Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected computer?


  • Please log in to reply

#1
B-K

B-K

    New Member

  • Member
  • Pip
  • 7 posts
My system is really slow, I get messages saying Norton Internet Secturity isn't working while I've never had a Norton product, and have trouble connecting to the internet. Also I think Ive sent emails unknowingly.



OTL logfile created on: 15-5-2011 16:20:43 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\ADMIN\Mijn documenten\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1.014,00 Mb Total Physical Memory | 290,00 Mb Available Physical Memory | 29,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,13 Gb Total Space | 2,45 Gb Free Space | 6,59% Space Free | Partition Type: NTFS
Drive D: | 37,40 Gb Total Space | 3,81 Gb Free Space | 10,18% Space Free | Partition Type: NTFS
Drive F: | 343,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MARK | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-05-15 16:18:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Mijn documenten\Downloads\OTL.exe
PRC - [2011-05-07 13:57:16 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011-05-02 17:14:11 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011-05-02 17:14:04 | 002,146,496 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010-09-15 10:33:32 | 000,217,088 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2009-08-05 13:48:06 | 000,378,384 | ---- | M] () -- C:\Documents and Settings\ADMIN\Bureaublad\CoreTemp\CoreTemp32\Core Temp.exe
PRC - [2008-04-14 19:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-04-12 16:31:20 | 000,638,976 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
PRC - [2006-04-04 14:57:18 | 000,053,248 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
PRC - [2006-01-03 16:11:58 | 000,028,672 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\TCtrlIOHook.exe
PRC - [2005-12-05 12:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005-11-28 11:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005-11-28 11:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005-08-11 16:14:44 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe


========== Modules (SafeList) ==========

MOD - [2011-05-15 16:18:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Mijn documenten\Downloads\OTL.exe
MOD - [2010-08-23 18:13:25 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011-05-02 17:14:04 | 002,146,496 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010-09-15 10:33:32 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (ALSysIO)
DRV - [2011-02-04 16:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011-01-03 12:33:05 | 000,069,976 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011-01-03 12:33:05 | 000,021,464 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2011-01-03 10:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011-01-03 10:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011-01-03 10:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010-12-21 07:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010-12-21 07:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010-12-21 07:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010-11-05 22:06:33 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010-09-15 10:33:32 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010-08-12 14:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008-09-23 01:24:00 | 000,042,368 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\shbecr.sys -- (Tdsshbecr)
DRV - [2007-12-22 21:26:10 | 000,715,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007-10-11 19:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007-09-05 02:46:34 | 000,092,544 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007-01-18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006-04-25 02:00:46 | 000,083,584 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006-04-18 01:31:26 | 004,262,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-03-23 18:59:36 | 000,037,888 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006-03-23 18:59:32 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006-03-23 18:59:28 | 000,061,056 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006-03-04 05:10:30 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006-01-05 16:31:20 | 000,011,264 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2005-12-05 10:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005-11-28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004-11-16 01:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2011-05-13 22:41:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] File not found
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LVCOMS] File not found
O4 - HKLM..\Run: [TCtryIOHook] C:\WINDOWS\System32\TCtrlIOHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [KiesPDLR] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Apparaatdetectie)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akama...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} http://host.cycore.n...E_5.3.0.228.cab (Cult3D ActiveX Player)
O16 - DPF: {32564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv8dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1005.cab (MySpace Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://cache.hyves-s...geUploader4.cab (Image Uploader Control)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefi...er_4.0.27.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} http://messenger.zon...nt.cab55762.cab (MessengerStatsClient Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab55579.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.5
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\ADMIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ADMIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-05-31 09:32:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-01-30 20:59:06 | 000,000,046 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-05-14 00:13:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011-05-13 22:46:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011-05-13 20:40:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011-05-13 20:37:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011-05-13 20:37:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011-05-13 20:37:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011-05-13 20:37:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011-05-13 20:37:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011-05-13 20:34:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-05-01 12:39:29 | 000,069,976 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2011-05-01 12:39:29 | 000,021,464 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2004-11-24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-05-15 16:16:41 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2011-05-15 16:16:40 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2011-05-15 16:16:40 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011-05-15 16:16:39 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011-05-15 16:16:24 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011-05-15 16:16:24 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011-05-15 16:09:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-05-15 16:09:06 | 000,001,042 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-05-15 16:08:49 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-05-15 16:08:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-05-15 16:08:45 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys
[2011-05-15 16:07:32 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2011-05-14 00:14:21 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Google Chrome.lnk
[2011-05-13 22:41:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011-05-13 20:41:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011-05-12 17:58:58 | 000,137,942 | ---- | M] () -- C:\Documents and Settings\ADMIN\Bureaublad\naamloos.bmp
[2011-05-10 21:31:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011-04-18 12:23:39 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011-04-16 03:35:27 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-04-16 03:15:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-04-16 03:09:02 | 000,487,334 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2011-04-16 03:09:02 | 000,422,402 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-04-16 03:09:02 | 000,080,340 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2011-04-16 03:09:02 | 000,062,104 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-05-14 18:48:18 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2011-05-14 18:48:14 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2011-05-14 18:48:09 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011-05-14 18:48:04 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011-05-13 23:14:04 | 1063,374,848 | -HS- | C] () -- C:\hiberfil.sys
[2011-05-13 20:41:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011-05-13 20:41:01 | 000,261,936 | RHS- | C] () -- C:\cmldr
[2011-05-13 20:37:11 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011-05-13 20:37:09 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011-05-13 20:37:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011-05-13 20:37:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011-05-13 20:37:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011-05-12 17:58:58 | 000,137,942 | ---- | C] () -- C:\Documents and Settings\ADMIN\Bureaublad\naamloos.bmp
[2011-04-20 08:24:57 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011-04-20 08:24:57 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011-04-08 15:41:52 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-03-31 11:26:35 | 000,661,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-740711052-2047003970-1586591030-1010-0.dat
[2011-01-30 02:00:22 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011-01-30 02:00:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011-01-30 02:00:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011-01-30 02:00:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011-01-04 01:41:06 | 000,266,778 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010-10-25 18:08:25 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010-10-25 18:08:25 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010-05-17 19:15:20 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-03-30 21:22:34 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008-11-18 00:02:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008-01-16 17:17:40 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2008-01-16 17:16:30 | 000,000,780 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2007-12-19 20:21:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI
[2007-12-18 02:44:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2007-12-08 21:49:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007-11-24 13:19:45 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2007-05-18 17:40:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2007-03-07 00:08:07 | 000,001,799 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007-01-20 15:50:07 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2007-01-20 15:50:07 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006-11-02 18:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2006-08-15 17:36:52 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2006-07-13 14:39:37 | 000,086,214 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006-07-13 14:39:37 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006-07-13 14:39:37 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2006-07-13 14:39:37 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2006-07-13 14:39:37 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2006-07-13 14:39:37 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2006-07-13 14:39:37 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2006-07-13 14:39:37 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2006-07-13 14:39:37 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2006-07-13 14:39:37 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2006-07-13 14:39:37 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2006-07-13 14:39:37 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2006-07-13 14:39:37 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2006-07-13 14:39:37 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2006-07-13 14:39:37 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2006-07-13 14:39:37 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2006-07-13 14:39:37 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006-07-13 14:35:41 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDED88.ini
[2006-05-31 12:14:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006-05-31 11:53:56 | 000,000,395 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006-05-31 11:42:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006-05-31 11:38:37 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006-05-31 11:25:25 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006-05-31 11:24:36 | 000,264,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006-05-31 10:45:03 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2006-05-31 10:40:02 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2006-05-31 10:39:28 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006-05-31 10:39:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006-05-31 10:39:28 | 000,010,164 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006-05-31 10:39:28 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006-05-31 10:34:47 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2006-05-31 10:29:04 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2006-05-31 10:29:04 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2006-05-31 10:29:04 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtkHDAud.dat
[2006-05-31 10:29:02 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006-05-31 10:29:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006-05-31 09:34:44 | 000,000,826 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006-05-31 09:33:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006-05-31 09:30:20 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006-05-31 09:19:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2006-05-31 09:19:46 | 000,159,744 | ---- | C] () -- C:\WINDOWS\MakeMrk.exe
[2006-05-31 09:19:46 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006-05-31 09:19:35 | 000,487,334 | ---- | C] () -- C:\WINDOWS\System32\perfh013.dat
[2006-05-31 09:19:35 | 000,318,670 | ---- | C] () -- C:\WINDOWS\System32\perfi013.dat
[2006-05-31 09:19:35 | 000,080,340 | ---- | C] () -- C:\WINDOWS\System32\perfc013.dat
[2006-05-31 09:19:35 | 000,039,178 | ---- | C] () -- C:\WINDOWS\System32\perfd013.dat
[2006-05-31 09:19:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006-05-31 09:19:22 | 000,422,402 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006-05-31 09:19:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006-05-31 09:19:22 | 000,062,104 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006-05-31 09:19:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006-05-31 09:19:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006-05-31 09:19:20 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006-05-31 09:19:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006-05-31 09:19:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006-05-31 09:19:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006-05-31 09:19:14 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006-05-31 09:19:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006-01-05 18:49:34 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2006-01-05 17:36:22 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2006-01-04 10:59:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005-12-09 14:36:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005-10-26 02:00:00 | 000,005,443 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2005-10-14 12:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004-10-03 19:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll

========== LOP Check ==========

[2011-01-24 05:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Audacity
[2011-05-14 01:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Azureus
[2007-12-22 22:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\DAEMON Tools
[2011-02-24 10:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\DDMSettings
[2009-12-22 00:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\GrabIt
[2010-03-30 21:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Leadertech
[2010-03-20 19:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Personal
[2011-05-14 18:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Samsung
[2008-01-21 17:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\toshiba
[2011-02-25 20:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\uTorrent
[2008-03-05 13:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011-02-25 20:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2008-03-05 13:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prevx
[2011-05-14 18:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2007-03-01 01:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006-07-13 14:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011-01-04 23:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009-09-22 21:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010-09-23 21:54:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2011-05-15 16:16:39 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2011-05-15 16:16:40 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2011-05-15 16:16:40 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2011-05-15 16:16:41 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >









OTL Extras logfile created on: 15-5-2011 16:20:43 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\ADMIN\Mijn documenten\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1.014,00 Mb Total Physical Memory | 290,00 Mb Available Physical Memory | 29,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,13 Gb Total Space | 2,45 Gb Free Space | 6,59% Space Free | Partition Type: NTFS
Drive D: | 37,40 Gb Total Space | 3,81 Gb Free Space | 10,18% Space Free | Partition Type: NTFS
Drive F: | 343,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MARK | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\utorrent\utorrent.exe" = C:\Program Files\utorrent\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Wizard Bestanden en instellingen overzetten -- (Microsoft Corporation)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI/PCIe card Driver
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}" = Microsoft .NET Framework 1.1 Dutch Language Pack
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D05C432-0B5A-4D4E-ADEC-E76242AB5667}" = Commandos, Beyond the Call of Duty
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD-geheugenkaart formatteren
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59FDFDFB-52FE-45B1-8A2A-A00079B07FF0}" = TOSHIBA Power Saver Driver
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls Driver
"{5FE1E412-D114-46E8-A891-5BE087B256A5}" = MVision
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90110413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Editie 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91A10413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1043-7B44-A70500000002}" = Adobe Reader 7.0.5 - Nederlands
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C20C2630-B3A7-44BA-BDD0-31E256AE490E}" = Windows Live Call
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CA532E73-1BB7-11D8-9D6A-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_07
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC38A00D-7EED-46CE-9281-D1D97B81F22A}" = Windows Live Messenger
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3}" = Windows Live Essentials
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCE19796-1ADF-42DF-81D8-3563867FC2C2}" = TOSHIBA Zooming Hook
"003E73A78AF0A220016B0B944F3B753165BEA2AA" = Windows Driver Package - Todos Data System AB (Tdsshbecr) SmartCardReader (05/30/2008 1.0.9.2)
"8461-7759-5462-8226" = Vuze
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"ESD88 Gebruikershandleiding" = ESD88 Gebruikershandleiding
"FastStone Image Viewer" = FastStone Image Viewer 4.0
"Google Chrome" = Google Chrome
"GrabIt_is1" = GrabIt 1.7.1 Beta (build 960)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = Hulpprogramma TOSHIBA Hotkey
"InstallShield_{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = Hulpprogramma Touchpad aan/uit
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Basic)
"klmpeg_is1" = K-Lite MPEG Pack 1.1.0
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"MagicDisc 2.5.79" = MagicDisc 2.5.79
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Diagnoseprogramma" = TOSHIBA PC Diagnoseprogramma
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel® PROSet/Wireless Software
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VLC media player 1.1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11-5-2011 17:22:07 | Computer Name = MARK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6657406

Error - 11-5-2011 17:22:07 | Computer Name = MARK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6657406

Error - 11-5-2011 17:28:03 | Computer Name = MARK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11-5-2011 17:28:03 | Computer Name = MARK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1968

Error - 11-5-2011 17:28:03 | Computer Name = MARK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1968

Error - 13-5-2011 5:29:47 | Computer Name = MARK | Source = crypt32 | ID = 131080
Description = Het bij <http://www.download....uthrootseq.txt>
opvragen van de automatische update van het basislijstvolgordenummer van derden
is mislukt met de fout: 403 (Status van HTTP-antwoord)

Error - 13-5-2011 5:29:47 | Computer Name = MARK | Source = crypt32 | ID = 131080
Description = Het bij <http://www.download....uthrootseq.txt>
opvragen van de automatische update van het basislijstvolgordenummer van derden
is mislukt met de fout: 403 (Status van HTTP-antwoord)

Error - 13-5-2011 5:29:53 | Computer Name = MARK | Source = crypt32 | ID = 131080
Description = Het bij <http://www.download....uthrootseq.txt>
opvragen van de automatische update van het basislijstvolgordenummer van derden
is mislukt met de fout: Deze netwerkverbinding bestaat niet.

Error - 13-5-2011 5:29:53 | Computer Name = MARK | Source = crypt32 | ID = 131080
Description = Het bij <http://www.download....uthrootseq.txt>
opvragen van de automatische update van het basislijstvolgordenummer van derden
is mislukt met de fout: Deze netwerkverbinding bestaat niet.

Error - 14-5-2011 12:50:51 | Computer Name = MARK | Source = MsiInstaller | ID = 10005
Description = Product: Samsung Kies -- Fout 2318. Bestand bestaat niet: C:\Program
Files\Samsung\Kies\External\DeviceModules\DataType.dll.

[ System Events ]
Error - 13-5-2011 16:18:48 | Computer Name = MARK | Source = Service Control Manager | ID = 7001
Description = De IPSEC-services-service is afhankelijk van de IPSEC-stuurprogramma-service,
die vanwege de volgende fout niet kan worden gestart: %%31

Error - 13-5-2011 16:18:48 | Computer Name = MARK | Source = Service Control Manager | ID = 7026
Description = De volgende opstartstuurprogramma's zijn niet geladen: AFD Fips intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
sbaphd
sptd
Tcpip
TPwSav
WS2IFSL

Error - 13-5-2011 16:19:02 | Computer Name = MARK | Source = DCOM | ID = 10005
Description = DCOM kreeg foutmelding '%1084' bij het starten van de EventSystem-service
met de argumenten '' om de server {1BE1F766-5536-11D1-B726-00C04FB926AF} te starten

Error - 13-5-2011 16:20:06 | Computer Name = MARK | Source = Service Control Manager | ID = 7031
Description = De Lavasoft Ad-Aware Service-service is onverwacht gestopt. Dit is
1 keer gebeurd. De volgende herstelbewerking zal over 5000 milliseconden worden
uitgevoerd: Service opnieuw starten.

Error - 13-5-2011 16:32:47 | Computer Name = MARK | Source = Service Control Manager | ID = 7031
Description = De Lavasoft Ad-Aware Service-service is onverwacht gestopt. Dit is
2 keer gebeurd. De volgende herstelbewerking zal over 5000 milliseconden worden
uitgevoerd: Service opnieuw starten.

Error - 13-5-2011 16:32:57 | Computer Name = MARK | Source = Service Control Manager | ID = 7034
Description = De Lavasoft Ad-Aware Service-service is onverwacht beëindigd. Dit
is nu 3 keer gebeurd.

Error - 13-5-2011 17:12:49 | Computer Name = MARK | Source = DCOM | ID = 10005
Description = DCOM kreeg foutmelding '%1084' bij het starten van de EventSystem-service
met de argumenten '' om de server {1BE1F766-5536-11D1-B726-00C04FB926AF} te starten

Error - 13-5-2011 17:31:47 | Computer Name = MARK | Source = Service Control Manager | ID = 7031
Description = De Windows Presentation Foundation Font Cache 4.0.0.0-service is onverwacht
gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 0 milliseconden
worden uitgevoerd: Service opnieuw starten.

Error - 13-5-2011 17:31:53 | Computer Name = MARK | Source = Service Control Manager | ID = 7031
Description = De Windows Presentation Foundation Font Cache 4.0.0.0-service is onverwacht
gestopt. Dit is 2 keer gebeurd. De volgende herstelbewerking zal over 0 milliseconden
worden uitgevoerd: Service opnieuw starten.

Error - 14-5-2011 12:50:43 | Computer Name = MARK | Source = Service Control Manager | ID = 7031
Description = De Mobiel Apple apparaat-service is onverwacht gestopt. Dit is 1 keer
gebeurd. De volgende herstelbewerking zal over 60000 milliseconden worden uitgevoerd:
Service opnieuw starten.


< End of report >
  • 0

Advertisements


#2
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Welkom bij Geeks to Go B-K,

Not seeing any infection, but the logs suggest you ran ComboFix there recently (not recommended), so perhaps it made some changes. You do have parts of Sunbelt installed. It appears you are using Ad-Aware for your antivirus software. Do you by chance know if this includes parts of Sunbelt? Or did you have that installed separately recently?

Post back on that, but also locate and post the C:\ComboFix.txt log from that run you made.

Also download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

  • 0

#3
B-K

B-K

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks Jintan,
I ran combofix indeed (impatient as i was..)
This is the log. In the next post you will find the aswMBR log.



ComboFix 11-05-12.04 - ADMIN 13-05-2011 22:34:44.5.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1014.700 [GMT 2:00]
Gestart vanuit: c:\documents and settings\ADMIN\Mijn documenten\Downloads\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Antivirus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
---- Voorgaande Run -------
.
c:\windows\system32\fxe.sp
c:\windows\system32\muzapp.exe
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\ynh.dx
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ICF
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-04-13 to 2011-05-13 ))))))))))))))))))))))))))))))
.
.
2011-05-01 10:39 . 2011-01-03 10:33 69976 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-05-01 10:39 . 2011-01-03 10:33 21464 ----a-w- c:\windows\system32\drivers\sbaphd.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-13 18:47 . 2006-05-31 07:19 580096 ----a-w- c:\windows\system32\user32.dll
2011-04-18 10:23 . 2010-03-30 19:22 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-08 01:57 . 2011-03-08 01:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-08 01:57 . 2011-03-08 01:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-07 05:33 . 2006-05-31 07:30 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2006-05-31 07:19 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2006-05-31 07:19 1858048 ----a-w- c:\windows\system32\win32k.sys
2011-02-25 18:03 . 2006-07-13 10:51 98304 ----a-w- c:\windows\DUMP920e.tmp
2011-02-22 23:07 . 2006-05-31 07:19 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:07 . 2006-05-31 07:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:07 . 2006-05-31 07:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:43 . 2006-05-31 07:19 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2006-05-31 07:19 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2006-05-31 07:19 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2006-05-31 07:19 290432 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-03-17 896912]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-01-30 3372856]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-03-30 13824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [BU]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2006-04-12 638976]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2006-04-04 53248]
"TPSMain"="TPSMain.exe" [2005-08-11 266240]
"TCtryIOHook"="TCtrlIOHook.exe" [2006-01-03 28672]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-04 88204]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [BU]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Personal.lnk - c:\program files\Personal\bin\Personal.exe [2010-3-20 939920]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-01-30 06:11 3372856 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
c:\program files\Messenger\msmsgs.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-12-03 15:46 14944136 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30-3-2010 20:24 64288]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [30-3-2010 20:24 98392]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22-12-2007 21:26 715248]
S1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [1-5-2011 12:39 21464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [25-10-2010 18:08 217088]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23-9-2010 21:54 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12-8-2010 14:15 2146496]
S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [1-5-2011 12:39 69976]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\ADMIN\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\ADMIN\LOCALS~1\Temp\ALSysIO.sys [?]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [30-3-2011 3:44 20032]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [25-10-2010 18:08 36640]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23-9-2010 21:54 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12-8-2010 14:15 15232]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [30-3-2011 3:50 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [30-3-2011 3:50 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [30-3-2011 3:50 136680]
S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [23-9-2008 1:24 42368]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504]
.
Inhoud van de 'Gedeelde Taken' map
.
2011-05-13 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 15:14]
.
2011-05-13 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 15:14]
.
2011-05-13 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 15:14]
.
2011-05-13 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 15:14]
.
2011-05-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 19:54]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 19:54]
.
.
------- Bijkomende Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {C98ABCF7-D5B3-4EE4-85D8-8BAD57EF0420} = 194.109.6.67,195.241.77.53
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-13 22:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ř•€|˙˙˙˙•€|ů•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|˙˙˙˙Ŕ•}|ů•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Voltooingstijd: 2011-05-13 22:46:04
ComboFix-quarantined-files.txt 2011-05-13 20:46
.
Pre-Run: 2.471.583.744 bytes beschikbaar
Post-Run: 2.453.671.936 bytes beschikbaar
.
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - D1E083662ED13D748F1E04DAEBE8515E
  • 0

#4
B-K

B-K

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
aswMBR log:




aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-17 10:23:29
-----------------------------
10:23:29.500 OS Version: Windows 5.1.2600 Service Pack 3
10:23:29.500 Number of processors: 2 586 0xE08
10:23:29.500 ComputerName: MARK UserName:
10:23:31.343 Initialize success
10:23:39.765 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:23:39.765 Disk 0 Vendor: HTS541080G9SA00 MB4OC60R Size: 76319MB BusType: 3
10:23:39.765 Disk 0 MBR read error 0
10:23:39.765 Disk 0 MBR scan
10:23:39.765 Disk 0 unknown MBR code
10:23:39.765 MBR BIOS signature not found 0
10:23:39.765 Disk 0 scanning sectors +156296385
10:23:39.765 Disk 0 scanning C:\WINDOWS\system32\drivers
10:23:46.359 Service scanning
10:23:47.625 Disk 0 trace - called modules:
10:23:47.640 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sppx.sys >>UNKNOWN [0x86f89944]<<
10:23:47.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ec1ab8]
10:23:47.640 3 CLASSPNP.SYS[f762cfd7] -> nt!IofCallDriver -> \Device\0000007f[0x86ecb968]
10:23:47.656 5 ACPI.sys[f746c620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86ecc940]
10:23:47.656 Scan finished successfully
10:24:17.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ADMIN\Bureaublad\MBR.dat"
10:24:17.078 The log file has been saved successfully to "C:\Documents and Settings\ADMIN\Bureaublad\aswMBR.txt"
  • 0

#5
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
ComboFix removed a remnant of a past rootkit, but little more. The logs do show also a remnant from some past SpySweeper uninstall, but it left it's startup in between a critical boot function and an Ad-Aware function. I am not comfortable just extricating the SpySweeper startup, and leave the startup correctly set after, so if we are to fix it, you will need to temporarily remove Ad-Aware.

The aswMBR log shows bootkit activity, however, the system has Daemon Tools installed. Which tends to be picked up incorrectly as bootkit activity. Let's disable that, then check after. The Norton item appears to be a remnant of a worm protection function left in the WMI security center info. We will address that soon as well.


Download DeFogger to your desktop.

Double click DeFogger to run the tool.

Click the Disable button to disable your CD Emulation drivers, then click Yes to continue.

When the 'Finished!' message appears just click OK.

DeFogger will now ask to reboot the machine - click OK.

DeFogger will create a defogger_disable log on your desktop - post this in your next reply please.

Note: Do not re-enable these drivers until otherwise instructed.

----------

After the reboot run and post a new aswMBR log please.


Also Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

Note - If Gmer shows it has located infection once it's opening scan completes, do not click the Scan button. We don't want hidden malware settings to cause any problems. Instead, just click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
  • 0

#6
B-K

B-K

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Defogger:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 03:38 on 08/06/2011 (ADMIN)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-




aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-06-08 03:48:38
-----------------------------
03:48:38.859 OS Version: Windows 5.1.2600 Service Pack 3
03:48:38.859 Number of processors: 2 586 0xE08
03:48:38.859 ComputerName: MARK UserName:
03:48:39.687 Initialize success
03:48:50.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
03:48:50.140 Disk 0 Vendor: HTS541080G9SA00 MB4OC60R Size: 76319MB BusType: 3
03:48:52.156 Disk 0 MBR read successfully
03:48:52.156 Disk 0 MBR scan
03:48:52.156 Disk 0 Windows XP default MBR code
03:48:54.156 Disk 0 scanning sectors +156296385
03:48:54.171 Disk 0 scanning C:\WINDOWS\system32\drivers
03:49:00.125 Service scanning
03:49:01.343 Disk 0 trace - called modules:
03:49:01.359 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
03:49:01.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f71ab8]
03:49:01.359 3 CLASSPNP.SYS[f762cfd7] -> nt!IofCallDriver -> \Device\0000007e[0x86f743b8]
03:49:01.359 5 ACPI.sys[f7582620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f41d98]
03:49:01.359 Scan finished successfully
03:49:14.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ADMIN\Bureaublad\MBR.dat"
03:49:14.203 The log file has been saved successfully to "C:\Documents and Settings\ADMIN\Bureaublad\aswMBR.txt"



If I try to run GMER I get a blue screen and the laptop reboots.
When restarted, this information I can get from the windows screen.

BCCode : 19 BCP1 : 00000020 BCP2 : 85E9A000 BCP3 : 85E9A828
BCP4 : 1B050000 OSVer : 5_1_2600 SP : 3_0 Product : 768_1

And
C:\DOCUME~1\ADMIN\LOCALS~1\Temp\WERc634.dir00\Mini060811-01.dmp
C:\DOCUME~1\ADMIN\LOCALS~1\Temp\WERc634.dir00\sysdata.xml
  • 0

#7
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Hadn't expected for Gmer to crash. Of course, be sure Ad-Aware is completely disabled when running it.

If by chance you get another crash, leading to the "Send" request to Microsoft, check the details, then leave the "Send" message as is, and navigate to the following folder:

C:\DOCUME~1\ADMIN\LOCALS~1\Temp\WERc634.dir00

Those numbers will change each time. But locate in that a file similar to the following:

Mini060811-01.dmp

Right click Copy that, then right click Paste that on your desktop. Then just go here, press NEW TOPIC (right hand side, just at the top of the forum thread list), fill in the needed details and just give a link to your post back here (see the "Instructions for uploading files" there for help, if needed). Then press the browse button and then navigate to & select that minidump file on your computer.

You DO NOT need to be a member to upload, anybody can upload the files. You will not be able to see the file once uploaded.

Then go back and click "Don't Send" which will cause that WERc634.dir00 to be deleted (MS idea, for some reason).

---------------

Open Gmer again. Once it has completed it's opening scan, this time just right click in the white space in the display and select Options - Only non MS files. Then click Scan and allow Gmer to run a different scan. Once that completes click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP