012-02-07 21:46:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-02-07 21:46:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-02-07 21:46:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-02-07 21:46:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-02-07 21:46:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-02-06 19:14:49 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Bureaublad\MBR.dat
[2012-01-11 23:20:19 | 000,003,012 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Mijn documenten\cc_20120111_232010.reg
[2012-01-11 11:18:00 | 000,001,046 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Bureaublad\Snelkoppeling naar SpyCatcher0.jpeg.lnk
[2012-01-11 09:52:31 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Bureaublad\Speccy.lnk
[2012-01-10 17:07:35 | 000,001,010 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Mijn documenten\Avg.reg
[2012-01-05 01:11:43 | 000,000,172 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012-01-04 18:06:07 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012-01-04 18:06:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011-12-23 18:35:22 | 000,364,882 | ---- | C] () -- C:\WINDOWS\System32\prfh0413.dat
[2011-12-23 18:35:22 | 000,053,850 | ---- | C] () -- C:\WINDOWS\System32\prfc0413.dat
[2011-12-15 20:09:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-11-09 12:28:08 | 000,000,049 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2011-11-05 12:52:32 | 000,049,648 | ---- | C] () -- C:\Program Files\autoruns.chm
[2011-09-18 21:45:53 | 000,000,450 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2011-09-09 15:05:50 | 058,948,168 | ---- | C] () -- C:\Program Files\setup_av_free.exe
[2011-09-09 13:41:33 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011-09-09 13:34:44 | 000,000,395 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011-09-09 11:57:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011-09-09 11:47:33 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006-12-31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003-07-23 22:33:15 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003-07-23 22:33:13 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003-07-23 22:19:22 | 000,318,670 | ---- | C] () -- C:\WINDOWS\System32\perfi013.dat
[2003-07-23 22:19:21 | 000,364,882 | ---- | C] () -- C:\WINDOWS\System32\perfh013.dat
[2003-07-23 22:19:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003-07-23 22:19:20 | 000,311,938 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003-07-23 22:19:19 | 000,039,178 | ---- | C] () -- C:\WINDOWS\System32\perfd013.dat
[2003-07-23 22:19:18 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003-07-23 22:19:17 | 000,053,850 | ---- | C] () -- C:\WINDOWS\System32\perfc013.dat
[2003-07-23 22:19:16 | 000,040,326 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003-07-23 22:17:37 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003-07-23 22:12:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003-07-23 22:11:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003-07-23 22:04:45 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003-07-23 22:03:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003-01-07 22:15:26 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini
[2002-11-13 20:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbkvs.dll

========== LOP Check ==========

[2011-12-14 22:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.CREATIEF\Application Data\TweakNow PowerPack 2011
[2011-12-07 06:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.CREATIEF\Application Data\WinPatrol
[2011-09-11 16:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011-09-18 21:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011-09-10 19:30:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011-09-11 19:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011-12-26 22:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011-09-19 15:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2012-01-05 16:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2011-12-09 04:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Agics
[2011-09-11 22:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Auslogics
[2011-12-31 16:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Downloaded Installations
[2011-09-28 19:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Nitro PDF
[2011-12-28 21:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Thunderbird
[2011-11-28 20:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\TweakNow PowerPack 2011
[2011-12-30 00:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\WinPatrol
[2012-02-06 18:34:22 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008-04-14 21:33:00 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=AA04F042A820BF1868E643575887E1A6 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008-04-14 21:33:00 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=AA04F042A820BF1868E643575887E1A6 -- C:\WINDOWS\explorer.exe
[2008-04-14 22:33:00 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=AA04F042A820BF1868E643575887E1A6 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: SVCHOST.EXE >
[2003-07-23 22:25:32 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=133733E07EF4FDA582BC56F3B281E0BC -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2011-12-24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008-04-14 21:33:16 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E410EC73E2BE2A41D923B006F51C8427 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008-04-14 21:33:16 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E410EC73E2BE2A41D923B006F51C8427 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008-04-14 21:33:16 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E410EC73E2BE2A41D923B006F51C8427 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2003-07-23 22:27:55 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=54EB9CE26234AE9116555C587FAED658 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008-04-14 21:33:18 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6818A533ED3B2FA9936DF3DAF45352DF -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008-04-14 21:33:18 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6818A533ED3B2FA9936DF3DAF45352DF -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008-04-14 21:33:18 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6818A533ED3B2FA9936DF3DAF45352DF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008-04-14 21:33:18 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6818A533ED3B2FA9936DF3DAF45352DF -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008-04-14 21:33:20 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=1247D4D5444E28519BBE31BE8AB4C029 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008-04-14 21:33:20 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=1247D4D5444E28519BBE31BE8AB4C029 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-14 21:33:20 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=1247D4D5444E28519BBE31BE8AB4C029 -- C:\WINDOWS\system32\winlogon.exe
[2011-12-24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2003-07-23 22:30:07 | 000,519,168 | ---- | M] (Microsoft Corporation) MD5=D375231CCA973A06C43E4B6087BFA706 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012-01-29 16:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012-01-29 16:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012-01-29 16:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012-01-29 16:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012-01-29 16:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012-01-29 16:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011-11-04 12:25:39 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011-11-04 12:25:39 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011-11-04 12:25:39 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009-03-08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009-03-08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003-07-23 22:14:45 | 000,090,112 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012-01-29 16:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012-01-29 16:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012-01-29 16:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012-01-29 16:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012-01-29 16:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012-01-29 16:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011-11-04 12:25:39 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011-11-04 12:25:39 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011-11-04 12:25:39 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009-03-08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009-03-08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003-07-23 22:14:45 | 000,090,112 | ---- | M] (Microsoft Corporation)

< End of report >

#19
Render

Posted 08 February 2012 - 03:56 PM

Trusted Helper

Malware Removal
4,195 posts

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Please double click on on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")

Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

:OTL
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
  	
:Files
ipconfig /flushdns /c
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Reg

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYJAVA]
[emptyflash]
[createrestorepoint]
[reboot]

Make sure all other windows are closed and to let it run uninterrupted.
Click on button.
OTL may ask to reboot the machine. Please do so if asked.
Click on button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#20
SpyCatsher

Posted 09 February 2012 - 07:12 AM

Member

Topic Starter
Member
141 posts

Hi Render,

The OTL Fix didn't go well. I followed the steps in your post though. After clicken on Run Fix the Icons and the Toolbar disappeared, which I got used to by now; then the processor fan speed became constantly very high. The very underneath line of the OTL Window said:

processing: O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)...

And the bar directly above it was empty; I'm not sure if it was suppose to show any signs of how the Fix is processing.

After more than an hour the situation didn't change; so I let it run overnight not daring to stop it, so not getting reboot problems, etc.; at the same time I got worried about the high temp. of the CPU, so I took my chances.

About 05.00 h. A.M. (more than 6 hours of Fix) I was a wake, so I checked on it; but the situation was the same. I checked on the OTL Window very carefully and there was no advancement; so I forced power shutdown using the power button, hoping for the best.

I booted the system hours later and everything went smoothly, luckily. I'll be waiting your further instructions.

Thank you

#21
Render

Posted 09 February 2012 - 08:26 AM

Trusted Helper

Malware Removal
4,195 posts

OK. Let's try with AVG Remover. Download it from here to your desktop, run it in then restart your computer.

Next... run OTL.exe, make a Quick scan and post produced log OTL.txt.

#22
SpyCatsher

Posted 09 February 2012 - 10:05 AM

Member

Topic Starter
Member
141 posts

Hi Render,

I ran the avg-remover. The scan went very fast on a black window. After about 2 minutes, maybe even less, the window disappeared and the hdd light went out also. I waited couple of minutes and when there was no sign of any activity I rebooted the lap top. On the desktop appeared 2 logs of the removing process. Then I did an OLT Quick Scan, which you can see below:

OTL logfile created on: 9-2-2012 16:31:41 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Eigenaar\Bureaublad
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

766,33 Mb Total Physical Memory | 488,67 Mb Available Physical Memory | 63,77% Memory free
1,83 Gb Paging File | 1,63 Gb Available in Paging File | 89,22% Paging File free
Paging file location(s): C:\pagefile.sys 1149 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18,78 Gb Total Space | 11,00 Gb Free Space | 58,58% Space Free | Partition Type: NTFS
Drive D: | 11,71 Gb Total Space | 11,63 Gb Free Space | 99,27% Space Free | Partition Type: NTFS
Drive E: | 1004,03 Mb Total Space | 622,95 Mb Free Space | 62,04% Space Free | Partition Type: NTFS
Drive F: | 996,18 Mb Total Space | 980,84 Mb Free Space | 98,46% Space Free | Partition Type: NTFS
Drive G: | 17,58 Gb Total Space | 17,52 Gb Free Space | 99,64% Space Free | Partition Type: NTFS
Drive I: | 5,85 Gb Total Space | 5,81 Gb Free Space | 99,34% Space Free | Partition Type: NTFS

Computer Name: CREATIEF | User Name: Eigenaar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-02-06 19:27:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\OTL.exe
PRC - [2011-06-21 17:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
PRC - [2011-06-15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011-04-27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011-04-19 07:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011-04-19 07:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011-04-14 20:46:44 | 000,082,280 | ---- | M] () -- C:\Program Files\TweakNow PowerPack 2011\Module32\RAM2_XP.exe
PRC - [2008-04-14 21:33:00 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003-06-02 19:50:58 | 000,053,248 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
PRC - [2003-06-02 19:22:54 | 000,270,336 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe

========== Modules (No Company Name) ==========

MOD - [2011-04-14 20:46:44 | 000,082,280 | ---- | M] () -- C:\Program Files\TweakNow PowerPack 2011\Module32\RAM2_XP.exe
MOD - [2003-04-30 20:43:32 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBKPP5C.DLL
MOD - [2003-02-11 19:56:20 | 000,049,152 | ---- | M] () -- C:\Program Files\Dell AIO Printer A920\ConvDIB.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (MySQLS1)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Disabled | Stopped] -- -- (ApacheS1)
SRV - [2011-12-08 01:40:13 | 000,246,624 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011-12-08 00:54:28 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011-11-03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011-06-21 17:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2011-04-27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011-04-19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011-04-19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)

========== Driver Services (SafeList) ==========

DRV - [2012-02-09 16:27:25 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1877A15D-45E6-4A9A-BFB4-6422A38C264D}\MpKsl6e4465a3.sys -- (MpKsl6e4465a3)
DRV - [2011-08-17 12:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011-08-17 12:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011-08-17 12:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011-08-17 12:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011-07-22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011-07-12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-09-01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2003-11-07 18:23:58 | 000,248,752 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2003-09-26 08:41:12 | 000,044,032 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003-08-29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2002-10-09 08:20:52 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "WOT Safe Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}:
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-02-04 12:27:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-11-01 16:12:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: K:\Mozilla\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: K:\Mozilla\plugins

[2011-09-10 18:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Extensions
[2012-02-06 18:04:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions
[2011-12-28 20:21:35 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011-12-08 01:40:34 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar
[2012-01-10 23:48:32 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\[email protected]
[2012-01-10 11:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\kkayrnn2.default\extensions
[2012-02-04 12:21:03 | 000,002,306 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\searchplugins\wot-safe-search.xml
[2012-02-04 12:27:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\EIGENAAR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6SZJK2RX.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\EIGENAAR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6SZJK2RX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\EIGENAAR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6SZJK2RX.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012-01-29 16:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010-12-31 00:39:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012-01-29 14:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-01-29 14:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012-02-08 18:23:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Dell AIO Printer A920] C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe (Dell Computer Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RAM Idle Professional] C:\Program Files\TweakNow PowerPack 2011\Module32\RAM2_XP.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35751F28-AEA5-4E74-B19B-CA68D7DF5B51}: DhcpNameServer = 192.168.2.254
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-09-09 11:50:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-11-11 10:32:48 | 000,000,000 | R--D | M] - E:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-11-11 10:32:48 | 000,000,000 | R--D | M] - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-02-09 16:06:43 | 001,692,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Eigenaar\Bureaublad\avg_remover_stf_x86_2012_1796.exe
[2012-02-08 23:14:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-02-08 19:59:20 | 009,200,064 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Eigenaar\Bureaublad\AppRemover.exe
[2012-02-08 18:26:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012-02-07 21:48:14 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-02-07 21:46:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-02-07 21:46:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-02-07 21:46:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-02-07 21:46:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-02-07 21:44:33 | 004,398,288 | R--- | C] (Swearware) -- C:\Documents and Settings\Eigenaar\Bureaublad\ComboFixFix.exe
[2012-02-07 21:40:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012-02-07 21:40:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-02-07 21:40:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Eigenaar\Menu Start\Programma's\Systeembeheer
[2012-02-07 21:40:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Eigenaar\Mijn documenten\Mijn video's
[2012-02-07 21:40:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documenten\Mijn video's
[2012-02-07 21:39:12 | 004,398,288 | ---- | C] (Swearware) -- C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
[2012-02-07 10:30:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Eigenaar\Onlangs geopend
[2012-02-06 19:27:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\OTL.exe
[2012-02-06 19:01:14 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Eigenaar\Bureaublad\aswMBR.exe
[2012-01-20 13:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012-01-11 09:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Menu Start\Programma's\Speccy
[2012-01-11 09:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012-01-11 09:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Mijn documenten\WEBBEELDEN120111
[2011-12-02 12:15:40 | 000,637,240 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autoruns.exe
[2011-12-02 12:15:40 | 000,557,368 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autorunsc.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-02-09 16:25:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-02-09 16:06:48 | 001,692,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Eigenaar\Bureaublad\avg_remover_stf_x86_2012_1796.exe
[2012-02-08 19:59:52 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Eigenaar\Bureaublad\AppRemover.exe
[2012-02-08 18:38:19 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Mijn documenten\bestanden met de naam HNM.fnd
[2012-02-08 18:23:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-02-08 18:09:43 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2012-02-07 22:52:02 | 000,189,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-02-07 21:44:35 | 004,398,288 | R--- | M] (Swearware) -- C:\Documents and Settings\Eigenaar\Bureaublad\ComboFixFix.exe
[2012-02-07 21:42:20 | 004,398,288 | ---- | M] (Swearware) -- C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
[2012-02-07 17:40:59 | 000,000,450 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2012-02-06 19:27:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\OTL.exe
[2012-02-06 19:14:49 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Bureaublad\MBR.dat
[2012-02-06 19:02:03 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Eigenaar\Bureaublad\aswMBR.exe
[2012-02-06 18:34:22 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012-02-06 18:33:53 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012-02-06 18:33:53 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012-02-06 14:52:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-02-04 12:27:14 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-02-04 12:27:13 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Mozilla Firefox.lnk
[2012-01-26 22:38:22 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk
[2012-01-20 16:10:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-01-20 13:52:19 | 000,001,743 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Dell printersupplies - inkjet.lnk
[2012-01-11 23:20:21 | 000,003,012 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Mijn documenten\cc_20120111_232010.reg
[2012-01-11 11:18:00 | 000,001,046 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Bureaublad\Snelkoppeling naar SpyCatcher0.jpeg.lnk
[2012-01-11 09:52:31 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Bureaublad\Speccy.lnk
[2012-01-10 17:07:35 | 000,001,010 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Mijn documenten\Avg.reg
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-02-08 18:38:19 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Mijn documenten\bestanden met de naam HNM.fnd
[2012-02-07 22:52:02 | 000,189,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-02-07 21:48:21 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2012-02-07 21:48:16 | 000,261,936 | RHS- | C] () -- C:\cmldr
[2012-02-07 21:46:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-02-07 21:46:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-02-07 21:46:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-02-07 21:46:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-02-07 21:46:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-02-06 19:14:49 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Bureaublad\MBR.dat
[2012-01-11 23:20:19 | 000,003,012 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Mijn documenten\cc_20120111_232010.reg
[2012-01-11 11:18:00 | 000,001,046 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Bureaublad\Snelkoppeling naar SpyCatcher0.jpeg.lnk
[2012-01-11 09:52:31 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Bureaublad\Speccy.lnk
[2012-01-10 17:07:35 | 000,001,010 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Mijn documenten\Avg.reg
[2012-01-05 01:11:43 | 000,000,172 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012-01-04 18:06:07 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012-01-04 18:06:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011-12-23 18:35:22 | 000,364,882 | ---- | C] () -- C:\WINDOWS\System32\prfh0413.dat
[2011-12-23 18:35:22 | 000,053,850 | ---- | C] () -- C:\WINDOWS\System32\prfc0413.dat
[2011-12-15 20:09:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-11-09 12:28:08 | 000,000,049 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2011-11-05 12:52:32 | 000,049,648 | ---- | C] () -- C:\Program Files\autoruns.chm
[2011-09-18 21:45:53 | 000,000,450 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2011-09-09 15:05:50 | 058,948,168 | ---- | C] () -- C:\Program Files\setup_av_free.exe
[2011-09-09 13:41:33 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011-09-09 13:34:44 | 000,000,395 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011-09-09 11:57:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011-09-09 11:47:33 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006-12-31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003-07-23 22:33:15 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003-07-23 22:33:13 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003-07-23 22:19:22 | 000,318,670 | ---- | C] () -- C:\WINDOWS\System32\perfi013.dat
[2003-07-23 22:19:21 | 000,364,882 | ---- | C] () -- C:\WINDOWS\System32\perfh013.dat
[2003-07-23 22:19:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003-07-23 22:19:20 | 000,311,938 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003-07-23 22:19:19 | 000,039,178 | ---- | C] () -- C:\WINDOWS\System32\perfd013.dat
[2003-07-23 22:19:18 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003-07-23 22:19:17 | 000,053,850 | ---- | C] () -- C:\WINDOWS\System32\perfc013.dat
[2003-07-23 22:19:16 | 000,040,326 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003-07-23 22:17:37 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003-07-23 22:12:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003-07-23 22:11:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003-07-23 22:04:45 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003-07-23 22:03:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003-01-07 22:15:26 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini
[2002-11-13 20:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbkvs.dll

========== LOP Check ==========

[2011-09-11 16:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011-09-18 21:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011-09-10 19:30:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011-09-11 19:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011-09-19 15:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2012-01-05 16:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2011-12-09 04:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Agics
[2011-09-11 22:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Auslogics
[2011-12-31 16:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Downloaded Installations
[2011-09-28 19:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Nitro PDF
[2011-12-28 21:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Thunderbird
[2011-11-28 20:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\TweakNow PowerPack 2011
[2011-12-30 00:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\WinPatrol
[2012-02-06 18:34:22 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

< End of report >

#23
Render

Posted 09 February 2012 - 12:39 PM

Trusted Helper

Malware Removal
4,195 posts

That did the trick. Do you want to remove also AVG Toolbar?

#24
SpyCatsher

Posted 09 February 2012 - 01:29 PM

Member

Topic Starter
Member
141 posts

That did the trick.

Anything suspicious!

Do you want to remove also AVG Toolbar?

Yes please. In the past I did disable it in the Services section: vToolbarUpdate.

#25
Render

Posted 09 February 2012 - 05:52 PM

Trusted Helper

Malware Removal
4,195 posts

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Please double click on on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")

Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

:OTL
SRV - [2011-12-08 01:40:13 | 000,246,624 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: 
[2011-12-08 01:40:34 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
  	
:Files
C:\Program Files\Common Files\AVG Secure Search
ipconfig /flushdns /c
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Reg

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYJAVA]
[emptyflash]
[createrestorepoint]
[reboot]

Make sure all other windows are closed and to let it run uninterrupted.
Click on button.
OTL may ask to reboot the machine. Please do so if asked.
Click on button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#26
SpyCatsher

Posted 10 February 2012 - 08:26 AM

Member

Topic Starter
Member
141 posts

Hellow Render and many thanks again for all your help,

Both FIX and Quick Scan went well. Also I thought better report something strange about Scotty from WinPatrol; please ignore it if it was unimportant. I disabled it before the fix and the scan and when I enabled it afterwords there were 2 Icons on the System Tray; however both open in the same Window. Also in the Startup programs there were 2 entries where I disabled one of them.

FIX LOG

02102012_135552.log

All processes killed
========== OTL ==========
Service vToolbarUpdater stopped successfully!
Service vToolbarUpdater deleted successfully!
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe moved successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: not found.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\modules\skin folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\modules\locale\zh-tw folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\modules\locale\zh-cn folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\modules\locale\tr folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\modules\locale\sr folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\modules\locale\sk folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\modules\locale\ru folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\modules\locale\pt-br folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\modules\locale\pt folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\modules\locale\pl folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\modules\locale\nl folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\modules\locale\ms folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\modules\locale\ko folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\modules\locale\ja folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\modules\locale\it folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\modules\locale\id folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\modules\locale\hu folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\modules\locale\fr folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\modules\locale\es-es folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\modules\locale\es folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\modules\locale\en folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\modules\locale\de folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\modules\locale\da folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\modules\locale\cs folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\modules\locale folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\modules folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\locale\en-US folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\locale folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\components\FF4 folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\components folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar\chrome folder moved successfully.
C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\avg@toolbar folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
Invalid CLSID key: C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
File C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll not found.
========== FILES ==========
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ToolBandTlb\8.0.1 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ToolBandTlb folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\8.0.1 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\CommonInstaller\8.0.1 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\CommonInstaller folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search folder moved successfully.
< ipconfig /flushdns /c >
Windows IP-configuratie
Kan de DNS-omzettingscache niet leegmaken: Functie is mislukt tijdens uitvoering.
C:\Documents and Settings\Eigenaar\Bureaublad\cmd.bat deleted successfully.
C:\Documents and Settings\Eigenaar\Bureaublad\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 bestand(en) gekopieerd
C:\Documents and Settings\Eigenaar\Bureaublad\cmd.bat deleted successfully.
C:\Documents and Settings\Eigenaar\Bureaublad\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 bestand(en) gekopieerd
C:\Documents and Settings\Eigenaar\Bureaublad\cmd.bat deleted successfully.
C:\Documents and Settings\Eigenaar\Bureaublad\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 bestand(en) gekopieerd
C:\Documents and Settings\Eigenaar\Bureaublad\cmd.bat deleted successfully.
C:\Documents and Settings\Eigenaar\Bureaublad\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 bestand(en) gekopieerd
C:\Documents and Settings\Eigenaar\Bureaublad\cmd.bat deleted successfully.
C:\Documents and Settings\Eigenaar\Bureaublad\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.CREATIEF
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Eigenaar
->Temp folder emptied: 298496 bytes
->Temporary Internet Files folder emptied: 2976309 bytes
->FireFox cache emptied: 81360558 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 14154 bytes
->Temporary Internet Files folder emptied: 49286 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1522305 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70056 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 82,00 mb

[EMPTYJAVA]

User: Administrator

User: Administrator.CREATIEF

User: All Users

User: Default User

User: Eigenaar

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0,00 mb

[EMPTYFLASH]

User: Administrator

User: Administrator.CREATIEF

User: All Users

User: Default User

User: Eigenaar

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 02102012_135552

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

========================================================================================

QUIK SCAN LOG

OTL logfile created on: 10-2-2012 14:24:09 - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Eigenaar\Bureaublad
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

766,33 Mb Total Physical Memory | 483,68 Mb Available Physical Memory | 63,12% Memory free
1,83 Gb Paging File | 1,63 Gb Available in Paging File | 89,17% Paging File free
Paging file location(s): C:\pagefile.sys 1149 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18,78 Gb Total Space | 10,99 Gb Free Space | 58,53% Space Free | Partition Type: NTFS
Drive D: | 11,71 Gb Total Space | 11,63 Gb Free Space | 99,27% Space Free | Partition Type: NTFS
Drive E: | 1004,03 Mb Total Space | 622,95 Mb Free Space | 62,04% Space Free | Partition Type: NTFS
Drive F: | 996,18 Mb Total Space | 980,84 Mb Free Space | 98,46% Space Free | Partition Type: NTFS
Drive G: | 17,58 Gb Total Space | 17,52 Gb Free Space | 99,64% Space Free | Partition Type: NTFS
Drive I: | 5,85 Gb Total Space | 5,81 Gb Free Space | 99,34% Space Free | Partition Type: NTFS

Computer Name: CREATIEF | User Name: Eigenaar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-02-06 19:27:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\OTL.exe
PRC - [2011-06-21 17:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
PRC - [2011-06-15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011-04-27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011-04-19 07:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011-04-19 07:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011-04-14 20:46:44 | 000,082,280 | ---- | M] () -- C:\Program Files\TweakNow PowerPack 2011\Module32\RAM2_XP.exe
PRC - [2008-04-14 21:33:00 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003-06-02 19:50:58 | 000,053,248 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
PRC - [2003-06-02 19:22:54 | 000,270,336 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe

========== Modules (No Company Name) ==========

MOD - [2011-04-14 20:46:44 | 000,082,280 | ---- | M] () -- C:\Program Files\TweakNow PowerPack 2011\Module32\RAM2_XP.exe
MOD - [2003-04-30 20:43:32 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBKPP5C.DLL
MOD - [2003-02-11 19:56:20 | 000,049,152 | ---- | M] () -- C:\Program Files\Dell AIO Printer A920\ConvDIB.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (MySQLS1)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Disabled | Stopped] -- -- (ApacheS1)
SRV - [2011-12-08 00:54:28 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011-11-03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011-06-21 17:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2011-04-27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011-04-19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011-04-19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)

========== Driver Services (SafeList) ==========

DRV - [2012-02-10 14:01:20 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{23BCD5F1-2B0E-40E8-A24E-1988F768185C}\MpKsld6d8b260.sys -- (MpKsld6d8b260)
DRV - [2011-08-17 12:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011-08-17 12:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011-08-17 12:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011-08-17 12:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011-07-22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011-07-12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-09-01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2003-11-07 18:23:58 | 000,248,752 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2003-09-26 08:41:12 | 000,044,032 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003-08-29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2002-10-09 08:20:52 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "WOT Safe Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}:
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-02-04 12:27:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-11-01 16:12:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: K:\Mozilla\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: K:\Mozilla\plugins

[2011-09-10 18:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Extensions
[2012-02-06 18:04:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions
[2011-12-28 20:21:35 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012-01-10 23:48:32 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\extensions\[email protected]
[2012-01-10 11:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\kkayrnn2.default\extensions
[2012-02-04 12:21:03 | 000,002,306 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\6szjk2rx.default\searchplugins\wot-safe-search.xml
[2012-02-04 12:27:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\EIGENAAR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6SZJK2RX.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\EIGENAAR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6SZJK2RX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\EIGENAAR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6SZJK2RX.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012-01-29 16:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010-12-31 00:39:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012-01-29 14:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-01-29 14:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012-02-10 13:55:59 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [Dell AIO Printer A920] C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe (Dell Computer Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RAM Idle Professional] C:\Program Files\TweakNow PowerPack 2011\Module32\RAM2_XP.exe ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35751F28-AEA5-4E74-B19B-CA68D7DF5B51}: DhcpNameServer = 192.168.2.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-09-09 11:50:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-11-11 10:32:48 | 000,000,000 | R--D | M] - E:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-11-11 10:32:48 | 000,000,000 | R--D | M] - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-02-10 13:56:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012-02-09 16:06:43 | 001,692,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Eigenaar\Bureaublad\avg_remover_stf_x86_2012_1796.exe
[2012-02-08 23:14:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-02-08 19:59:20 | 009,200,064 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Eigenaar\Bureaublad\AppRemover.exe
[2012-02-08 18:26:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012-02-07 21:48:14 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-02-07 21:46:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-02-07 21:46:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-02-07 21:46:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-02-07 21:46:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-02-07 21:44:33 | 004,398,288 | R--- | C] (Swearware) -- C:\Documents and Settings\Eigenaar\Bureaublad\ComboFixFix.exe
[2012-02-07 21:40:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012-02-07 21:40:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-02-07 21:40:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Eigenaar\Menu Start\Programma's\Systeembeheer
[2012-02-07 21:40:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Eigenaar\Mijn documenten\Mijn video's
[2012-02-07 21:40:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documenten\Mijn video's
[2012-02-07 21:39:12 | 004,398,288 | ---- | C] (Swearware) -- C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
[2012-02-07 10:30:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Eigenaar\Onlangs geopend
[2012-02-06 19:27:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\OTL.exe
[2012-02-06 19:01:14 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Eigenaar\Bureaublad\aswMBR.exe
[2012-01-20 13:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011-12-02 12:15:40 | 000,637,240 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autoruns.exe
[2011-12-02 12:15:40 | 000,557,368 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autorunsc.exe

========== Files - Modified Within 30 Days ==========

[2012-02-10 13:59:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-02-10 13:55:59 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012-02-09 23:06:44 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2012-02-09 18:29:04 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012-02-09 18:28:43 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012-02-09 18:28:43 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012-02-09 16:06:48 | 001,692,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Eigenaar\Bureaublad\avg_remover_stf_x86_2012_1796.exe
[2012-02-08 19:59:52 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Eigenaar\Bureaublad\AppRemover.exe
[2012-02-08 18:38:19 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Mijn documenten\bestanden met de naam HNM.fnd
[2012-02-07 22:52:02 | 000,189,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-02-07 21:44:35 | 004,398,288 | R--- | M] (Swearware) -- C:\Documents and Settings\Eigenaar\Bureaublad\ComboFixFix.exe
[2012-02-07 21:42:20 | 004,398,288 | ---- | M] (Swearware) -- C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
[2012-02-07 17:40:59 | 000,000,450 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2012-02-06 19:27:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\OTL.exe
[2012-02-06 19:14:49 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Bureaublad\MBR.dat
[2012-02-06 19:02:03 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Eigenaar\Bureaublad\aswMBR.exe
[2012-02-06 14:52:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-02-04 12:27:14 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-02-04 12:27:13 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Mozilla Firefox.lnk
[2012-01-26 22:38:22 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk
[2012-01-20 16:10:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-01-20 13:52:19 | 000,001,743 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Dell printersupplies - inkjet.lnk
[2012-01-11 23:20:21 | 000,003,012 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Mijn documenten\cc_20120111_232010.reg

========== Files Created - No Company Name ==========

[2012-02-08 18:38:19 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Mijn documenten\bestanden met de naam HNM.fnd
[2012-02-07 22:52:02 | 000,189,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-02-07 21:48:21 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2012-02-07 21:48:16 | 000,261,936 | RHS- | C] () -- C:\cmldr
[2012-02-07 21:46:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-02-07 21:46:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-02-07 21:46:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-02-07 21:46:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-02-07 21:46:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-02-06 19:14:49 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Bureaublad\MBR.dat
[2012-01-11 23:20:19 | 000,003,012 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Mijn documenten\cc_20120111_232010.reg
[2012-01-05 01:11:43 | 000,000,172 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012-01-04 18:06:07 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012-01-04 18:06:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011-12-23 18:35:22 | 000,364,882 | ---- | C] () -- C:\WINDOWS\System32\prfh0413.dat
[2011-12-23 18:35:22 | 000,053,850 | ---- | C] () -- C:\WINDOWS\System32\prfc0413.dat
[2011-12-15 20:09:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-11-09 12:28:08 | 000,000,049 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2011-11-05 12:52:32 | 000,049,648 | ---- | C] () -- C:\Program Files\autoruns.chm
[2011-09-18 21:45:53 | 000,000,450 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2011-09-09 15:05:50 | 058,948,168 | ---- | C] () -- C:\Program Files\setup_av_free.exe
[2011-09-09 13:41:33 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011-09-09 13:34:44 | 000,000,395 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011-09-09 11:57:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011-09-09 11:47:33 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006-12-31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003-07-23 22:33:15 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003-07-23 22:33:13 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003-07-23 22:19:22 | 000,318,670 | ---- | C] () -- C:\WINDOWS\System32\perfi013.dat
[2003-07-23 22:19:21 | 000,364,882 | ---- | C] () -- C:\WINDOWS\System32\perfh013.dat
[2003-07-23 22:19:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003-07-23 22:19:20 | 000,311,938 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003-07-23 22:19:19 | 000,039,178 | ---- | C] () -- C:\WINDOWS\System32\perfd013.dat
[2003-07-23 22:19:18 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003-07-23 22:19:17 | 000,053,850 | ---- | C] () -- C:\WINDOWS\System32\perfc013.dat
[2003-07-23 22:19:16 | 000,040,326 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003-07-23 22:17:37 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003-07-23 22:12:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003-07-23 22:11:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003-07-23 22:04:45 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003-07-23 22:03:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003-01-07 22:15:26 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini
[2002-11-13 20:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbkvs.dll

========== LOP Check ==========

[2011-09-11 16:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011-09-18 21:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011-09-10 19:30:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011-09-11 19:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011-09-19 15:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2012-01-05 16:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2011-12-09 04:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Agics
[2011-09-11 22:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Auslogics
[2011-12-31 16:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Downloaded Installations
[2011-09-28 19:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Nitro PDF
[2011-12-28 21:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Thunderbird
[2011-11-28 20:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\TweakNow PowerPack 2011
[2011-12-30 00:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\WinPatrol
[2012-02-09 18:29:04 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

< End of report >

#27
Render

Posted 10 February 2012 - 10:41 AM

Trusted Helper

Malware Removal
4,195 posts

We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image

#28
SpyCatsher

Posted 10 February 2012 - 04:19 PM

Member

Topic Starter
Member
141 posts

The Virus Scan went well and finished over 3 hours; however there were no threats found and I couldn't safe a report. Report of Analysis is attached.

I made a mistake by downloading Karsparsky to C:, but I left it there for the time being as of not sure if it was the right thing to try and remove it now. I downloaded the program again to the desktop, where I worked further.

Attached Files

avptool_sysinfo.zip 16.46KB 103 downloads

#29
SpyCatsher

Posted 10 February 2012 - 09:15 PM

Member

Topic Starter
Member
141 posts

I would like to report Networking Problems after sending my last post, so you are fully informed how the system functions:

I couldn't connect to your website for about 3 hours, Ping didn't work either; however there were no problems with the Networking because I could connect with the Web. At the end everything worked fine.

When I tried to access your site the following error was shown:

SQL Error

An error ocured with the SQL server. This is not a problem with IP.Board but rather with your SQL server. Please contact your host and copy the message shown above.

The following Link was underneath

<<Return to the index>>

after clicken on it

Error establishing a database connection

was shown

There were also 3 strange processes in the Task Manager:

0533474.exe
0533474.exe
setup-0.0.0.124...

They disappeared afterword.

Error above occurring all of a sudden during attempting to post

#30
Render

Posted 12 February 2012 - 02:38 PM

Trusted Helper

Malware Removal
4,195 posts

Our site was down on 2/10/2012 from 5:44PM CST to 8:04PM CST due database corruption.

There were also 3 strange processes in the Task Manager:

0533474.exe
0533474.exe
setup-0.0.0.124...

These belong to Kaspersky's Virus Removal Tool.

Your logs shows that your system is clean. If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

Removing the tools we used:

Uninstall ComboFix

Remove Combofix now that we're done with it.

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now copy/paste this: ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /Uninstall, it needs to be there.
Please follow the prompts to uninstall Combofix.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

NEXT...

OTL Clean-Up:

Reopen on your desktop.
Click on
You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

There are a few things I recommend you to do once your computer is completely clean:

Updates for Windows - One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

How to turn on Automatic Updates for Windows:

Windows XP

Updates for other installed software

A common attack method for hacking attempts and malware installs is to exploit known vulnerabilities in programs that are commonly installed on a person's computer. These vulnerabilities could allow a remote user or malware developer to install malware, keyloggers, and backdoors on to your computer without your knowledge or permission.
Some of the programs that are commonly exploited include Adobe Shockwave, Adobe Reader, Sun Java, Adobe Flash, and even Windows itself. Therefore it is crucial that everyone remain vigilant as to when a security vulnerability is found in our installed programs and to update it when a security update is released. Unfortunately, no one has the time to stay on top of these updates, which can happen frequently.

I highly recommend you to install Secunia Personal Software Inspector (PSI) that can be used to scan your computer for known vulnerable programs, provide information on the vulnerability, and provide a location to an update for the vulnerable program. A tutorial on how to use Secunia Personal Software Inspector (PSI) can be found here: Keep Software Updated with Secunia PSI.

Web Browsers - Picking the right internet browser is very important. You need to find one that suits your needs but that is also safe. All browsers listed below are far more secure than Internet Explorer, immune to almost all known browser hijackers, and also have the best built-in pop up blockers.

Although, if you prefer staying with Internet Explorer I highly recommend you do this :

Make Internet Explorer more secure:

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the options Download signed and unsigned ActiveX controls to Prompt, and Initialize and Script ActiveX controls not marked as safe to Disable.
Next click OK, then Apply button and then OK to exit the Internet Properties page.

Tips to protect yourself against malware and reduce the potential for re-infection:

Now after all these steps, your PC will be more secure. However it is important to note that you can still get infected if you are not careful. One of the best security programs you can have is common sense. As malware gets more sophisticated, you need to be more wary. If you do get caught though and the above steps can't help prevent it, we will be here to help you out.

Stay secure and thank you for choosing GeeksToGo.