Exploit.drop.gs

Solved
By merijn
Jan 14, 2013
Topic Status:
Not open for further replies.
  1. My computer was attacked by the Win 7 Anti Spyware Virus yesterday. I thought I removed everything by following this instructions: http://answers.microsoft.com/en-us/...12-virus/648fec23-e5c0-4d0a-aeda-0458a71317dd but it didn't remove everything.
    When I do a flash scan with Malwarebytes I still get 14 infections, most of them are exploit.drop.gs. When I choose to remove them and restart my computer and scan again they are still there.
    Furthermore the following things aren't working: Windows Update, Microsoft Security Essentials, taskmgr (missing pcwum.dll).
    My computer is a MacBook air, running Windows Vista in Bootcamp.
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
    Please review the 4-Step instructions and post the logs back here for my review.

    Also, include this scan:

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  3. merijn

    merijn Newcomer, in training Topic Starter Posts: 19

    Firt of all thank you very much for helping me!

    About step 1 of the 4-step instructions: I already had Microsoft Security Essentials and downloaded AVG 2013 (after the infection) but both aren't working correctly. But since the instruction states not to download a new one I didn't.

    Here is the first log of Malwarebytes:

    Malwarebytes Anti-Malware (-evaluatieversie-) 1.70.0.1100
    www.malwarebytes.org
    Databaseversie: v2013.01.14.09
    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Merijn :: MERIJN-PC [administrator]
    Bescherming: Uitgeschakeld
    14-1-2013 20:50:20
    mbam-log-2013-01-14 (20-50-20).txt
    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 192808
    Verstreken tijd: 1 minuut/minuten, 10 seconde(n)
    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    (einde)
    (Is there a way to make English logfiles instead of Dutch?)
  4. merijn

    merijn Newcomer, in training Topic Starter Posts: 19

    This is the DDS log:

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
    Run by Merijn at 20:57:19 on 2013-01-14
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.2217.1128 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Anti-Virus Free Edition 2013 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\AppleOSSMgr.exe
    C:\Windows\system32\AppleTimeSrv.exe
    C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Program Files\AVG\AVG2013\avgemcx.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Boot Camp\Bootcamp.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k secsvcs
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.nl/
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    mRun: [Apple_KbdMgr] c:\program files\boot camp\Bootcamp.exe
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
    StartupFolder: c:\users\merijn\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: &Verzenden naar OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} - hxxps://vpn.stadsdeel-nieuwwest.nl/+CSCOL+/cscopf.cab
    DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} - hxxps://vpn.stadsdeel-nieuwwest.nl/+CSCOL+/cscopf.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.178.1
    TCP: Interfaces\{4E0D5054-D8B2-472F-B9D5-7C30677D8024} : DHCPNameServer = 192.168.178.1
    TCP: Interfaces\{4E0D5054-D8B2-472F-B9D5-7C30677D8024}\844343E65647775627B6 : DHCPNameServer = 192.168.2.254
    TCP: Interfaces\{5C69EC18-FD35-47C2-BE8C-BE5BACD8FE8D} : DHCPNameServer = 192.168.178.1
    TCP: Interfaces\{5C69EC18-FD35-47C2-BE8C-BE5BACD8FE8D}\844343E65647775627B6 : DHCPNameServer = 192.168.2.254
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Notify: igfxcui - igfxdev.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AppleHFS;AppleHFS;c:\windows\system32\drivers\AppleHFS.sys [2011-6-9 49664]
    R0 AppleMNT;AppleMNT;c:\windows\system32\drivers\AppleMNT.sys [2011-6-9 6784]
    R2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2011-7-2 194432]
    R2 AppleTimeSrv;Apple tijdvoorziening;c:\windows\system32\AppleTimeSrv.exe [2011-7-2 100224]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
    R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2011-6-26 6528]
    R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2011-4-1 12928]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-14 398184]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-11-16 2655768]
    R3 acpials;ALS-sensorfilter;c:\windows\system32\drivers\acpials.sys [2011-4-12 7680]
    R3 applemtm;Apple Multitouch Mouse;c:\windows\system32\drivers\applemtm.sys [2011-11-16 10880]
    R3 applemtp;Apple Multitouch;c:\windows\system32\drivers\applemtp.sys [2011-11-16 29824]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2011-11-16 349224]
    R3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\drivers\CS420x86.sys [2011-11-16 14336]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-11-16 269824]
    R3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\drivers\KeyMagic.sys [2011-11-16 26624]
    R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2010-10-19 41088]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
    S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
    S0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
    S0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
    S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
    S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
    S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
    S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-14 682344]
    S3 applebmt;Apple Wireless Mouse;c:\windows\system32\drivers\applebmt.sys [2011-11-16 34304]
    S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\drivers\AppleBtBc.sys [2011-11-16 18944]
    S3 AppleODD;Apple ODD;c:\windows\system32\drivers\AppleODD.sys [2011-11-16 7680]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-14 21104]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
    S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-23 1343400]
    .
    =============== Created Last 30 ================
    .
    2013-01-14 00:05:35 -------- d-----w- c:\users\merijn\appdata\roaming\AVG2013
    2013-01-14 00:05:07 -------- d-----w- c:\users\merijn\appdata\roaming\TuneUp Software
    2013-01-14 00:05:02 -------- d--h--w- C:\$AVG
    2013-01-14 00:05:02 -------- d-----w- c:\programdata\AVG2013
    2013-01-14 00:04:52 -------- d-----w- c:\program files\AVG
    2013-01-14 00:03:30 -------- d--h--w- c:\programdata\Common Files
    2013-01-14 00:03:30 -------- d-----w- c:\users\merijn\appdata\local\MFAData
    2013-01-14 00:03:30 -------- d-----w- c:\users\merijn\appdata\local\Avg2013
    2013-01-14 00:03:30 -------- d-----w- c:\programdata\MFAData
    2013-01-13 23:18:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-13 23:18:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-01-13 22:40:16 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6cf8e55e-4e0d-4498-9c94-a96f6004ed1f}\mpengine.dll
    2013-01-13 21:11:34 -------- d-----w- c:\users\merijn\appdata\roaming\Malwarebytes
    2013-01-13 21:11:23 -------- d-----w- c:\programdata\Malwarebytes
    2013-01-13 21:10:48 -------- d-----w- c:\users\merijn\appdata\local\Programs
    2013-01-13 19:56:53 60872 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f2659715-7f6d-4795-9e0f-962a2c7eb0e4}\offreg.dll
    2013-01-13 19:56:33 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f2659715-7f6d-4795-9e0f-962a2c7eb0e4}\mpengine.dll
    2013-01-13 15:39:42 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ce896b86-190f-4e59-a1dc-903004102b45}\MpKsla88e1ee4.sys
    2013-01-11 11:15:13 90112 ----a-w- c:\users\merijn\IDHWTSS1.dll
    2013-01-11 11:15:13 81920 ----a-w- c:\users\merijn\hobjni.dll
    2013-01-11 11:15:13 36868 ----a-w- c:\users\merijn\PrtDLL.dll
    2013-01-11 11:14:22 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-01-11 11:14:22 779704 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-11 11:14:20 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-01-08 20:24:35 34304 ----a-w- c:\windows\system32\atmlib.dll
    2013-01-08 20:24:35 295424 ----a-w- c:\windows\system32\atmfd.dll
    2013-01-08 20:09:29 293376 ----a-w- c:\windows\system32\browserchoice.exe
    2013-01-07 14:19:45 317440 ----a-w- c:\windows\system32\spoolsv.exe
    2013-01-07 14:19:22 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
    2013-01-07 14:19:21 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
    2013-01-07 14:19:16 172544 ----a-w- c:\windows\system32\wintrust.dll
    2013-01-07 14:19:10 376832 ----a-w- c:\windows\system32\dpnet.dll
    2013-01-07 14:19:01 140288 ----a-w- c:\windows\system32\cryptsvc.dll
    2013-01-07 14:19:01 1159680 ----a-w- c:\windows\system32\crypt32.dll
    2013-01-07 14:19:01 103936 ----a-w- c:\windows\system32\cryptnet.dll
    2013-01-07 14:13:31 826880 ----a-w- c:\windows\system32\rdpcore.dll
    2013-01-07 14:13:31 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2013-01-04 16:35:59 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-04 15:22:06 -------- d-----w- c:\program files\AutoHotkey
    2013-01-04 15:16:36 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2013-01-04 15:16:33 88576 ----a-w- c:\windows\system32\wudriver.dll
    2013-01-04 15:16:31 33792 ----a-w- c:\windows\system32\wuapp.exe
    2013-01-04 15:16:31 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2013-01-04 14:56:53 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8021920d-8773-4126-87a5-b63a8e22bacb}\gapaengine.dll
    2013-01-04 14:56:53 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
    .
    ==================== Find3M ====================
    .
    2013-01-04 16:35:59 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
    2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll
    2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll
    2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
    2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 02:56:23 2345984 ----a-w- c:\windows\system32\win32k.sys
    2012-11-23 02:48:41 49152 ----a-w- c:\windows\system32\taskhost.exe
    2012-11-22 04:45:03 626688 ----a-w- c:\windows\system32\usp10.dll
    2012-11-20 04:51:09 220160 ----a-w- c:\windows\system32\ncrypt.dll
    2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-09 04:43:04 492032 ----a-w- c:\windows\system32\win32spl.dll
    2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-01 04:47:54 1389568 ----a-w- c:\windows\system32\msxml6.dll
    2012-10-22 12:02:46 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    .
    ============= FINISH: 20:57:29,76 ===============
  5. merijn

    merijn Newcomer, in training Topic Starter Posts: 19

    And the DDS attach.txt:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume4
    Install Date: 16-11-2011 22:33:10
    System Uptime: 14-1-2013 20:45:21 (0 hours ago)
    .
    Motherboard: Apple Inc. | | Mac-742912EFDBEE19B3
    Processor: Intel(R) Core(TM) i7-2677M CPU @ 1.80GHz | U2E1 | 1801/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 37 GiB total, 14,634 GiB free.
    D: is FIXED (HFS) - 196 GiB total, 54,159 GiB free.
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Bluetooth USB Host Controller
    Device ID: USB\VID_05AC&PID_821F\7&1B344649&0&3
    Manufacturer:
    Name: Bluetooth USB Host Controller
    PNP Device ID: USB\VID_05AC&PID_821F\7&1B344649&0&3
    Service:
    .
    ==== System Restore Points ===================
    .
    RP28: 11-1-2013 12:14:05 - Installed Java 7 Update 10
    RP29: 13-1-2013 23:48:51 - Installed Java 7 Update 11
    RP30: 14-1-2013 0:02:56 - Installed Microsoft Fix it 50884
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.0) - Nederlands
    Apple Software Update
    AutoHotkey 1.1.09.02
    AVG 2013
    Boot Camp-services
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Java 7 Update 11
    Java Auto Updater
    Malwarebytes Anti-Malware versie 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile NLD Language Pack
    Microsoft Antimalware
    Microsoft Antimalware Service NL-NL Language Pack
    Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (Dutch) 2010
    Microsoft Office Excel MUI (Dutch) 2010
    Microsoft Office Groove MUI (Dutch) 2010
    Microsoft Office InfoPath MUI (Dutch) 2010
    Microsoft Office OneNote MUI (Dutch) 2010
    Microsoft Office Outlook MUI (Dutch) 2010
    Microsoft Office PowerPoint MUI (Dutch) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (Dutch) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (German) 2010
    Microsoft Office Proofing (Dutch) 2010
    Microsoft Office Publisher MUI (Dutch) 2010
    Microsoft Office Shared MUI (Dutch) 2010
    Microsoft Office Visio 2010
    Microsoft Office Visio MUI (Dutch) 2010
    Microsoft Office Word MUI (Dutch) 2010
    Microsoft Security Client
    Microsoft Security Client NL-NL Language Pack
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visio 2010 Service Pack 1 (SP1)
    Microsoft Visio Professional 2010
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)
    Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
    Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    Windows-stuurprogrammapakket - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.8.3.10)
    Windows-stuurprogrammapakket - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
    Windows-stuurprogrammapakket - Apple Inc. Apple Broadcom Bluetooth (04/27/2011 4.0.0.1)
    Windows-stuurprogrammapakket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
    Windows-stuurprogrammapakket - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
    Windows-stuurprogrammapakket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
    Windows-stuurprogrammapakket - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1)
    Windows-stuurprogrammapakket - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1)
    Windows-stuurprogrammapakket - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1)
    Windows-stuurprogrammapakket - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)
    Windows-stuurprogrammapakket - Apple Inc. Apple System Device (04/05/2011 3.2.0.8)
    Windows-stuurprogrammapakket - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)
    Windows-stuurprogrammapakket - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)
    Windows-stuurprogrammapakket - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1)
    Windows-stuurprogrammapakket - Apple Inc. Apple Wireless Trackpad (01/17/2011 3.2.0.0)
    Windows-stuurprogrammapakket - Apple Inc. Bluetooth (03/01/2010 3.0.0.5)
    Windows-stuurprogrammapakket - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113)
    Windows-stuurprogrammapakket - Broadcom (b57nd60x) Net (12/02/2010 14.4.2.2)
    Windows-stuurprogrammapakket - Broadcom (BCM43XX) Net (06/16/2011 5.100.98.78)
    Windows-stuurprogrammapakket - Broadcom Corporation (bScsiSDx) SDHost (01/18/2011 1.0.0.220)
    Windows-stuurprogrammapakket - Cirrus Logic, Inc. (CirrusFilter) MEDIA (04/14/2011 6.6001.1.32)
    Windows-stuurprogrammapakket - Intel (e1express) Net (03/26/2010 9.13.41.0)
    Windows-stuurprogrammapakket - Intel (e1kexpress) Net (04/12/2010 11.6.92.0)
    Windows-stuurprogrammapakket - Intel (e1qexpress) Net (12/04/2009 11.4.7.0)
    Windows-stuurprogrammapakket - Intel (e1rexpress) Net (01/07/2010 11.4.16.0)
    Windows-stuurprogrammapakket - Intel (e1yexpress) Net (04/07/2010 10.1.9.0)
    Windows-stuurprogrammapakket - Intel System (07/20/2007 1.2.76.0)
    Windows-stuurprogrammapakket - Marvell (yukonwlh) Net (03/23/2007 10.12.7.3)
    .
    ==== End Of File ===========================
  6. merijn

    merijn Newcomer, in training Topic Starter Posts: 19

    And the AdwCleaner log:

    # AdwCleaner v2.105 - Verslag gemaakt op 14/01/2013 om 21:02:43
    # Geactualiseerd op 08/01/2013 door Xplode
    # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (32 bits)
    # Gebruiker : Merijn - MERIJN-PC
    # Opstarten Modus : Normale modus
    # Gelanceerd vanaf : C:\Users\Merijn\Downloads\adwcleaner.exe
    # Optie [Verwijderen]

    ***** [Diensten] *****

    ***** [Files / Mappen] *****

    ***** [Register] *****
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    ***** [Browsers] *****
    -\\ Internet Explorer v9.0.8112.16457
    [OK] Het register bevat geen enkele ongeoorloofde invoer.
    *************************
    AdwCleaner[S1].txt - [679 octets] - [14/01/2013 21:02:43]
    ########## EOF - C:\AdwCleaner[S1].txt - [738 octets] ##########
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From TechSpot

    Direct Link (alternative)

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.



    Kaspersky Virus Removal Tool

    The Kaspersky Virus Removal Tool is a scan-and-remove solution from Kaspersky that searches out the most common malware and attempts to remove it from your computer.

    Please download the Kaspersky Virus Removal Tool from Kaspersky's Official Link and save it to your Desktop.

    • Double-click the Setup file to install it on your computer.
    • Once it has installed, review and accept the agreement and press the Start button.
    • You will presented with the main interface, but don't scan yet, click the options tab (gear icon):
      [​IMG]
    • On the Scan Scope tab, make sure to checkmark all the options, except for the CD/DVD drive:
      [​IMG]
    • On the Security Level tab, make sure to move the slider up denoting "Current Security Level: High":
      [​IMG]
    • Now, go back to the Automatic Scan tab, and choose "Start Scanning". It may take several hours to complete. Please allow it to do so.
    • Once done scanning, choose the Report tab (page icon), select Detected Threats tab on left, and choose Disinfect All:
      [​IMG]
    • Then, choose Save. Also, in the Automatic Report tab, select Save:
      [​IMG]
    • Please post the reports in your next reply.
    • Once you exit, the tool should uninstall automatically.
  8. merijn

    merijn Newcomer, in training Topic Starter Posts: 19

    The ComboFix log:

    ComboFix 13-01-15.02 - Merijn 15-01-2013 20:41:31.1.4 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.2217.1330 [GMT 1:00]
    Gestart vanuit: c:\users\Merijn\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2013 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: AVG Anti-Virus Free Edition 2013 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Nieuw herstelpunt werd aangemaakt
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Merijn\hobjni.dll
    c:\users\Merijn\IDHWTSS1.dll
    c:\users\Merijn\PrtDLL.dll
    c:\windows\system32\drivers\a851a8d82b240c9.sys
    c:\windows\system32\sysprep\CRYPTBASE.DLL
    .
    Besmet exemplaar van c:\windows\system32\drivers\ntfs.sys werd aangetroffen en gedesinfecteerd
    Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17945_none_a8592bc67b451464\ntfs.sys
    Besmet exemplaar van c:\windows\system32\drivers\AGP440.sys werd aangetroffen en gedesinfecteerd
    Hersteld exemplaar van - c:\windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
    Besmet exemplaar van c:\windows\system32\drivers\asyncmac.sys werd aangetroffen en gedesinfecteerd
    Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_242e2506962cd3e0\asyncmac.sys
    Besmet exemplaar van c:\windows\system32\drivers\cdrom.sys werd aangetroffen en gedesinfecteerd
    Hersteld exemplaar van - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_a851a8d82b240c9
    -------\Service_a851a8d82b240c9
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-12-15 to 2013-01-15 ))))))))))))))))))))))))))))))
    .
    .
    2013-01-14 00:05 . 2013-01-14 00:05 -------- d-----w- c:\users\Merijn\AppData\Roaming\AVG2013
    2013-01-14 00:05 . 2013-01-14 00:05 -------- d-----w- c:\users\Merijn\AppData\Roaming\TuneUp Software
    2013-01-14 00:05 . 2013-01-14 00:05 -------- d-----w- c:\programdata\AVG2013
    2013-01-14 00:05 . 2013-01-14 00:05 -------- d-----w- C:\$AVG
    2013-01-14 00:04 . 2013-01-14 00:04 -------- d-----w- c:\program files\AVG
    2013-01-14 00:03 . 2013-01-15 19:34 -------- d-----w- c:\programdata\MFAData
    2013-01-14 00:03 . 2013-01-14 00:03 -------- d--h--w- c:\programdata\Common Files
    2013-01-14 00:03 . 2013-01-14 00:03 -------- d-----w- c:\users\Merijn\AppData\Local\MFAData
    2013-01-14 00:03 . 2013-01-14 00:03 -------- d-----w- c:\users\Merijn\AppData\Local\Avg2013
    2013-01-13 23:18 . 2013-01-13 23:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-01-13 23:18 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-13 22:40 . 2012-11-19 00:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6CF8E55E-4E0D-4498-9C94-A96F6004ED1F}\mpengine.dll
    2013-01-13 21:11 . 2013-01-13 21:11 -------- d-----w- c:\users\Merijn\AppData\Roaming\Malwarebytes
    2013-01-13 21:11 . 2013-01-13 21:11 -------- d-----w- c:\programdata\Malwarebytes
    2013-01-13 21:10 . 2013-01-13 21:10 -------- d-----w- c:\users\Merijn\AppData\Local\Programs
    2013-01-13 19:56 . 2013-01-13 19:56 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2659715-7F6D-4795-9E0F-962A2C7EB0E4}\offreg.dll
    2013-01-13 19:56 . 2012-11-08 09:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2659715-7F6D-4795-9E0F-962A2C7EB0E4}\mpengine.dll
    2013-01-11 11:14 . 2013-01-11 11:14 -------- d-----w- c:\program files\Common Files\Java
    2013-01-11 11:14 . 2013-01-11 11:14 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-01-11 11:14 . 2013-01-11 11:14 779704 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-11 11:14 . 2013-01-12 02:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-01-11 11:14 . 2013-01-13 22:49 -------- d-----w- c:\program files\Java
    2013-01-08 20:24 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
    2013-01-08 20:24 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
    2013-01-08 20:09 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
    2013-01-07 14:19 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
    2013-01-07 14:19 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
    2013-01-07 14:19 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
    2013-01-07 14:19 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll
    2013-01-07 14:19 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll
    2013-01-07 14:19 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
    2013-01-07 14:19 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll
    2013-01-07 14:19 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
    2013-01-07 14:13 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
    2013-01-07 14:13 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2013-01-04 16:35 . 2013-01-04 16:35 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-04 15:22 . 2013-01-04 15:22 -------- d-----w- c:\program files\AutoHotkey
    2013-01-04 15:16 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2013-01-04 15:16 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
    2013-01-04 15:16 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2013-01-04 15:16 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2013-01-04 15:16 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
    2013-01-04 15:16 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
    2013-01-04 15:16 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
    2013-01-04 15:16 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2013-01-04 15:16 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
    2013-01-04 14:56 . 2013-01-04 14:56 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8021920D-8773-4126-87A5-B63A8E22BACB}\gapaengine.dll
    2013-01-04 14:56 . 2011-11-23 23:04 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-04 16:35 . 2011-11-23 14:07 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-11-15 22:33 . 2012-11-15 22:33 94048 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2012-11-08 09:00 . 2011-11-28 23:13 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-10-22 12:02 . 2012-10-22 12:02 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2011-07-02 526208]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 142616]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 177432]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 176408]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
    .
    c:\users\Merijn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    --- Andere Services/Drivers In Geheugen ---
    .
    *NewlyCreated* - AVGIDSDRIVER
    *NewlyCreated* - AVGIDSHX
    *NewlyCreated* - AVGIDSSHIM
    *NewlyCreated* - AVGLDX86
    *NewlyCreated* - AVGLOGX
    *NewlyCreated* - AVGMFX86
    *NewlyCreated* - AVGRKX86
    *NewlyCreated* - AVGTDIX
    *NewlyCreated* - MBAMPROTECTOR
    *NewlyCreated* - WS2IFSL
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://www.google.nl/
    IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.178.1
    DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} - hxxps://vpn.stadsdeel-nieuwwest.nl/+CSCOL+/cscopf.cab
    DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} - hxxps://vpn.stadsdeel-nieuwwest.nl/+CSCOL+/cscopf.cab
    .
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\progra~1\AVG\AVG2013\avgrsx.exe
    c:\program files\AVG\AVG2013\avgcsrvx.exe
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\conhost.exe
    c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\windows\system32\AppleOSSMgr.exe
    c:\windows\system32\AppleTimeSrv.exe
    c:\program files\AVG\AVG2013\avgidsagent.exe
    c:\program files\AVG\AVG2013\avgwdsvc.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
    c:\program files\AVG\AVG2013\avgnsx.exe
    c:\program files\AVG\AVG2013\avgemcx.exe
    c:\windows\System32\WUDFHost.exe
    c:\windows\System32\WUDFHost.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\windows\system32\conhost.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2013-01-15 20:46:55 - machine werd herstart
    ComboFix-quarantined-files.txt 2013-01-15 19:46
    .
    Pre-Run: 16.094.580.736 bytes beschikbaar
    Post-Run: 16.295.223.296 bytes beschikbaar
    .
    - - End Of File - - E8ED095B5FF52CC68E207270FD6AD6D0
  9. merijn

    merijn Newcomer, in training Topic Starter Posts: 19

    The Kaspersky log is 74.8 MB. How can I post it?

    When running the Kaspersky scan I already had to delete some files during the scan to proceed scanning, also some files couldn't be deleted and had to be skipped to proceed. In total 6 threats were found.
  10. merijn

    merijn Newcomer, in training Topic Starter Posts: 19

    Here is the Kaspersky log of the 8 threats:

    Status: Deleted (events: 4)
    15-1-2013 22:17:40 Deleted Trojan program Trojan-Dropper.Win32.Necurs.cxq C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{52D85A60-1F28-774E-E4B8-688175EF49BC}-syshost.exe High
    15-1-2013 22:17:40 Deleted Trojan program Trojan-Dropper.Win32.Necurs.cxq C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{52D85A60-1F28-774E-E4B8-688175EF49BC}-syshost.exe//PE-Crypt.XorPE High
    15-1-2013 22:17:40 Deleted Trojan program Trojan.Win32.FakeAV.pvpt C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{7313C944-08BA-0005-04C0-AB21FBB503F4}-vbb.exe High
    15-1-2013 22:17:40 Deleted Trojan program Trojan.Win32.FakeAV.pvpt C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{7313C944-08BA-0005-04C0-AB21FBB503F4}-vbb.exe//PE-Crypt.XorPE High
    Status: Absent (events: 4)
    15-1-2013 23:39:17 Not found Trojan program Trojan-Dropper.Win32.Necurs.cxq C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{52D85A60-1F28-774E-E4B8-688175EF49BC}-syshost.exe//PE-Crypt.XorPE High
    15-1-2013 23:39:17 Not found Trojan program Trojan.Win32.FakeAV.pvpt C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{7313C944-08BA-0005-04C0-AB21FBB503F4}-vbb.exe//PE-Crypt.XorPE High
    15-1-2013 23:39:17 Not found Trojan program Trojan-Dropper.Win32.Necurs.cxq C:\Users\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{52D85A60-1F28-774E-E4B8-688175EF49BC}-syshost.exe//PE-Crypt.XorPE High
    15-1-2013 23:39:17 Not found Trojan program Trojan.Win32.FakeAV.pvpt C:\Users\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{7313C944-08BA-0005-04C0-AB21FBB503F4}-vbb.exe//PE-Crypt.XorPE High
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Good job!

    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
  12. merijn

    merijn Newcomer, in training Topic Starter Posts: 19

    Don't you need the full Kaspersky log?
    (There were also some files that could't be scanned because they were password protected.)

    Should I still leave the anti-virus software disabled (als I did for the Combofix scan)?
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You don't have to leave it disabled. I don't need the full Kaspersky log.
     
  14. merijn

    merijn Newcomer, in training Topic Starter Posts: 19

    The OLT log:

    OTL logfile created on: 16-1-2013 21:31:19 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Merijn\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    2,16 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 57,24% Memory free
    4,33 Gb Paging File | 3,23 Gb Available in Paging File | 74,58% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 37,38 Gb Total Space | 15,17 Gb Free Space | 40,59% Space Free | Partition Type: NTFS
    Drive D: | 195,58 Gb Total Space | 52,71 Gb Free Space | 26,95% Space Free | Partition Type: HFS

    Computer Name: MERIJN-PC | User Name: Merijn | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013-01-16 21:30:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Merijn\Desktop\OTL.exe
    PRC - [2012-12-14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012-12-14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012-12-14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012-12-11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
    PRC - [2012-11-30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2012-11-23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2012-11-15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
    PRC - [2012-10-30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
    PRC - [2012-10-22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    PRC - [2012-10-22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
    PRC - [2012-10-22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
    PRC - [2012-10-22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
    PRC - [2011-07-02 14:29:28 | 000,526,208 | ---- | M] (Apple Inc.) -- C:\Program Files\Boot Camp\Bootcamp.exe
    PRC - [2011-07-02 14:29:24 | 000,100,224 | ---- | M] (Apple Inc.) -- C:\Windows\System32\AppleTimeSrv.exe
    PRC - [2011-07-02 14:29:22 | 000,194,432 | ---- | M] () -- C:\Windows\System32\AppleOSSMgr.exe
    PRC - [2011-06-15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011-04-27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010-12-21 01:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2011-07-02 14:21:45 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
    MOD - [2011-03-17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


    ========== Services (SafeList) ==========

    SRV - [2012-12-14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012-12-14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012-11-15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012-10-22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2012-09-20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2011-11-23 20:19:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2011-07-02 14:29:24 | 000,100,224 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Windows\System32\AppleTimeSrv.exe -- (AppleTimeSrv)
    SRV - [2011-07-02 14:29:22 | 000,194,432 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AppleOSSMgr.exe -- (AppleOSSMgr)
    SRV - [2011-06-09 16:21:45 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2011-06-09 16:21:44 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011-04-27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV - [2011-04-27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Merijn\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012-12-14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012-11-15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2012-10-22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
    DRV - [2012-10-15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
    DRV - [2012-10-02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2012-09-21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2012-09-21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
    DRV - [2012-09-21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
    DRV - [2012-09-14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011-07-02 14:22:05 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
    DRV - [2011-06-26 16:46:18 | 000,006,528 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KeyAgent.sys -- (KeyAgent)
    DRV - [2011-06-09 16:21:41 | 000,014,336 | ---- | M] (Cirrus Logic) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CS420x86.sys -- (CirrusFilter)
    DRV - [2011-06-09 16:21:00 | 000,049,664 | ---- | M] (Apple Inc.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AppleHFS.sys -- (AppleHFS)
    DRV - [2011-06-09 16:21:00 | 000,006,784 | ---- | M] (Apple Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AppleMNT.sys -- (AppleMNT)
    DRV - [2011-05-25 00:25:16 | 000,034,304 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\applebmt.sys -- (applebmt)
    DRV - [2011-05-24 23:40:24 | 000,026,624 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KeyMagic.sys -- (KeyMagic)
    DRV - [2011-05-19 12:39:22 | 000,018,944 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AppleBtBc.sys -- (AppleBtBc)
    DRV - [2011-04-27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2011-04-18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
    DRV - [2011-04-01 14:16:06 | 000,012,928 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\MacHALDriver.sys -- (MacHALDriver)
    DRV - [2011-01-31 23:10:14 | 000,007,680 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AppleODD.sys -- (AppleODD)
    DRV - [2011-01-31 23:10:10 | 000,029,824 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\applemtp.sys -- (applemtp)
    DRV - [2011-01-31 23:10:10 | 000,010,880 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\applemtm.sys -- (applemtm)
    DRV - [2010-11-20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010-11-20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV - [2010-10-19 23:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
    DRV - [2009-07-14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009-07-14 00:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE 77 DE 07 B4 A4 CC 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



    O1 HOSTS File: ([2013-01-15 20:45:54 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4 - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\Merijn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &Verzenden naar OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O16 - DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} https://vpn.stadsdeel-nieuwwest.nl/ CSCOL /cscopf.cab (CISCO Portforwarder Control)
    O16 - DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} https://vpn.stadsdeel-nieuwwest.nl/ CSCOL /cscopf.cab (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E0D5054-D8B2-472F-B9D5-7C30677D8024}: DhcpNameServer = 192.168.178.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C69EC18-FD35-47C2-BE8C-BE5BACD8FE8D}: DhcpNameServer = 192.168.178.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013-01-16 21:30:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Merijn\Desktop\OTL.exe
    [2013-01-15 20:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2013-01-15 20:45:55 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2013-01-15 20:44:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013-01-15 20:44:01 | 000,000,000 | ---D | C] -- C:\Users\Merijn\AppData\Local\temp
    [2013-01-15 20:40:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013-01-15 20:40:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013-01-15 20:40:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013-01-15 20:40:54 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2013-01-15 20:40:52 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013-01-15 20:40:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013-01-15 20:35:07 | 005,022,206 | R--- | C] (Swearware) -- C:\Users\Merijn\Desktop\ComboFix.exe
    [2013-01-14 01:05:35 | 000,000,000 | ---D | C] -- C:\Users\Merijn\AppData\Roaming\AVG2013
    [2013-01-14 01:05:07 | 000,000,000 | ---D | C] -- C:\Users\Merijn\AppData\Roaming\TuneUp Software
    [2013-01-14 01:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2013-01-14 01:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
    [2013-01-14 01:05:02 | 000,000,000 | ---D | C] -- C:\$AVG
    [2013-01-14 01:04:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2013-01-14 01:03:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2013-01-14 01:03:30 | 000,000,000 | ---D | C] -- C:\Users\Merijn\AppData\Local\MFAData
    [2013-01-14 01:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2013-01-14 01:03:30 | 000,000,000 | ---D | C] -- C:\Users\Merijn\AppData\Local\Avg2013
    [2013-01-14 00:18:49 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2013-01-14 00:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013-01-14 00:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013-01-13 22:11:34 | 000,000,000 | ---D | C] -- C:\Users\Merijn\AppData\Roaming\Malwarebytes
    [2013-01-13 22:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013-01-13 22:10:48 | 000,000,000 | ---D | C] -- C:\Users\Merijn\AppData\Local\Programs
    [2013-01-13 22:09:59 | 010,156,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Merijn\Desktop\mbam-setup.exe
    [2013-01-13 22:07:31 | 001,754,528 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Merijn\Desktop\iExplore.exe
    [2013-01-11 12:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2013-01-11 12:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2013-01-11 12:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2013-01-04 16:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
    [2013-01-04 16:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\AutoHotkey

    ========== Files - Modified Within 30 Days ==========

    [2013-01-16 21:30:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Merijn\Desktop\OTL.exe
    [2013-01-16 21:29:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013-01-16 21:28:51 | 1743,310,848 | -HS- | M] () -- C:\hiberfil.sys
    [2013-01-15 22:31:03 | 000,000,696 | -HS- | M] () -- C:\Windows\0665259drv.spi
    [2013-01-15 20:53:55 | 000,022,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013-01-15 20:53:55 | 000,022,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013-01-15 20:51:07 | 152,051,056 | ---- | M] () -- C:\Users\Merijn\Desktop\setup_11.0.0.1245.x01_2013_01_15_21_42.exe
    [2013-01-15 20:50:27 | 000,703,664 | ---- | M] () -- C:\Windows\System32\perfh013.dat
    [2013-01-15 20:50:27 | 000,618,108 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013-01-15 20:50:27 | 000,134,564 | ---- | M] () -- C:\Windows\System32\perfc013.dat
    [2013-01-15 20:50:27 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013-01-15 20:45:54 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2013-01-15 20:35:25 | 005,022,206 | R--- | M] (Swearware) -- C:\Users\Merijn\Desktop\ComboFix.exe
    [2013-01-14 01:05:07 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2013-01-14 00:21:05 | 000,001,274 | ---- | M] () -- C:\Users\Merijn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk
    [2013-01-14 00:18:50 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013-01-13 22:05:26 | 000,011,246 | -HS- | M] () -- C:\Users\Merijn\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
    [2013-01-13 22:05:26 | 000,011,246 | -HS- | M] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
    [2013-01-13 22:01:10 | 010,156,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Merijn\Desktop\mbam-setup.exe
    [2013-01-13 21:57:48 | 001,754,528 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Merijn\Desktop\iExplore.exe
    [2013-01-11 17:22:50 | 000,000,091 | ---- | M] () -- C:\Users\Merijn\connbar.ini
    [2013-01-11 12:05:26 | 000,409,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2013-01-08 21:41:54 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\Internetbrowser selecteren.lnk
    [2013-01-04 16:34:47 | 000,000,497 | ---- | M] () -- C:\Users\Merijn\Desktop\ReverseScrolling.ahk
    [2013-01-04 16:22:34 | 000,001,351 | ---- | M] () -- C:\Users\Merijn\Documents\AutoHotkey.ahk

    ========== Files Created - No Company Name ==========

    [2013-01-15 22:17:48 | 000,000,696 | -HS- | C] () -- C:\Windows\0665259drv.spi
    [2013-01-15 20:50:13 | 152,051,056 | ---- | C] () -- C:\Users\Merijn\Desktop\setup_11.0.0.1245.x01_2013_01_15_21_42.exe
    [2013-01-15 20:40:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013-01-15 20:40:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013-01-15 20:40:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013-01-15 20:40:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013-01-15 20:40:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013-01-14 01:05:07 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2013-01-14 00:18:50 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013-01-13 20:51:10 | 000,011,246 | -HS- | C] () -- C:\Users\Merijn\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
    [2013-01-13 20:51:10 | 000,011,246 | -HS- | C] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
    [2013-01-11 12:15:14 | 000,000,091 | ---- | C] () -- C:\Users\Merijn\connbar.ini
    [2013-01-08 21:41:54 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\Internetbrowser selecteren.lnk
    [2013-01-08 21:10:56 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2013-01-08 21:10:36 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2013-01-04 16:24:35 | 000,000,497 | ---- | C] () -- C:\Users\Merijn\Desktop\ReverseScrolling.ahk
    [2013-01-04 16:22:34 | 000,001,351 | ---- | C] () -- C:\Users\Merijn\Documents\AutoHotkey.ahk
    [2011-11-16 22:44:41 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
    [2011-11-16 22:44:41 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
    [2011-11-16 22:44:41 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
    [2011-11-16 22:44:38 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
    [2011-11-16 22:44:06 | 000,014,184 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
    [2011-08-31 19:46:14 | 000,216,000 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
    [2011-08-31 19:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\System32\igdde32.dll
    [2011-08-31 19:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
    [2011-08-31 19:15:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
    [2011-07-02 14:29:22 | 000,194,432 | ---- | C] () -- C:\Windows\System32\AppleOSSMgr.exe
    [2011-04-12 05:48:01 | 000,703,664 | ---- | C] () -- C:\Windows\System32\perfh013.dat
    [2011-04-12 05:48:01 | 000,341,322 | ---- | C] () -- C:\Windows\System32\perfi013.dat
    [2011-04-12 05:48:01 | 000,134,564 | ---- | C] () -- C:\Windows\System32\perfc013.dat
    [2011-04-12 05:48:01 | 000,043,068 | ---- | C] () -- C:\Windows\System32\perfd013.dat

    ========== ZeroAccess Check ==========

    [2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2013-01-14 01:05:35 | 000,000,000 | ---D | M] -- C:\Users\Merijn\AppData\Roaming\AVG2013
    [2013-01-14 01:05:07 | 000,000,000 | ---D | M] -- C:\Users\Merijn\AppData\Roaming\TuneUp Software

    ========== Purity Check ==========


    < End of report >
  15. merijn

    merijn Newcomer, in training Topic Starter Posts: 19

    Don't know if you need the extras logfile:


    OTL Extras logfile created on: 16-1-2013 21:31:19 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Merijn\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    2,16 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 57,24% Memory free
    4,33 Gb Paging File | 3,23 Gb Available in Paging File | 74,58% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 37,38 Gb Total Space | 15,17 Gb Free Space | 40,59% Space Free | Partition Type: NTFS
    Drive D: | 195,58 Gb Total Space | 52,71 Gb Free Space | 26,95% Space Free | Partition Type: HFS

    Computer Name: MERIJN-PC | User Name: Merijn | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0365C22A-97E8-44AC-9974-1EB23F517C92}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{321A8DA3-28B2-4321-8959-D607CE50722B}" = lport=445 | protocol=6 | dir=in | app=system |
    "{510184BE-E1DF-47C6-A4D6-58DEF3A9DA5B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{55A0AA7D-A4B5-45A5-8894-348D8F7633A0}" = rport=138 | protocol=17 | dir=out | app=system |
    "{59F92A4F-21CB-44AF-9EBA-83E7A5245EAA}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{631DE6B9-DF6F-4AD3-BB00-13D0237C77D1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{70C501AB-A499-458B-9C8A-BBA0180EB9E9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{7D975288-1448-4E38-ABE9-278431B0F7EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7E1B4E87-6DF3-4F40-92C1-01A14E506B74}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{7E5B1671-3C89-4E1B-81F9-A49DB1864CCF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{84D26095-6C47-489E-99C9-EC5F8F8CE277}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{B573B3DE-F113-476E-8374-AB77EBCEEB70}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{BA83567C-CF26-4F87-AD85-A799D054702C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{BEB28193-69E7-4813-873A-68E4290FDF89}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C2CE8968-7360-4D79-9BBC-0DE9F04B5205}" = rport=139 | protocol=6 | dir=out | app=system |
    "{D0800395-D8E6-4A92-BD70-34C0D584E5DE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{DC2EB3F7-003D-4304-95EC-B448B8B5B8F7}" = rport=137 | protocol=17 | dir=out | app=system |
    "{EF8A32C6-1EA2-4CF6-A61A-280955E2E3FA}" = lport=138 | protocol=17 | dir=in | app=system |
    "{F25C91D6-51F7-442C-9878-C41A5800D5DE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F2A9FCBD-61D9-40EB-8174-65DD3DDB4D17}" = lport=137 | protocol=17 | dir=in | app=system |
    "{F5E3BD89-B0C1-46CF-8455-9E067DF73E66}" = rport=445 | protocol=6 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{17BC5AE2-AAA4-480D-8922-5C60D003F352}" = dir=out | name=core networking - system ip core |
    "{222AD938-4580-4159-80FB-70873691538D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{225FB811-05C0-4C61-A18D-76B3D60A9E25}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{2E03BE16-8419-4D9C-A221-F4770A1F3277}" = dir=in | name=core networking - system ip core |
    "{3B38C10F-4D8C-4BEA-8D8F-02D57DCA34FB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
    "{40BA2088-3016-4E41-9592-FD66D10A2085}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{42E647B2-7F49-40A7-A193-090F60FD7A2F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{4B2E6724-2C54-4F13-B13C-CEB8A1E2D353}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{50FAC443-E4B0-4765-B7E7-63CF478A817E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{5103FB93-8012-4664-B81E-976FFA65A59A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{52894D04-78D7-4434-920F-2F1E20C16F55}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
    "{5CFB02BB-E067-4C79-9FA8-671B5899AB3D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5E756538-49AC-4836-B5F9-EBD8EF391A70}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{739F2CE2-D25A-428B-A65C-7574E7F6FE01}" = protocol=6 | dir=out | app=system |
    "{77E2FD31-AF87-4F7F-B952-6805C235DC45}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{7B017B4F-EBBE-4EFD-9D76-2CD57C75BB89}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
    "{828295C7-D504-4F1D-8E5C-683F65B93D59}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{9B0F47F0-3C02-43F8-AFD8-934E4A35BBA9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{AF4A1559-18DD-4B50-8727-2F92608372FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B1C2E818-5CC4-4669-8321-95A130533B46}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
    "{BF08E610-7CB0-4497-AEF3-19F64688AA3A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{BF1DCFD9-0CEF-4F08-9993-943D4EBAEFB8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{C48C609B-34DE-4B43-BE52-C298AE1C9786}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{C611CF4E-03A5-48F1-935B-500B1B26B2E2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
    "{C7AC7E99-D756-48A6-BDB0-34A0C7814D08}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{D0408CE5-AAB3-4395-AB4A-81B20A729002}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
    "{D58A8626-C3AC-4494-96EB-FAC6092C7EE2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{D69AEC03-3F94-479A-97E5-6D8B65AF66C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D8439C2C-071B-404E-8A13-8C5DA0CC8F3F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{E84711AD-3B8E-494A-A9BA-312FC12F906E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
    "{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 11
    "{2CCC5C78-20FF-478E-8B65-46B58CC5781B}" = AVG 2013
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client NL-NL Language Pack
    "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{8990CF47-8B04-4CCE-89E2-A9241DB27E3B}" = AVG 2013
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2010
    "{90140000-0015-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2010
    "{90140000-0016-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2010
    "{90140000-0018-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2010
    "{90140000-0019-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2010
    "{90140000-001A-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2010
    "{90140000-001B-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
    "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
    "{90140000-001F-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0413-0000-0000000FF1CE}_Office14.VISIOR_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2010
    "{90140000-002C-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{D3B92058-CF96-445F-A297-F7ED19C4E841}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2010
    "{90140000-0044-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0054-0413-0000-0000000FF1CE}" = Microsoft Office Visio MUI (Dutch) 2010
    "{90140000-0054-0413-0000-0000000FF1CE}_Office14.VISIOR_{01C54C3B-1844-4874-9B6F-CAFC0B4C43B0}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
    "{90140000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2010
    "{90140000-006E-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{260407D0-98A1-4D9A-A956-3D1DEDDDF3B9}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2010
    "{90140000-00A1-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2010
    "{90140000-00BA-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
    "{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{AC76BA86-7AD7-1043-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Nederlands
    "{E8F8AF38-7FFA-407A-8E4B-4722AE20FA30}" = Boot Camp-services
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{F8EDC0F8-15BC-4411-8762-77105C8AAEEC}" = Microsoft Antimalware Service NL-NL Language Pack
    "07170A155D5587C8782EABA10E94E4127A86F6E4" = Windows-stuurprogrammapakket - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.8.3.10)
    "0A8E69CB2299FB82BA54D1D4C0F3B1810146DBAB" = Windows-stuurprogrammapakket - Apple Inc. Apple Broadcom Bluetooth (04/27/2011 4.0.0.1)
    "111E266FDD1556398EFC13BE47678F96E8497682" = Windows-stuurprogrammapakket - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)
    "157C5C3D3E97D5439AD0C6268A489EF68FB7AD4F" = Windows-stuurprogrammapakket - Intel (e1yexpress) Net (04/07/2010 10.1.9.0)
    "1D68F7A8B8397256B162B831457A6775BD17F3F4" = Windows-stuurprogrammapakket - Marvell (yukonwlh) Net (03/23/2007 10.12.7.3)
    "20CF1F4786CB13A83CD2EC358929609A9B7A205C" = Windows-stuurprogrammapakket - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1)
    "28AB5A817BE0B4C6952E913DEB9CA907C7871C74" = Windows-stuurprogrammapakket - Broadcom (b57nd60x) Net (12/02/2010 14.4.2.2)
    "2E2B6DCC02509BB8D2629A009DE8B5C3055B6779" = Windows-stuurprogrammapakket - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)
    "31BC243044B2C02B454ECDA8F5B44427F3754DD0" = Windows-stuurprogrammapakket - Apple Inc. Bluetooth (03/01/2010 3.0.0.5)
    "44E2556E81BCB991055DD976642491906DD3B8A0" = Windows-stuurprogrammapakket - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1)
    "4A92273B670E1AF46863F93542352C780755E201" = Windows-stuurprogrammapakket - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113)
    "4B114013DDC5858DB929CE55F363AB88CDE1F78C" = Windows-stuurprogrammapakket - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1)
    "4D00971668041EDAD7097C5827D1739F03B9E5D7" = Windows-stuurprogrammapakket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
    "5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Windows-stuurprogrammapakket - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
    "7E77301EAEB38AFBF074A5EEACED05B618975B6C" = Windows-stuurprogrammapakket - Apple Inc. Apple Wireless Trackpad (01/17/2011 3.2.0.0)
    "82BE89CA9B7493FA05D2D4D32B415CF07EA08B47" = Windows-stuurprogrammapakket - Intel System (07/20/2007 1.2.76.0)
    "8BB769A00E5FB4E3C5C45B4B60C20B4322C430BD" = Windows-stuurprogrammapakket - Intel (e1rexpress) Net (01/07/2010 11.4.16.0)
    "9324ED54E32F5399037F87E076CA01C6CEB92830" = Windows-stuurprogrammapakket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
    "9646DB3A0BD532DCF0A6750140F84D0089FF608E" = Windows-stuurprogrammapakket - Intel (e1express) Net (03/26/2010 9.13.41.0)
    "A0DAD483951AB3046050D68A2A1D8CEB4A7C61EE" = Windows-stuurprogrammapakket - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "AF5930CAB6A628999B8500F18549DCD96021E8FC" = Windows-stuurprogrammapakket - Broadcom (BCM43XX) Net (06/16/2011 5.100.98.78)
    "AutoHotkey" = AutoHotkey 1.1.09.02
    "AVG" = AVG 2013
    "B9491C5C199D7236FCDCB76367922461FADC80C7" = Windows-stuurprogrammapakket - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1)
    "BCFD182AEFFCC167E74298C1563F0C84CEE4D92C" = Windows-stuurprogrammapakket - Intel (e1qexpress) Net (12/04/2009 11.4.7.0)
    "C5CE3BA75A23622D2140C5D5D0998C07DDC4CF1C" = Windows-stuurprogrammapakket - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
    "D885E9963D372B22E9F3CD04F0AF501F1FCCF220" = Windows-stuurprogrammapakket - Intel (e1kexpress) Net (04/12/2010 11.6.92.0)
    "E81D39E9D96872D02774D1E6A6D5DC1F222CB21F" = Windows-stuurprogrammapakket - Cirrus Logic, Inc. (CirrusFilter) MEDIA (04/14/2011 6.6001.1.32)
    "F46F6C2CF86ECDFF2CE25B508923B04E2F23F1CE" = Windows-stuurprogrammapakket - Apple Inc. Apple System Device (04/05/2011 3.2.0.8)
    "F4FD74182DF87939B302E81C3D80CA0D38D287AB" = Windows-stuurprogrammapakket - Broadcom Corporation (bScsiSDx) SDHost (01/18/2011 1.0.0.220)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.70.0.1100
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
    "Microsoft Security Client" = Microsoft Security Essentials
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "Office14.VISIOR" = Microsoft Visio Professional 2010

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 14-1-2013 15:47:20 | Computer Name = Merijn-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 14-1-2013 16:05:59 | Computer Name = Merijn-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 14-1-2013 16:13:52 | Computer Name = Merijn-PC | Source = Application Hang | ID = 1002
    Description = Het programma iexplore.exe, versie 9.0.8112.16457 reageert niet meer
    op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem
    beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum
    in het Configuratiescherm. Proces-id: b60 Starttijd: 01cdf29270edb73b Eindtijd: 16
    Toepassingspad:
    C:\Program Files\Internet Explorer\iexplore.exe Rapport-id:

    Error - 15-1-2013 15:35:32 | Computer Name = Merijn-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 15-1-2013 15:41:40 | Computer Name = Merijn-PC | Source = Application Error | ID = 1000
    Description = Naam van toepassing met fout: wmpnscfg.exe, versie: 12.0.7600.16385,
    tijdstempel: 0x4a5bccbc Naam van module met fout: KERNELBASE.dll, versie: 6.1.7601.18015,
    tijdstempel: 0x50b83b16 Uitzonderingscode: 0xc06d007f Foutoffset: 0x0000812f Id van
    proces met fout: 0x678 Starttijd van toepassing met fout: 0x01cdf35855b2f43e Pad
    naar toepassing met fout: C:\Program Files\Windows Media Player\wmpnscfg.exe Pad
    naar module met fout: C:\Windows\system32\KERNELBASE.dll Rapport-id: 94631c2c-5f4b-11e2-9a27-c82a144ea1c7

    Error - 15-1-2013 15:41:40 | Computer Name = Merijn-PC | Source = Application Error | ID = 1000
    Description = Naam van toepassing met fout: wmpnscfg.exe, versie: 12.0.7600.16385,
    tijdstempel: 0x4a5bccbc Naam van module met fout: KERNELBASE.dll, versie: 6.1.7601.18015,
    tijdstempel: 0x50b83b16 Uitzonderingscode: 0xc06d007f Foutoffset: 0x0000812f Id van
    proces met fout: 0x1730 Starttijd van toepassing met fout: 0x01cdf35855c860a1 Pad
    naar toepassing met fout: C:\Program Files\Windows Media Player\wmpnscfg.exe Pad
    naar module met fout: C:\Windows\system32\KERNELBASE.dll Rapport-id: 9462f51c-5f4b-11e2-9a27-c82a144ea1c7

    Error - 15-1-2013 15:47:03 | Computer Name = Merijn-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 15-1-2013 15:56:07 | Computer Name = Merijn-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
    Description = De service Cryptografische services is mislukt tijdens het verwerken
    van aanroep OnIdentity() op het object System Writer. Details: AddLegacyDriverFiles:
    Unable to back up image of binary 0665259drv. System Error: Het systeem kan het opgegeven
    bestand niet vinden. .

    Error - 15-1-2013 18:43:16 | Computer Name = Merijn-PC | Source = Application Hang | ID = 1002
    Description = Het programma NOTEPAD.EXE, versie 6.1.7600.16385 reageert niet meer
    op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem
    beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum
    in het Configuratiescherm. Proces-id: 5c6c Starttijd: 01cdf371a3bebca1 Eindtijd: 0
    Toepassingspad:
    C:\Windows\system32\NOTEPAD.EXE Rapport-id: ee024eb6-5f64-11e2-9128-c82a144ea1c7

    Error - 16-1-2013 16:30:47 | Computer Name = Merijn-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 15-1-2013 15:42:34 | Computer Name = Merijn-PC | Source = Service Control Manager | ID = 7030
    Description = De PEVSystemStart-service staat aangeduid als een interactieve service.
    Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn
    toegestaan. Deze service werkt mogelijk niet juist.

    Error - 15-1-2013 15:44:01 | Computer Name = Merijn-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 heeft een fout aangetroffen bij het bijwerken van handtekeningen.
    Nieuwe
    handtekeningversie: Vorige handtekeningversie: 1.141.3834.0 Updatebron: %%859 Updatefase:
    %%852 Bronpad: Default URL Handtekeningtype: %%800 Updatetype: %%803 Gebruiker: NT
    AUTHORITY\SYSTEM Huidige engineversie: Vorige engineversie: 1.1.9002.0 Foutcode: 0x80070424
    Foutbeschrijving:
    De opgegeven service is geen geïnstalleerde service.

    Error - 15-1-2013 15:44:06 | Computer Name = Merijn-PC | Source = Service Control Manager | ID = 7030
    Description = De PEVSystemStart-service staat aangeduid als een interactieve service.
    Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn
    toegestaan. Deze service werkt mogelijk niet juist.

    Error - 15-1-2013 15:44:08 | Computer Name = Merijn-PC | Source = Service Control Manager | ID = 7030
    Description = De PEVSystemStart-service staat aangeduid als een interactieve service.
    Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn
    toegestaan. Deze service werkt mogelijk niet juist.

    Error - 15-1-2013 15:45:38 | Computer Name = Merijn-PC | Source = Service Control Manager | ID = 7006
    Description = ScRegSetValueExW-oproep voor FailureActions is niet geslaagd vanwege
    deze fout: %%5.

    Error - 15-1-2013 15:45:38 | Computer Name = Merijn-PC | Source = Service Control Manager | ID = 7006
    Description = ScRegSetValueExW-oproep voor FailureActions is niet geslaagd vanwege
    deze fout: %%5.

    Error - 15-1-2013 15:45:39 | Computer Name = Merijn-PC | Source = Service Control Manager | ID = 7026
    Description = De volgende opstartstuurprogramma's zijn niet geladen: cdrom

    Error - 16-1-2013 16:29:11 | Computer Name = Merijn-PC | Source = Service Control Manager | ID = 7006
    Description = ScRegSetValueExW-oproep voor FailureActions is niet geslaagd vanwege
    deze fout: %%5.

    Error - 16-1-2013 16:29:12 | Computer Name = Merijn-PC | Source = Service Control Manager | ID = 7006
    Description = ScRegSetValueExW-oproep voor FailureActions is niet geslaagd vanwege
    deze fout: %%5.

    Error - 16-1-2013 16:29:12 | Computer Name = Merijn-PC | Source = Service Control Manager | ID = 7026
    Description = De volgende opstartstuurprogramma's zijn niet geladen: cdrom


    < End of report >
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Fix

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death

    Note: Absence of issues does not mean that you're protected in the future.
  17. merijn

    merijn Newcomer, in training Topic Starter Posts: 19

    OLT log file:

    All processes killed
    ========== OTL ==========
    C:\Windows\0665259drv.spi moved successfully.
    C:\Users\Merijn\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl moved successfully.
    C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl moved successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP-configuratie
    De DNS-omzettingscache is leeggemaakt.
    C:\Users\Merijn\Desktop\cmd.bat deleted successfully.
    C:\Users\Merijn\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Merijn
    ->Temp folder emptied: 7501 bytes
    ->Temporary Internet Files folder emptied: 184686356 bytes
    ->Java cache emptied: 1210227 bytes
    ->Flash cache emptied: 1624 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 453670 bytes
    RecycleBin emptied: 78468637 bytes

    Total Files Cleaned = 253,00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 01182013_222056
    Files\Folders moved on Reboot...
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
  18. merijn

    merijn Newcomer, in training Topic Starter Posts: 19

    The ESET log:

    C:\Qoobox\Quarantine\C\Windows\System32\sysprep\CRYPTBASE.DLL.vir a variant of Win32/Kryptik.ASDY trojan cleaned by deleting - quarantined
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    How are things working now?
  20. merijn

    merijn Newcomer, in training Topic Starter Posts: 19

    Everything appears to work normally...
    Anything else I need to do?
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create


    Remove tools, temp files, old Restore Points

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
    • It may open a log for you, but I don't need that.

    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.
    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  22. merijn

    merijn Newcomer, in training Topic Starter Posts: 19

    Results of screen317's Security Check version 0.99.57
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    AVG Anti-Virus Free Edition 2013
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware versie 1.70.0.1100
    Java 7 Update 11
    Adobe Reader 10.1.0 Adobe Reader out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials msseces.exe
    Windows Defender MSMpEng.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    AVG avgwdsvc.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    Microsoft Security Client Antimalware NisSrv.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:
    ````````````````````End of Log``````````````````````
  23. merijn

    merijn Newcomer, in training Topic Starter Posts: 19

    Is there a possibility that the D: drive of my computer (Mac OS partition) is infected, or my NAS or other Windows computers in the network?
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    I don't think so...want to scan it and find out?
  25. merijn

    merijn Newcomer, in training Topic Starter Posts: 19

    No, I think it's okay for now.
    Thank you very much!
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.