TechSpot

Malware

By hansvanderveeke
Aug 29, 2010
  1. Hi.

    I had a problem with my pc. Hidden iexplore and random sounds playing. A google search brought me here and I read about the solution to use CombiFix.
    I downloaded this and ran it.
    Now my pc seems to be free of the infection. No more hidden iexplore and random sounds. But...

    as I read along I wonder if I have to do anything else now. Do I have ti uninstall combofix or anything else? Other threads I read people were instructed to do other steps.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,915   +344

  3. hansvanderveeke

    hansvanderveeke TS Rookie Topic Starter Posts: 16

    busy

    Hi.

    I am busy with the step. Step 4 takes ages. After 2 hours or so it was finished. I tried to save the log but it got the compuer hanging. I had to reset it. Even ctrl-alt-del did not work.
    I started a second scan but it freezed the compuer also. I will try again tomorrow evening. Too late now.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    No problem :)
     
  5. hansvanderveeke

    hansvanderveeke TS Rookie Topic Starter Posts: 16

    Ok, I finished the steps. GMER still gave a problem but I managed to copy/paste the info to a text file. Somehow, after GMER, I was unable to close files and eventually the whole system had a hangup and I had to reboot.

    Here are the files:

    MALWARE
    ========================================

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Databaseversie: 4509

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    30-8-2010 18:38:40
    mbam-log-2010-08-30 (18-38-40).txt

    Scantype: Snelle scan
    Objecten gescand: 133367
    Verstreken tijd: 5 minuut/minuten, 23 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)
    ==================================================

    GMER
    =======================================

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-08-31 21:22:35
    Windows 5.1.2600 Service Pack 3
    Running: e91cly7e.exe; Driver: C:\DOCUME~1\Hans\LOCALS~1\Temp\fxtiqpoc.sys


    ---- System - GMER 1.0.15 ----

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9DA9086]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xB9DA9020]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB9DA9034]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9DA909A]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9DA90C6]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB9DA9134]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB9DA911E]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xB9DA914A]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB9DA9176]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9DA9072]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9DA8FE4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9DA8FF8]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xB9DA91B2]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB9DA9108]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB9DA90F2]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9DA90B0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xB9DA919E]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xB9DA918A]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xB9DA905E]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB9DA904A]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9DA90DC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9DA900C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xB9DA9160]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE ntkrnlpa.exe!NtOpenProcess 805CB3FA 5 Bytes JMP B9DA8FE8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtOpenThread 805CB686 5 Bytes JMP B9DA8FFC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE44 5 Bytes JMP B9DA904E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP B9DA9038 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwCreateProcess 805D11EA 5 Bytes JMP B9DA9024 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwSetContextThread 805D16F4 5 Bytes JMP B9DA9062 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwTerminateProcess 805D2982 5 Bytes JMP B9DA9010 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwQueryValueKey 806219EC 7 Bytes JMP B9DA90F6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwSetValueKey 80621D3A 7 Bytes JMP B9DA90E0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwUnloadKey 80622064 7 Bytes JMP B9DA9164 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80622916 7 Bytes JMP B9DA910C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwRenameKey 806231EA 7 Bytes JMP B9DA90B4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwCreateKey 806237C8 5 Bytes JMP B9DA908A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwDeleteKey 80623C64 7 Bytes JMP B9DA909E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E34 3 Bytes JMP B9DA90CA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwDeleteValueKey + 4 80623E38 3 Bytes [39, 90, 90]
    PAGE ntkrnlpa.exe!ZwEnumerateKey 80624014 7 Bytes JMP B9DA9138 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062427E 7 Bytes JMP B9DA9122 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwOpenKey 80624BA6 5 Bytes JMP B9DA9076 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwQueryKey 80624EE8 7 Bytes JMP B9DA91B6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwRestoreKey 806251A8 5 Bytes JMP B9DA918E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwLoadKey2 806255F8 7 Bytes JMP B9DA914E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwReplaceKey 8062589C 5 Bytes JMP B9DA91A2 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwNotifyChangeKey 806259B6 5 Bytes JMP B9DA917A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    .reloc C:\WINDOWS\system32\drivers\acedrv11.sys section is executable [0xA74C4600, 0x25B0C, 0xE0000060]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[192] kernel32.dll!SetUnhandledExceptionFilter 7C81495D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 09: copy of MBR

    ---- EOF - GMER 1.0.15 ----

    rest in next part
     
  6. hansvanderveeke

    hansvanderveeke TS Rookie Topic Starter Posts: 16

    part 2

    ===========================
    DDS
    ===========================


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Hans at 21:28:47,35 on di 31-08-2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3316.2691 [GMT 2:00]

    AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\Common Framework\udaterui.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Cobian Backup 9\Cobian.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Cobian Backup 9\cbInterface.exe
    C:\WINDOWS\system32\devldr32.exe
    svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Documents and Settings\Hans\Bureaublad\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.nl/ig?hl=nl&source=iglk
    BHO: Adobe PDF Reader Help bij koppelingen: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
    BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - No File
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
    uRun: [Google Update] "c:\documents and settings\hans\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [Cobian Backup 9] "c:\program files\cobian backup 9\Cobian.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9f.exe
    StartupFolder: c:\docume~1\hans\menust~1\progra~1\opstar~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
    Trusted Zone: motive.com\ponltbc.onl
    Trusted Zone: offlineregistration
    DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.nl/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} - hxxp://www.pixum.de/int/EasyUpload/ImgUploader.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    ============= SERVICES / DRIVERS ===============

    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-4-18 340592]
    R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-7-30 277736]
    R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456]
    R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
    R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088]
    R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-3-28 67904]
    R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-9-19 54960]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-4-18 90360]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-4-18 42424]
    S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-3-28 64432]

    =============== Created Last 30 ================

    2010-08-30 16:32:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-30 16:32:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-30 16:32:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-29 18:19:54 0 d-sha-r- C:\cmdcons
    2010-08-29 18:17:24 98816 ----a-w- c:\windows\sed.exe
    2010-08-29 18:17:24 77312 ----a-w- c:\windows\MBR.exe
    2010-08-29 18:17:24 256512 ----a-w- c:\windows\PEV.exe
    2010-08-29 18:17:24 161792 ----a-w- c:\windows\SWREG.exe
    2010-08-29 17:37:59 0 d-----w- c:\program files\Spybot - Search & Destroy
    2010-08-29 17:37:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2010-08-29 17:12:00 0 d-----w- c:\docume~1\hans\applic~1\Malwarebytes
    2010-08-29 17:11:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

    ==================== Find3M ====================

    2010-08-12 11:28:29 504866 ----a-w- c:\windows\system32\perfh013.dat
    2010-08-12 11:28:28 88512 ----a-w- c:\windows\system32\perfc013.dat
    2010-07-11 19:22:22 11904 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-06-30 12:33:19 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:27:56 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 09:02:59 1852032 ----a-w- c:\windows\system32\win32k.sys
    2010-06-17 14:03:48 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 07:43:35 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
    2004-01-31 18:54:10 331776 ----a-w- c:\windows\inf\pdfinst2.exe
    2008-09-24 17:13:42 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012008092420080925\index.dat

    ============= FINISH: 21:29:27,95 ===============

    rest in part 3
     
  7. hansvanderveeke

    hansvanderveeke TS Rookie Topic Starter Posts: 16

    part 3

    attach



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 18-4-2008 14:01:27
    System Uptime: 31-8-2010 21:25:58 (0 hours ago)

    Motherboard: Intel Corporation | | DG31PR
    Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | J3E1 | 2333/1333mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 98 GiB total, 61,013 GiB free.
    D: is FIXED (NTFS) - 195 GiB total, 173,783 GiB free.
    S: is FIXED (NTFS) - 173 GiB total, 90,525 GiB free.
    Z: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP508: 1-6-2010 20:50:25 - Controlepunt van systeem
    RP509: 4-6-2010 15:45:26 - Controlepunt van systeem
    RP510: 6-6-2010 13:39:49 - Installed calibre
    RP511: 6-6-2010 13:40:17 - Removed calibre
    RP512: 6-6-2010 21:04:58 - Verwijderd: Microsoft Office Professional Editie 2003
    RP513: 6-6-2010 21:09:28 - Installed Microsoft Office Enterprise 2007
    RP514: 6-6-2010 21:15:49 - Printerstuurprogramma Send To Microsoft OneNot is geïnstalleerd
    RP515: 6-6-2010 22:22:28 - Software Distribution Service 3.0
    RP516: 7-6-2010 21:49:28 - Software Distribution Service 3.0
    RP517: 10-6-2010 18:23:01 - Controlepunt van systeem
    RP518: 11-6-2010 20:27:51 - Controlepunt van systeem
    RP519: 13-6-2010 17:34:42 - Software Distribution Service 3.0
    RP520: 19-6-2010 13:35:12 - Controlepunt van systeem
    RP521: 20-6-2010 16:15:03 - Controlepunt van systeem
    RP522: 21-6-2010 22:08:07 - Controlepunt van systeem
    RP523: 23-6-2010 21:13:16 - Controlepunt van systeem
    RP524: 23-6-2010 22:10:24 - Software Distribution Service 3.0
    RP525: 25-6-2010 15:00:10 - Controlepunt van systeem
    RP526: 26-6-2010 16:10:36 - Controlepunt van systeem
    RP527: 27-6-2010 16:31:25 - Controlepunt van systeem
    RP528: 29-6-2010 19:39:36 - Controlepunt van systeem
    RP529: 1-7-2010 17:42:18 - Controlepunt van systeem
    RP530: 3-7-2010 11:46:38 - Controlepunt van systeem
    RP531: 4-7-2010 12:49:31 - Controlepunt van systeem
    RP532: 6-7-2010 10:06:33 - Controlepunt van systeem
    RP533: 7-7-2010 22:32:34 - Controlepunt van systeem
    RP534: 9-7-2010 14:03:54 - Controlepunt van systeem
    RP535: 11-7-2010 11:27:40 - Controlepunt van systeem
    RP536: 12-7-2010 14:01:22 - Controlepunt van systeem
    RP537: 13-7-2010 18:08:19 - Controlepunt van systeem
    RP538: 13-7-2010 19:13:51 - Herstelbewerking
    RP539: 13-7-2010 19:20:04 - Herstelbewerking
    RP540: 14-7-2010 20:06:43 - Controlepunt van systeem
    RP541: 14-7-2010 21:02:17 - Software Distribution Service 3.0
    RP542: 23-7-2010 22:19:20 - Controlepunt van systeem
    RP543: 26-7-2010 15:23:12 - Controlepunt van systeem
    RP544: 27-7-2010 18:49:15 - Controlepunt van systeem
    RP545: 30-7-2010 12:42:00 - Controlepunt van systeem
    RP546: 31-7-2010 13:09:16 - Controlepunt van systeem
    RP547: 5-8-2010 17:18:18 - Controlepunt van systeem
    RP548: 5-8-2010 18:50:17 - Software Distribution Service 3.0
    RP549: 7-8-2010 12:55:02 - Controlepunt van systeem
    RP550: 10-8-2010 13:47:17 - Controlepunt van systeem
    RP551: 12-8-2010 13:22:48 - Software Distribution Service 3.0
    RP552: 13-8-2010 14:15:11 - Controlepunt van systeem
    RP553: 14-8-2010 18:53:58 - Controlepunt van systeem
    RP554: 17-8-2010 19:24:14 - Controlepunt van systeem
    RP555: 18-8-2010 20:09:47 - Controlepunt van systeem
    RP556: 20-8-2010 19:23:50 - Controlepunt van systeem
    RP557: 22-8-2010 17:57:31 - Controlepunt van systeem
    RP558: 24-8-2010 14:30:45 - Controlepunt van systeem
    RP559: 26-8-2010 18:27:44 - Controlepunt van systeem
    RP560: 28-8-2010 11:38:57 - Controlepunt van systeem
    RP561: 29-8-2010 16:17:02 - Controlepunt van systeem

    ==== Installed Programs ======================


    Aangifte inkomstenbelasting 2008
    Aangifte inkomstenbelasting 2009
    Adobe Anchor Service CS4
    Adobe Bridge 1.0
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe Common File Installer
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Digital Editions
    Adobe ExtendScript Toolkit CS4
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Fonts All
    Adobe Help Center 1.0
    Adobe Linguistics CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS2
    Adobe Photoshop CS3
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader 8.2.4 - Nederlands
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Stock Photos 1.0
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Album Art Downloader XUI 0.21
    Apple Software Update
    Beveiligingsupdate for Windows XP (KB941569)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB961260)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB963027)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB969897)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB972260)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB2183461)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB972260)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB974455)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB976325)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB978207)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB981332)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB982381)
    Beveiligingsupdate voor Windows Media Player (KB911564)
    Beveiligingsupdate voor Windows Media Player (KB952069)
    Beveiligingsupdate voor Windows Media Player (KB954155)
    Beveiligingsupdate voor Windows Media Player (KB968816)
    Beveiligingsupdate voor Windows Media Player (KB973540)
    Beveiligingsupdate voor Windows Media Player (KB978695)
    Beveiligingsupdate voor Windows Media Player 11 (KB936782)
    Beveiligingsupdate voor Windows Media Player 11 (KB954154)
    Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)
    Beveiligingsupdate voor Windows Media Player 9 (KB936782)
    Beveiligingsupdate voor Windows XP (KB2079403)
    Beveiligingsupdate voor Windows XP (KB2115168)
    Beveiligingsupdate voor Windows XP (KB2160329)
    Beveiligingsupdate voor Windows XP (KB2229593)
    Beveiligingsupdate voor Windows XP (KB2286198)
    Beveiligingsupdate voor Windows XP (KB923561)
    Beveiligingsupdate voor Windows XP (KB923789)
    Beveiligingsupdate voor Windows XP (KB938464-v2)
    Beveiligingsupdate voor Windows XP (KB938464)
    Beveiligingsupdate voor Windows XP (KB946648)
    Beveiligingsupdate voor Windows XP (KB950760)
    Beveiligingsupdate voor Windows XP (KB950762)
    Beveiligingsupdate voor Windows XP (KB950974)
    Beveiligingsupdate voor Windows XP (KB951066)
    Beveiligingsupdate voor Windows XP (KB951376-v2)
    Beveiligingsupdate voor Windows XP (KB951376)
    Beveiligingsupdate voor Windows XP (KB951698)
    Beveiligingsupdate voor Windows XP (KB951748)
    Beveiligingsupdate voor Windows XP (KB952004)
    Beveiligingsupdate voor Windows XP (KB952954)
    Beveiligingsupdate voor Windows XP (KB953839)
    Beveiligingsupdate voor Windows XP (KB954211)
    Beveiligingsupdate voor Windows XP (KB954459)
    Beveiligingsupdate voor Windows XP (KB954600)
    Beveiligingsupdate voor Windows XP (KB955069)
    Beveiligingsupdate voor Windows XP (KB956391)
    Beveiligingsupdate voor Windows XP (KB956572)
    Beveiligingsupdate voor Windows XP (KB956744)
    Beveiligingsupdate voor Windows XP (KB956802)
    Beveiligingsupdate voor Windows XP (KB956803)
    Beveiligingsupdate voor Windows XP (KB956841)
    Beveiligingsupdate voor Windows XP (KB956844)
    Beveiligingsupdate voor Windows XP (KB957095)
    Beveiligingsupdate voor Windows XP (KB957097)
    Beveiligingsupdate voor Windows XP (KB958644)
    Beveiligingsupdate voor Windows XP (KB958687)
    Beveiligingsupdate voor Windows XP (KB958690)
    Beveiligingsupdate voor Windows XP (KB958869)
    Beveiligingsupdate voor Windows XP (KB959426)
    Beveiligingsupdate voor Windows XP (KB960225)
    Beveiligingsupdate voor Windows XP (KB960715)
    Beveiligingsupdate voor Windows XP (KB960803)
    Beveiligingsupdate voor Windows XP (KB960859)
    Beveiligingsupdate voor Windows XP (KB961371)
    Beveiligingsupdate voor Windows XP (KB961373)
    Beveiligingsupdate voor Windows XP (KB961501)
    Beveiligingsupdate voor Windows XP (KB968537)
    Beveiligingsupdate voor Windows XP (KB969059)
    Beveiligingsupdate voor Windows XP (KB969898)
    Beveiligingsupdate voor Windows XP (KB969947)
    Beveiligingsupdate voor Windows XP (KB970238)
    Beveiligingsupdate voor Windows XP (KB970430)
    Beveiligingsupdate voor Windows XP (KB971468)
    Beveiligingsupdate voor Windows XP (KB971486)
    Beveiligingsupdate voor Windows XP (KB971557)
    Beveiligingsupdate voor Windows XP (KB971633)
    Beveiligingsupdate voor Windows XP (KB971657)
    Beveiligingsupdate voor Windows XP (KB972270)
    Beveiligingsupdate voor Windows XP (KB973346)
    Beveiligingsupdate voor Windows XP (KB973354)
    Beveiligingsupdate voor Windows XP (KB973507)
    Beveiligingsupdate voor Windows XP (KB973525)
    Beveiligingsupdate voor Windows XP (KB973869)
    Beveiligingsupdate voor Windows XP (KB973904)
    Beveiligingsupdate voor Windows XP (KB974112)
    Beveiligingsupdate voor Windows XP (KB974318)
    Beveiligingsupdate voor Windows XP (KB974392)
    Beveiligingsupdate voor Windows XP (KB974571)
    Beveiligingsupdate voor Windows XP (KB975025)
    Beveiligingsupdate voor Windows XP (KB975467)
    Beveiligingsupdate voor Windows XP (KB975560)
    Beveiligingsupdate voor Windows XP (KB975561)
    Beveiligingsupdate voor Windows XP (KB975562)
    Beveiligingsupdate voor Windows XP (KB975713)
    Beveiligingsupdate voor Windows XP (KB977165)
    Beveiligingsupdate voor Windows XP (KB977816)
    Beveiligingsupdate voor Windows XP (KB977914)
    Beveiligingsupdate voor Windows XP (KB978037)
    Beveiligingsupdate voor Windows XP (KB978251)
    Beveiligingsupdate voor Windows XP (KB978262)
    Beveiligingsupdate voor Windows XP (KB978338)
    Beveiligingsupdate voor Windows XP (KB978542)
    Beveiligingsupdate voor Windows XP (KB978601)
    Beveiligingsupdate voor Windows XP (KB978706)
    Beveiligingsupdate voor Windows XP (KB979309)
    Beveiligingsupdate voor Windows XP (KB979482)
    Beveiligingsupdate voor Windows XP (KB979559)
    Beveiligingsupdate voor Windows XP (KB979683)
    Beveiligingsupdate voor Windows XP (KB980195)
    Beveiligingsupdate voor Windows XP (KB980218)
    Beveiligingsupdate voor Windows XP (KB980232)
    Beveiligingsupdate voor Windows XP (KB980436)
    Beveiligingsupdate voor Windows XP (KB981852)
    Beveiligingsupdate voor Windows XP (KB981997)
    Beveiligingsupdate voor Windows XP (KB982214)
    Beveiligingsupdate voor Windows XP (KB982665)
    Blokker V1.5.1.3
    calibre
    Cobian Backup 9
    Connect
    CutePDF Writer 2.7
    DVD Shrink 3.2
    EPSON Printer Software
    ESET Online Scanner v3
    Essentiële update voor Windows Media Player 11 (KB959772)
    Exact Audio Copy 0.99pb3
    FotoTime FotoAlbum Pro
    Garmin Communicator Plugin
    Garmin MapSource
    Garmin POI Loader
    Garmin TOPO Nederland
    Garmin USB Drivers
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    GrabIt 1.7.2 Beta 3 (build 996)
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix voor Windows Internet Explorer 7 (KB947864)
    Hotfix voor Windows Media Player 11 (KB939683)
    Hotfix voor Windows XP (KB952287)
    Hotfix voor Windows XP (KB961118)
    Hotfix voor Windows XP (KB970653-v3)
    Hotfix voor Windows XP (KB976098-v2)
    Hotfix voor Windows XP (KB979306)
    Hotfix voor Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver
    IrfanView (remove only)
    Java(TM) 6 Update 15
    KODAK EASYSHARE Gallery Upload ActiveX Control
    kuler
    Malwarebytes' Anti-Malware
    MapSource
    MapSource - City Select Europe v7 Update
    MapSource - European City Select v6
    Matrix Code Emulator 1.50
    McAfee Agent
    McAfee VirusScan Enterprise
    Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - NLD
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - NLD
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 Language Pack - nld
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Expression Web
    Microsoft Expression Web MUI (English)
    Microsoft Expression Web Service Pack 1 (SP1)
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (Dutch) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (Dutch) 2007
    Microsoft Office Groove MUI (Dutch) 2007
    Microsoft Office InfoPath MUI (Dutch) 2007
    Microsoft Office OneNote MUI (Dutch) 2007
    Microsoft Office Outlook MUI (Dutch) 2007
    Microsoft Office PowerPoint MUI (Dutch) 2007
    Microsoft Office Proof (Dutch) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (Dutch) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (Dutch) 2007
    Microsoft Office Shared MUI (Dutch) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Office Word MUI (Dutch) 2007
    Microsoft Software Update for Web Folders (Dutch) 12
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Mp3tag v2.41
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser (KB933579)
    Nero 6 Ultra Edition
    OGA Notifier 2.0.0048.0
    Onroute Fietskaart Nederland 1.62
    Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
    PDF Settings CS4
    Photoshop Camera Raw
    Picasa 3
    PoiEdit
    Polar Precision Performance SW
    ProtectDisc Driver, Version 11
    PTAssembler
    QuickTime
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    Security Update for 2007 Microsoft Office System (KB2277947)
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for 2007 Microsoft Office System (KB982331)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB982308)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB980376)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2251419)
    SSC Service Utility v4.30
    Suite Shared Configuration CS4
    Taalpakket voor Microsoft .NET Framework 3.5 - NL
    TeamViewer 3
    TweakNow RegCleaner
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Outlook 2007 Junk Email Filter (kb2279264)
    Update voor Windows Internet Explorer 8 (KB972636)
    Update voor Windows Internet Explorer 8 (KB976662)
    Update voor Windows Internet Explorer 8 (KB976749)
    Update voor Windows Internet Explorer 8 (KB980182)
    Update voor Windows XP (KB951072-v2)
    Update voor Windows XP (KB951978)
    Update voor Windows XP (KB955759)
    Update voor Windows XP (KB955839)
    Update voor Windows XP (KB967715)
    Update voor Windows XP (KB968389)
    Update voor Windows XP (KB971737)
    Update voor Windows XP (KB973687)
    Update voor Windows XP (KB973815)
    VMware Workstation
    WebFldrs XP
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live aanmeldhulp
    Windows Live installer
    Windows Live Messenger
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows XP Service Pack 3
    WinGDB3 3.42
    XML Paper Specification Shared Components Language Pack 1.0
    XML Paper Specification Shared Components Pack 1.0

    ==== End Of File ===========================


    Please let me know on how to proceed.

    And of courrse : THANKS!

    Hans
     
  8. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ===================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  9. hansvanderveeke

    hansvanderveeke TS Rookie Topic Starter Posts: 16

    More logs

    mbr log

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0204000c

    Kernel Drivers (total 128):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E5000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F78000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F67000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xBA0B8000 MountMgr.sys
    0xB9F48000 ftdisk.sys
    0xBA5AC000 dmload.sys
    0xB9F22000 dmio.sys
    0xBA330000 PartMgr.sys
    0xBA0C8000 VolSnap.sys
    0xB9F0A000 atapi.sys
    0xBA0D8000 disk.sys
    0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9EEA000 fltmgr.sys
    0xB9ED8000 sr.sys
    0xBA0F8000 PxHelp20.sys
    0xB9EC1000 KSecDD.sys
    0xB9EAE000 WudfPf.sys
    0xB9E21000 Ntfs.sys
    0xB9DF4000 NDIS.sys
    0xB9DDA000 Mup.sys
    0xB9D88000 mfehidk.sys
    0xB8E73000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
    0xB8E5F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB8E45000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
    0xBA438000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB8E21000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA440000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB8DDB000 \SystemRoot\system32\drivers\emu10k1m.sys
    0xB8DB7000 \SystemRoot\system32\drivers\portcls.sys
    0xBA158000 \SystemRoot\system32\drivers\drmk.sys
    0xB8D94000 \SystemRoot\system32\drivers\ks.sys
    0xBA168000 \SystemRoot\system32\drivers\sfmanm.sys
    0xBA5D4000 \SystemRoot\system32\drivers\ctlfacem.sys
    0xBA6EE000 \SystemRoot\system32\DRIVERS\ctljystk.sys
    0xBA5A0000 \SystemRoot\system32\DRIVERS\gameenum.sys
    0xBA178000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xBA448000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xBA450000 \??\C:\WINDOWS\system32\drivers\VMkbd.sys
    0xBA458000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA460000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xBA188000 \SystemRoot\system32\DRIVERS\serial.sys
    0xBA5A4000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xBA198000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xBA1A8000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xBA1B8000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB9499000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xBA6FA000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xB9489000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xB9D4F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB8D7D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xB9479000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xB9469000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xBA468000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB8D6C000 \SystemRoot\system32\DRIVERS\psched.sys
    0xB9459000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA470000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA478000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB8D3C000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xB9449000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA5D6000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB8CDE000 \SystemRoot\system32\DRIVERS\update.sys
    0xB9D37000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB9D33000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys
    0xB9D2F000 \SystemRoot\system32\DRIVERS\VMNET.SYS
    0xB9429000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB9409000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA5D8000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xBA5DC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBA7B8000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA5DE000 \SystemRoot\System32\Drivers\Beep.SYS
    0xBA498000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xBA4A0000 \SystemRoot\System32\drivers\vga.sys
    0xBA5E0000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA5E2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xBA4A8000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xBA4B0000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xBA558000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xA74BB000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA7462000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xBA1D8000 \SystemRoot\system32\drivers\mfetdik.sys
    0xA743C000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xA7414000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xBA1E8000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xBA570000 \SystemRoot\System32\drivers\ws2ifsl.sys
    0xA73F2000 \SystemRoot\System32\drivers\afd.sys
    0xBA1F8000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xA73C7000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA7357000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xBA208000 \SystemRoot\System32\Drivers\Fips.SYS
    0xBA2B8000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xA7317000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xBA664000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xA7347000 \SystemRoot\System32\drivers\Dxapi.sys
    0xBA3A0000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA7AB000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF024000 \SystemRoot\System32\igxpgd32.dll
    0xBF012000 \SystemRoot\System32\igxprd32.dll
    0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
    0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xBA3D0000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
    0xA7203000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA6ECA000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA704F000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA696F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xA6B24000 \??\C:\WINDOWS\system32\drivers\hcmon.sys
    0xA6B94000 \??\C:\WINDOWS\system32\Drivers\vmci.sys
    0xA6877000 \??\C:\WINDOWS\system32\Drivers\vmx86.sys
    0xA6834000 \??\C:\WINDOWS\system32\drivers\acedrv11.sys
    0xBA368000 \SystemRoot\System32\drivers\aspi32.sys
    0xA678D000 \SystemRoot\system32\DRIVERS\srv.sys
    0xBA390000 \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys
    0xA6685000 \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
    0xA63BD000 \SystemRoot\system32\drivers\mfebopk.sys
    0xA627C000 \SystemRoot\system32\drivers\mfeapfk.sys
    0xA6267000 \SystemRoot\system32\drivers\mfeavfk.sys
    0xA60E6000 \SystemRoot\System32\Drivers\HTTP.sys
    0xA5FA3000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 49):
    0 System Idle Process
    4 System
    732 C:\WINDOWS\system32\smss.exe
    800 csrss.exe
    824 C:\WINDOWS\system32\winlogon.exe
    868 C:\WINDOWS\system32\services.exe
    880 C:\WINDOWS\system32\lsass.exe
    1060 C:\WINDOWS\system32\svchost.exe
    1108 svchost.exe
    1756 C:\WINDOWS\system32\svchost.exe
    1796 C:\WINDOWS\system32\svchost.exe
    1876 svchost.exe
    244 svchost.exe
    504 C:\WINDOWS\system32\spoolsv.exe
    1028 C:\WINDOWS\explorer.exe
    1716 C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    1732 C:\WINDOWS\system32\igfxtray.exe
    1740 C:\WINDOWS\system32\hkcmd.exe
    1748 C:\WINDOWS\system32\igfxpers.exe
    1848 C:\WINDOWS\system32\igfxsrvc.exe
    1928 C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    2024 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    2036 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    136 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    256 C:\Program Files\Cobian Backup 9\Cobian.exe
    628 C:\WINDOWS\system32\ctfmon.exe
    1384 C:\Program Files\Cobian Backup 9\cbInterface.exe
    1484 C:\WINDOWS\system32\devldr32.exe
    2004 svchost.exe
    1356 C:\Program Files\Java\jre6\bin\jqs.exe
    724 C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    1496 C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    2240 C:\Program Files\Common Files\Motive\McciCMService.exe
    2264 C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    2288 naPrdMgr.exe
    2304 C:\WINDOWS\system32\mfevtps.exe
    2716 C:\WINDOWS\system32\vmnat.exe
    2908 C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    3032 C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    3064 mfeann.exe
    3368 C:\WINDOWS\system32\vmnetdhcp.exe
    3424 C:\Program Files\McAfee\Common Framework\McTray.exe
    3168 alg.exe
    2712 C:\Program Files\Outlook Express\msimn.exe
    3972 C:\Documents and Settings\Hans\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    2944 C:\Documents and Settings\Hans\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    3672 C:\Documents and Settings\Hans\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    3564 C:\Documents and Settings\Hans\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    1264 C:\Documents and Settings\Hans\Bureaublad\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000018`69e61600 (NTFS)
    \\.\S: --> \\.\PhysicalDrive0 at offset 0x00000049`3db14600 (NTFS)

    PhysicalDrive0 Model Number: SAMSUNGHD501LJ, Rev: CR100-12

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
  10. hansvanderveeke

    hansvanderveeke TS Rookie Topic Starter Posts: 16

    And another one: Combofix log

    ComboFix 10-08-31.02 - Hans 01-09-2010 17:19:29.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3316.2644 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Hans\Bureaublad\ComboFix.exe
    AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2010-08-01 to 2010-09-01 ))))))))))))))))))))))))))))))
    .

    2010-08-30 16:32 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-30 16:32 . 2010-08-30 16:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-30 16:32 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-29 17:37 . 2010-08-29 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-08-29 17:37 . 2010-08-29 18:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-08-29 17:12 . 2010-08-29 17:12 -------- d-----w- c:\documents and settings\Hans\Application Data\Malwarebytes
    2010-08-29 17:11 . 2010-08-29 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-08-13 11:10 . 2010-08-13 11:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-31 19:26 . 2008-10-24 10:41 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
    2010-08-31 19:26 . 2008-10-24 10:40 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
    2010-08-31 18:23 . 2008-10-24 10:45 -------- d-----w- c:\documents and settings\Hans\Application Data\VMware
    2010-08-29 19:27 . 2010-07-09 10:44 -------- d-----w- c:\documents and settings\Hans\Application Data\QuickScan
    2010-08-29 13:51 . 2008-04-19 18:38 -------- d-----w- c:\documents and settings\Hans\Application Data\PTAssembler
    2010-08-12 11:29 . 2008-04-18 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-08-12 11:28 . 2001-09-07 12:00 504866 ----a-w- c:\windows\system32\perfh013.dat
    2010-08-12 11:28 . 2001-09-07 12:00 88512 ----a-w- c:\windows\system32\perfc013.dat
    2010-07-11 19:22 . 2010-07-11 19:22 11904 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-07-11 19:22 . 2010-07-11 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
    2010-07-11 18:10 . 2010-07-06 16:41 354784 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-07-11 12:18 . 2010-07-11 12:18 -------- d-----w- c:\program files\ESET
    2010-07-09 11:23 . 2010-07-09 11:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-06-30 12:33 . 2004-08-03 23:03 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:27 . 2004-08-03 23:03 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 09:02 . 2004-08-03 22:56 1852032 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2004-08-03 21:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03 . 2004-08-03 23:03 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31 . 2008-04-18 11:58 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-14 07:43 . 2004-08-03 23:03 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-07 17:09 . 2008-04-20 13:07 73680 ----a-w- c:\documents and settings\Hans\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-08-29_18.33.57 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-08-31 19:26 . 2010-08-31 19:26 16384 c:\windows\Temp\Perflib_Perfdata_bd8.dat
    + 2010-08-31 19:26 . 2010-08-31 19:26 16384 c:\windows\Temp\Perflib_Perfdata_54c.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-21 68856]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "Google Update"="c:\documents and settings\Hans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-12 133104]
    "Cobian Backup 9"="c:\program files\Cobian Backup 9\Cobian.exe" [2008-07-03 579584]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-18 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-18 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-18 137752]
    "RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]

    c:\documents and settings\Hans\Menu Start\Programma's\Opstarten\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
    "c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4

    R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30-7-2008 7:51 277736]
    R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [29-9-2008 9:07 19456]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [28-3-2009 12:24 67904]
    R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [19-9-2008 0:12 54960]
    S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 20:22 135664]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [28-3-2009 12:24 64432]
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

    2010-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 18:22]

    2010-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 18:22]

    2010-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-507921405-839522115-1003Core.job
    - c:\documents and settings\Hans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-12 14:48]

    2010-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-507921405-839522115-1003UA.job
    - c:\documents and settings\Hans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-12 14:48]
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://www.google.nl/ig?hl=nl&source=iglk
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
    Trusted Zone: motive.com\ponltbc.onl
    Trusted Zone: offlineregistration
    DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} - hxxp://www.pixum.de/int/EasyUpload/ImgUploader.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-01 17:22
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,41,33,bb,58,8e,aa,e9,46,b7,cb,ad,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,41,33,bb,58,8e,aa,e9,46,b7,cb,ad,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------

    - - - - - - - > 'explorer.exe'(180)
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Voltooingstijd: 2010-09-01 17:24:24
    ComboFix-quarantined-files.txt 2010-09-01 15:24
    ComboFix2.txt 2010-08-29 18:35

    Pre-Run: 65.515.294.720 bytes beschikbaar
    Post-Run: 65.500.479.488 bytes beschikbaar

    - - End Of File - - 1F9B1F2C4B1003E2836804E3D625B140

    Thanks again!

    Hans
     
  11. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    All looks good, so far :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. hansvanderveeke

    hansvanderveeke TS Rookie Topic Starter Posts: 16

    Otl.log part 1

    Ok, done. I am not sure what exactly I am doing but your guidence is great!


    OTL logfile created on: 2-9-2010 19:43:43 - Run 1
    OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Hans\Bureaublad
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 79,00% Memory free
    5,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 97,65 Gb Total Space | 60,93 Gb Free Space | 62,40% Space Free | Partition Type: NTFS
    Drive D: | 195,31 Gb Total Space | 173,78 Gb Free Space | 88,98% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive S: | 172,79 Gb Total Space | 90,53 Gb Free Space | 52,39% Space Free | Partition Type: NTFS

    Computer Name: DE-STILLE
    Current User Name: Hans
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010-09-02 19:42:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hans\Bureaublad\OTL.exe
    PRC - [2008-09-29 09:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    PRC - [2008-09-29 09:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    PRC - [2008-09-29 09:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
    PRC - [2008-09-29 09:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    PRC - [2008-09-29 09:07:00 | 000,026,672 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
    PRC - [2008-09-29 09:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    PRC - [2008-09-19 00:12:00 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    PRC - [2008-09-19 00:11:36 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
    PRC - [2008-09-19 00:11:04 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
    PRC - [2008-07-03 13:21:42 | 002,747,392 | ---- | M] (Luis Cobian) -- C:\Program Files\Cobian Backup 9\cbInterface.exe
    PRC - [2008-07-03 13:21:38 | 000,579,584 | ---- | M] (Luis Cobian) -- C:\Program Files\Cobian Backup 9\Cobian.exe
    PRC - [2008-04-21 20:05:18 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2008-04-14 19:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008-03-14 05:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    PRC - [2008-03-14 05:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    PRC - [2008-03-14 05:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    PRC - [2008-03-14 05:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
    PRC - [2001-09-06 21:27:14 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


    ========== Modules (SafeList) ==========

    MOD - [2010-09-02 19:42:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hans\Bureaublad\OTL.exe
    MOD - [2008-04-14 19:01:18 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - [2009-01-02 11:49:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2008-09-29 09:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
    SRV - [2008-09-29 09:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
    SRV - [2008-09-29 09:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
    SRV - [2008-09-29 09:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
    SRV - [2008-09-19 00:12:00 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
    SRV - [2008-09-19 00:11:36 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
    SRV - [2008-09-19 00:11:04 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
    SRV - [2008-08-25 22:56:44 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
    SRV - [2008-03-14 05:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
    SRV - [2007-10-25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
    SRV - [2007-10-18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\Hans\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2008-12-29 21:45:01 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
    DRV - [2008-11-17 09:41:54 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2008-11-17 09:41:53 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2008-09-29 09:07:00 | 000,340,592 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2008-09-29 09:07:00 | 000,090,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2008-09-29 09:07:00 | 000,074,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2008-09-29 09:07:00 | 000,064,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2008-09-29 09:07:00 | 000,062,704 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
    DRV - [2008-09-29 09:07:00 | 000,042,424 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2008-09-19 00:12:22 | 000,857,392 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
    DRV - [2008-09-19 00:12:22 | 000,054,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
    DRV - [2008-09-19 00:12:22 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
    DRV - [2008-09-19 00:12:20 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
    DRV - [2008-09-19 00:12:18 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
    DRV - [2008-09-18 17:49:42 | 000,031,280 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmusb.sys -- (vmusb)
    DRV - [2008-09-18 17:49:42 | 000,031,280 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
    DRV - [2008-09-18 17:49:42 | 000,016,560 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
    DRV - [2008-08-25 22:55:46 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
    DRV - [2008-07-30 07:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
    DRV - [2008-04-18 17:43:51 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2008-04-13 20:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2008-04-13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008-01-15 19:17:58 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008-01-03 22:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2002-07-17 03:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
    DRV - [2001-08-17 20:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager-stuurprogramma (WDM)
    DRV - [2001-08-17 20:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager-stuurprogramma (WDM)
    DRV - [2001-08-17 20:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
    DRV - [2001-08-17 20:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?hl=nl&source=iglk
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    O1 HOSTS File: ([2010-08-29 20:33:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
    O4 - HKCU..\Run: [Cobian Backup 9] C:\Program Files\Cobian Backup 9\Cobian.exe (Luis Cobian)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\Hans\Menu Start\Programma's\Opstarten\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
    O9 - Extra Button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
    O15 - HKCU\..Trusted Domains: motive.com ([ponltbc.onl] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: offlineregistration ([]https in Trusted sites)
    O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.nl/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} http://www.pixum.de/int/EasyUpload/ImgUploader.cab (Pixum EasyUploadX Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
    O24 - Desktop WallPaper:
    O24 - Desktop BackupWallPaper:
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008-04-18 14:00:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
  13. hansvanderveeke

    hansvanderveeke TS Rookie Topic Starter Posts: 16

    hmmm...

    I am trying to postthe logs but somehow now the administrator has to approve them before they are visible.

    The OTL.txt about 7000 chars long. I have to post it in separate messages. Is there a way in which I can attach the files?
     
  14. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    I just approved your post. Please, continue with next parts.
     
  15. hansvanderveeke

    hansvanderveeke TS Rookie Topic Starter Posts: 16

    part 2

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux1 - C:\WINDOWS\System32\ctwdm32.dll (Creative Technology Ltd.)
    Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
    Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.VMnc - C:\WINDOWS\System32\vmnc.dll (VMware, Inc.)
    Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010-09-02 19:42:38 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hans\Bureaublad\OTL.exe
    [2010-08-30 18:32:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010-08-30 18:32:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010-08-30 18:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010-08-30 18:27:08 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hans\Bureaublad\TFC.exe
    [2010-08-29 20:19:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010-08-29 20:17:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010-08-29 20:17:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010-08-29 20:17:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010-08-29 20:17:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010-08-29 20:17:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010-08-29 20:16:43 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010-08-29 19:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2010-08-29 19:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2010-08-29 19:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hans\Application Data\Malwarebytes
    [2010-08-29 19:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010-08-16 21:18:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hans\Bureaublad\Kopie van hans
    [2010-08-15 14:47:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hans\Bureaublad\saskia
    [2010-08-14 19:43:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hans\Bureaublad\hans
    [2010-08-13 13:10:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
    [2010-08-12 13:27:35 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2010-07-11 21:22:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2010-07-11 14:18:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2010-07-09 13:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2010-07-09 12:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hans\Application Data\QuickScan
    [2010-07-08 20:18:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2010-07-08 20:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2010-07-08 20:17:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Google
    [2010-06-06 21:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2010-06-06 21:10:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
    [2010-06-06 21:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2008-04-20 12:56:23 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Hans\Application Data\pcouffin.sys

    ========== Files - Modified Within 90 Days ==========

    [2010-09-02 19:42:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hans\Bureaublad\OTL.exe
    [2010-09-02 19:37:00 | 000,001,042 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010-09-02 18:48:00 | 000,001,130 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-507921405-839522115-1003UA.job
    [2010-09-02 18:48:00 | 000,001,078 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-507921405-839522115-1003Core.job
    [2010-09-01 17:25:08 | 015,204,352 | -H-- | M] () -- C:\Documents and Settings\Hans\NTUSER.DAT
    [2010-09-01 17:24:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010-09-01 17:22:33 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010-09-01 17:14:16 | 003,830,025 | R--- | M] () -- C:\Documents and Settings\Hans\Bureaublad\ComboFix.exe
    [2010-09-01 17:13:14 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Hans\Bureaublad\MBRCheck.exe
    [2010-08-31 21:28:21 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Hans\Bureaublad\dds.scr
    [2010-08-31 21:27:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010-08-31 21:26:18 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010-08-31 21:26:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010-08-30 18:55:04 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Hans\Bureaublad\e91cly7e.exe
    [2010-08-30 18:32:41 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
    [2010-08-30 18:28:20 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Hans\ntuser.ini
    [2010-08-30 18:27:08 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hans\Bureaublad\TFC.exe
    [2010-08-29 20:33:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010-08-29 20:19:58 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010-08-29 19:31:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2010-08-29 19:31:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
    [2010-08-29 13:38:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2010-08-29 13:38:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
    [2010-08-25 22:02:11 | 000,280,858 | ---- | M] () -- C:\Documents and Settings\Hans\Mijn documenten\Princess_Of_Thieves-[cdcovers_cc]-front.jpg
    [2010-08-25 21:58:54 | 002,664,078 | ---- | M] () -- C:\Documents and Settings\Hans\Mijn documenten\The_Lovely_Bones_Dutch_R2-[cdcovers_cc]-front.jpg
    [2010-08-25 21:57:35 | 001,802,439 | ---- | M] () -- C:\Documents and Settings\Hans\Mijn documenten\Night_At_The_Museum_2_Dutch_Thinpack_Custom-[cdcovers_cc]-front.jpg
    [2010-08-25 21:56:10 | 001,745,071 | ---- | M] () -- C:\Documents and Settings\Hans\Mijn documenten\Shrek_3_Dutch_R2-[cdcovers_cc]-front.jpg
    [2010-08-25 21:55:12 | 000,988,209 | ---- | M] () -- C:\Documents and Settings\Hans\Mijn documenten\Shutter_Island_Dutch_Custom-[cdcovers_cc]-front.jpg
    [2010-08-25 21:54:16 | 003,088,891 | ---- | M] () -- C:\Documents and Settings\Hans\Mijn documenten\Paranormal_Activity_Dutch_R2-[cdcovers_cc]-front.jpg
    [2010-08-25 21:50:58 | 000,489,492 | ---- | M] () -- C:\Documents and Settings\Hans\Mijn documenten\The_Boat_That_Rocked_R2_Custom-[cdcovers_cc]-front.jpg
    [2010-08-25 21:50:25 | 002,978,377 | ---- | M] () -- C:\Documents and Settings\Hans\Mijn documenten\Alice_In_Wonderland_2010_Dutch_R2-[cdcovers_cc]-front.jpg
    [2010-08-25 21:44:58 | 000,898,800 | ---- | M] () -- C:\Documents and Settings\Hans\Mijn documenten\The_Road_Dutch_Custom-[cdcovers_cc]-front.jpg
    [2010-08-25 21:43:07 | 001,028,258 | ---- | M] () -- C:\Documents and Settings\Hans\Mijn documenten\The_Book_Of_Eli_Dutch_R2_Custom-[cdcovers_cc]-front.jpg
    [2010-08-25 20:59:27 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010-08-24 14:48:26 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Hans\Bureaublad\Google Chrome.lnk
    [2010-08-24 14:48:26 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Hans\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010-08-12 14:06:26 | 002,156,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010-08-12 13:29:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010-08-12 13:28:29 | 000,504,866 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
    [2010-08-12 13:28:28 | 001,069,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010-08-12 13:28:28 | 000,438,080 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010-08-12 13:28:28 | 000,088,512 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
    [2010-08-12 13:28:28 | 000,069,502 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010-08-12 13:22:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2010-08-12 13:22:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
    [2010-08-12 12:56:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2010-08-12 12:56:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
    [2010-08-09 22:34:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
    [2010-08-09 22:34:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2010-08-09 16:57:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2010-08-09 16:57:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
    [2010-08-08 13:38:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2010-08-08 13:38:18 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
    [2010-08-07 17:26:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2010-08-07 17:26:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
    [2010-08-07 12:26:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2010-08-07 12:26:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
    [2010-08-06 17:35:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2010-08-06 17:35:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
    [2010-08-05 18:49:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
    [2010-08-05 18:49:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
    [2010-07-31 16:01:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2010-07-31 16:01:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
    [2010-07-30 19:53:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2010-07-30 19:53:17 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
    [2010-07-30 12:50:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
    [2010-07-30 12:50:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2010-07-29 20:30:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2010-07-29 20:30:23 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
    [2010-07-27 22:05:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2010-07-27 22:05:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
    [2010-07-26 17:21:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2010-07-26 17:21:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
    [2010-07-23 22:27:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2010-07-23 22:27:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
    [2010-07-21 21:26:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2010-07-21 21:26:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
    [2010-07-21 19:51:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2010-07-21 19:51:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
    [2010-07-11 21:22:22 | 000,011,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2010-07-01 17:25:38 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\Hans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010-06-07 19:09:03 | 000,073,680 | ---- | M] () -- C:\Documents and Settings\Hans\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010-06-06 22:23:50 | 000,000,800 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010-06-06 21:30:07 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Hans\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2010-06-06 13:40:08 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\calibre - E-book management.lnk
     
  16. hansvanderveeke

    hansvanderveeke TS Rookie Topic Starter Posts: 16

    part 3

    ========== Files Created - No Company Name ==========

    [2010-09-01 17:14:13 | 003,830,025 | R--- | C] () -- C:\Documents and Settings\Hans\Bureaublad\ComboFix.exe
    [2010-09-01 17:13:14 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Hans\Bureaublad\MBRCheck.exe
    [2010-08-31 21:28:21 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Hans\Bureaublad\dds.scr
    [2010-08-30 18:55:04 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Hans\Bureaublad\e91cly7e.exe
    [2010-08-30 18:32:41 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
    [2010-08-29 20:43:46 | 000,011,160 | ---- | C] () -- C:\Documents and Settings\Hans\log van scan.txt
    [2010-08-29 20:19:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010-08-29 20:19:54 | 000,261,936 | ---- | C] () -- C:\cmldr
    [2010-08-29 20:17:24 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010-08-29 20:17:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010-08-29 20:17:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010-08-29 20:17:24 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010-08-29 20:17:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010-08-25 22:02:11 | 000,280,858 | ---- | C] () -- C:\Documents and Settings\Hans\Mijn documenten\Princess_Of_Thieves-[cdcovers_cc]-front.jpg
    [2010-08-25 21:58:54 | 002,664,078 | ---- | C] () -- C:\Documents and Settings\Hans\Mijn documenten\The_Lovely_Bones_Dutch_R2-[cdcovers_cc]-front.jpg
    [2010-08-25 21:57:35 | 001,802,439 | ---- | C] () -- C:\Documents and Settings\Hans\Mijn documenten\Night_At_The_Museum_2_Dutch_Thinpack_Custom-[cdcovers_cc]-front.jpg
    [2010-08-25 21:56:10 | 001,745,071 | ---- | C] () -- C:\Documents and Settings\Hans\Mijn documenten\Shrek_3_Dutch_R2-[cdcovers_cc]-front.jpg
    [2010-08-25 21:55:12 | 000,988,209 | ---- | C] () -- C:\Documents and Settings\Hans\Mijn documenten\Shutter_Island_Dutch_Custom-[cdcovers_cc]-front.jpg
    [2010-08-25 21:54:16 | 003,088,891 | ---- | C] () -- C:\Documents and Settings\Hans\Mijn documenten\Paranormal_Activity_Dutch_R2-[cdcovers_cc]-front.jpg
    [2010-08-25 21:50:58 | 000,489,492 | ---- | C] () -- C:\Documents and Settings\Hans\Mijn documenten\The_Boat_That_Rocked_R2_Custom-[cdcovers_cc]-front.jpg
    [2010-08-25 21:50:25 | 002,978,377 | ---- | C] () -- C:\Documents and Settings\Hans\Mijn documenten\Alice_In_Wonderland_2010_Dutch_R2-[cdcovers_cc]-front.jpg
    [2010-08-25 21:44:58 | 000,898,800 | ---- | C] () -- C:\Documents and Settings\Hans\Mijn documenten\The_Road_Dutch_Custom-[cdcovers_cc]-front.jpg
    [2010-08-25 21:43:07 | 001,028,258 | ---- | C] () -- C:\Documents and Settings\Hans\Mijn documenten\The_Book_Of_Eli_Dutch_R2_Custom-[cdcovers_cc]-front.jpg
    [2010-07-11 21:22:21 | 000,011,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2010-07-11 20:28:13 | 002,104,298 | ---- | C] () -- C:\WINDOWS\System32\drivers\2gmgsmt.sf2
    [2010-07-06 18:41:22 | 000,354,784 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010-06-06 21:30:07 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Hans\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009-03-14 17:50:35 | 000,055,856 | R--- | C] () -- C:\WINDOWS\System32\vnetinst.dll
    [2009-03-09 21:55:46 | 000,006,930 | ---- | C] () -- C:\Documents and Settings\Hans\Application Data\PrimoPDFSet.xml
    [2009-03-09 21:54:38 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
    [2008-12-29 21:45:01 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
    [2008-05-09 21:58:46 | 000,090,112 | ---- | C] () -- C:\Documents and Settings\Hans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008-05-09 21:58:45 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2008-04-20 12:57:31 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
    [2008-04-20 12:56:26 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Hans\Application Data\pcouffin.log
    [2008-04-20 12:56:23 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Hans\Application Data\ezpinst.exe
    [2008-04-20 12:56:23 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Hans\Application Data\pcouffin.cat
    [2008-04-20 12:56:23 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Hans\Application Data\pcouffin.inf
    [2008-04-20 12:53:23 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
    [2008-04-19 20:38:15 | 000,905,728 | ---- | C] () -- C:\WINDOWS\System32\Pano12.dll
    [2008-04-18 17:44:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
    [2008-04-18 15:42:08 | 000,000,395 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008-04-18 14:25:25 | 000,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
    [2008-04-18 14:08:27 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
    [2007-10-10 13:37:54 | 000,278,528 | ---- | C] () -- C:\WINDOWS\ImgUploaderLang_3.dll
    [2007-10-10 13:37:54 | 000,278,528 | ---- | C] () -- C:\WINDOWS\ImgUploaderLang_2.dll
    [2007-10-10 13:37:54 | 000,278,528 | ---- | C] () -- C:\WINDOWS\ImgUploaderLang_1.dll
    [2007-06-27 11:22:54 | 000,692,224 | ---- | C] () -- C:\WINDOWS\libcurl.dll
    [2003-08-17 11:26:08 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll

    ========== LOP Check ==========

    [2009-05-09 20:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\albelli photo book creator Extra
    [2008-04-19 21:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FotoTime
    [2008-10-17 09:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
    [2010-07-11 21:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2009-11-16 20:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
    [2008-07-29 18:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\albumart
    [2010-03-12 17:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\Belastingdienst
    [2009-04-13 19:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\Bret Taylor
    [2010-03-24 22:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\calibre
    [2008-04-19 21:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\FotoTime
    [2009-05-29 21:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\GARMIN
    [2008-04-19 21:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\GrabIt
    [2009-08-03 21:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\IrfanView
    [2008-04-20 13:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\Mp3tag
    [2008-10-02 19:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\Opera
    [2008-10-21 20:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\ProtectDisc
    [2010-08-29 15:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\PTAssembler
    [2010-08-29 21:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\QuickScan
    [2010-04-04 16:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\Softland
    [2008-10-02 20:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\Softplicity
    [2008-04-20 13:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\TeamViewer
    [2008-06-29 12:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\TuFuse Pro
    [2010-01-25 19:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\TweakNow RegCleaner
    [2010-04-18 15:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\Vso

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < * >
    [2009-03-14 17:50:03 | 000,001,024 | ---- | M] () -- \.rnd
    [2009-01-22 21:43:22 | 000,000,416 | ---- | M] () -- \38-index-4.4.6.txt
    [2009-05-09 20:27:15 | 000,000,674 | ---- | M] () -- \39-index-4.5.4.txt
    [2009-11-27 21:53:07 | 000,000,674 | ---- | M] () -- \39-index-4.5.8.txt
    [2010-01-10 16:05:07 | 000,000,674 | ---- | M] () -- \39-index-4.5.9.txt
    [2008-09-15 08:57:58 | 000,024,576 | ---- | M] () -- \ash_spti.dll
    [2008-10-01 10:29:44 | 000,966,656 | ---- | M] () -- \assistant.exe
    [2008-04-18 14:00:11 | 000,000,000 | ---- | M] () -- \AUTOEXEC.BAT
    [2008-04-18 13:56:51 | 000,000,211 | ---- | M] () -- \Boot.bak
    [2010-08-29 20:19:58 | 000,000,281 | RHS- | M] () -- \boot.ini
    [2001-09-07 14:00:00 | 000,004,952 | RHS- | M] () -- \Bootfont.bin
    [2008-09-15 08:57:58 | 000,242,475 | ---- | M] () -- \ca-bundle.crt
    [2004-08-03 23:00:14 | 000,261,936 | ---- | M] () -- \cmldr
    [2010-09-01 17:24:25 | 000,011,217 | ---- | M] () -- \ComboFix.txt
    [2008-04-18 14:00:11 | 000,000,000 | ---- | M] () -- \CONFIG.SYS
    [2008-09-15 08:57:58 | 000,131,072 | ---- | M] () -- \fpxjpeg.dll
    [2009-03-27 19:05:00 | 000,000,154 | ---- | M] () -- \ident.xml
    [2008-04-18 14:00:11 | 000,000,000 | RHS- | M] () -- \IO.SYS
    [2009-07-16 15:10:38 | 000,212,992 | ---- | M] () -- \libcurl.dll
    [2009-07-16 15:10:38 | 001,032,192 | ---- | M] () -- \libeay32.dll
    [2008-09-15 08:58:00 | 000,319,488 | ---- | M] () -- \libhunspell.dll
    [2008-09-15 08:58:00 | 000,170,496 | ---- | M] () -- \libssh2.dll
    [2008-09-15 08:58:00 | 000,322,990 | ---- | M] () -- \libssl32.dll
    [2008-04-18 14:00:11 | 000,000,000 | RHS- | M] () -- \MSDOS.SYS
    [2004-08-03 22:38:34 | 000,047,564 | RHS- | M] () -- \NTDETECT.COM
    [2008-09-24 18:40:30 | 000,251,712 | RHS- | M] () -- \ntldr
    [2010-08-31 21:26:14 | 2145,386,496 | -HS- | M] () --
    [2008-09-15 08:58:02 | 000,163,840 | ---- | M] () -- \picn1020.dll
    [2008-09-15 08:58:02 | 000,188,416 | ---- | M] () -- \picn1120.dll
    [2008-09-15 08:58:02 | 000,118,784 | ---- | M] () -- \picn1320.dll
    [2008-09-15 08:58:04 | 000,180,224 | ---- | M] () -- \picn20.dll
    [2008-09-15 08:58:04 | 000,159,744 | ---- | M] () -- \picn2720.dll
    [2008-09-15 08:58:06 | 001,511,424 | ---- | M] () -- \picn6620.dll
    [2008-09-15 08:58:06 | 001,507,328 | ---- | M] () -- \picn6720.dll
    [2009-11-27 13:48:00 | 005,558,272 | ---- | M] () -- \Pixum EasyBook.exe
    [2009-07-16 15:10:20 | 001,052,672 | ---- | M] () -- \QtCLucene4.dll
    [2009-07-16 15:10:22 | 002,076,672 | ---- | M] () -- \QtCore4.dll
    [2009-11-27 13:48:34 | 007,671,808 | ---- | M] () -- \QtGui4.dll
    [2009-07-16 15:10:32 | 000,413,696 | ---- | M] () -- \QtHelp4.dll
    [2009-07-16 15:10:32 | 000,921,600 | ---- | M] () -- \QtNetwork4.dll
    [2009-07-16 15:10:34 | 000,200,704 | ---- | M] () -- \QtSql4.dll
    [2009-07-16 15:10:34 | 000,270,336 | ---- | M] () -- \QtSvg4.dll
    [2009-07-16 15:10:34 | 009,318,400 | ---- | M] () -- \QtWebKit4.dll
    [2009-07-16 15:10:38 | 000,364,544 | ---- | M] () -- \QtXml4.dll
    [2008-09-15 08:57:56 | 000,450,560 | ---- | M] () -- \RecDev.dll
    [2008-09-15 08:57:56 | 000,085,504 | ---- | M] () -- \RedEye.dll
    [2010-07-11 13:33:19 | 000,000,016 | ---- | M] () -- \RootRepeal report 07-11-10 (13-33-19).txt
    [2008-09-15 08:58:08 | 000,753,664 | ---- | M] () -- \sadw.dll
    [2008-09-15 08:58:08 | 000,380,928 | ---- | M] () -- \safpx.dll
    [2008-09-15 08:57:56 | 000,077,824 | ---- | M] () -- \SAFPXLB.dll
    [2008-09-15 08:57:56 | 000,147,456 | ---- | M] () -- \SoftCore.dll
    [2010-08-06 17:35:16 | 000,000,232 | -H-- | M] () -- \sqmdata00.sqm
    [2010-08-07 12:26:26 | 000,000,232 | -H-- | M] () -- \sqmdata01.sqm
    [2010-08-07 17:26:46 | 000,000,232 | -H-- | M] () -- \sqmdata02.sqm
    [2010-08-08 13:38:18 | 000,000,232 | -H-- | M] () -- \sqmdata03.sqm
    [2010-08-09 16:57:08 | 000,000,232 | -H-- | M] () -- \sqmdata04.sqm
    [2010-08-09 22:34:41 | 000,000,232 | -H-- | M] () -- \sqmdata05.sqm
    [2010-08-12 12:56:02 | 000,000,232 | -H-- | M] () -- \sqmdata06.sqm
    [2010-08-12 13:22:27 | 000,000,232 | -H-- | M] () -- \sqmdata07.sqm
    [2010-08-29 13:38:16 | 000,000,232 | -H-- | M] () -- \sqmdata08.sqm
    [2010-08-29 19:31:16 | 000,000,232 | -H-- | M] () -- \sqmdata09.sqm
    [2010-07-21 19:51:50 | 000,000,232 | -H-- | M] () -- \sqmdata10.sqm
    [2010-07-21 21:26:39 | 000,000,232 | -H-- | M] () -- \sqmdata11.sqm
    [2010-07-23 22:27:32 | 000,000,232 | -H-- | M] () -- \sqmdata12.sqm
    [2010-07-26 17:21:43 | 000,000,232 | -H-- | M] () -- \sqmdata13.sqm
    [2010-07-27 22:05:09 | 000,000,232 | -H-- | M] () -- \sqmdata14.sqm
    [2010-07-29 20:30:23 | 000,000,232 | -H-- | M] () -- \sqmdata15.sqm
    [2010-07-30 12:50:32 | 000,000,232 | -H-- | M] () -- \sqmdata16.sqm
    [2010-07-30 19:53:17 | 000,000,232 | -H-- | M] () -- \sqmdata17.sqm
    [2010-07-31 16:01:22 | 000,000,232 | -H-- | M] () -- \sqmdata18.sqm
    [2010-08-05 18:49:50 | 000,000,232 | -H-- | M] () -- \sqmdata19.sqm
    [2010-08-06 17:35:16 | 000,000,244 | -H-- | M] () -- \sqmnoopt00.sqm
    [2010-08-07 12:26:26 | 000,000,244 | -H-- | M] () -- \sqmnoopt01.sqm
    [2010-08-07 17:26:46 | 000,000,244 | -H-- | M] () -- \sqmnoopt02.sqm
    [2010-08-08 13:38:18 | 000,000,244 | -H-- | M] () -- \sqmnoopt03.sqm
    [2010-08-09 16:57:08 | 000,000,244 | -H-- | M] () -- \sqmnoopt04.sqm
    [2010-08-09 22:34:40 | 000,000,244 | -H-- | M] () -- \sqmnoopt05.sqm
    [2010-08-12 12:56:02 | 000,000,244 | -H-- | M] () -- \sqmnoopt06.sqm
    [2010-08-12 13:22:27 | 000,000,244 | -H-- | M] () -- \sqmnoopt07.sqm
    [2010-08-29 13:38:16 | 000,000,244 | -H-- | M] () -- \sqmnoopt08.sqm
    [2010-08-29 19:31:16 | 000,000,244 | -H-- | M] () -- \sqmnoopt09.sqm
    [2010-07-21 19:51:50 | 000,000,244 | -H-- | M] () -- \sqmnoopt10.sqm
    [2010-07-21 21:26:39 | 000,000,244 | -H-- | M] () -- \sqmnoopt11.sqm
    [2010-07-23 22:27:32 | 000,000,244 | -H-- | M] () -- \sqmnoopt12.sqm
    [2010-07-26 17:21:43 | 000,000,244 | -H-- | M] () -- \sqmnoopt13.sqm
    [2010-07-27 22:05:09 | 000,000,244 | -H-- | M] () -- \sqmnoopt14.sqm
    [2010-07-29 20:30:23 | 000,000,244 | -H-- | M] () -- \sqmnoopt15.sqm
    [2010-07-30 12:50:31 | 000,000,244 | -H-- | M] () -- \sqmnoopt16.sqm
    [2010-07-30 19:53:17 | 000,000,244 | -H-- | M] () -- \sqmnoopt17.sqm
    [2010-07-31 16:01:22 | 000,000,244 | -H-- | M] () -- \sqmnoopt18.sqm
    [2010-08-05 18:49:50 | 000,000,244 | -H-- | M] () -- \sqmnoopt19.sqm
    [2009-07-16 15:10:38 | 000,212,992 | ---- | M] () -- \ssleay32.dll
    [2008-09-15 08:58:08 | 002,723,264 | ---- | M] () -- \vcredist_x86.exe
    [2008-09-15 08:58:10 | 000,077,824 | ---- | M] () -- \wnaspi32.dll
    [2008-09-15 08:57:58 | 000,299,008 | ---- | M] () -- \XMPFiles.dll
    [2008-09-15 08:57:58 | 000,327,680 | ---- | M] () -- \XMPToolkit.dll
    [2008-09-15 08:58:10 | 000,069,632 | ---- | M] () -- \zlib1.dll
    [2008-09-15 08:57:58 | 001,053,696 | ---- | M] () -- \_ISource30.dll
    [2008-09-15 08:57:58 | 000,081,920 | ---- | M] () -- \_SAFPX10.dll
    [2008-09-15 08:57:58 | 000,368,640 | ---- | M] () -- \_SAJ2K10.dll
    [2008-09-15 08:57:58 | 000,225,280 | ---- | M] () -- \_SARAW10.dll
     
  17. hansvanderveeke

    hansvanderveeke TS Rookie Topic Starter Posts: 16

    part 4

    < %SYSTEMDRIVE%\*.* >
    [2009-03-14 17:50:03 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2009-01-22 21:43:22 | 000,000,416 | ---- | M] () -- C:\38-index-4.4.6.txt
    [2009-05-09 20:27:15 | 000,000,674 | ---- | M] () -- C:\39-index-4.5.4.txt
    [2009-11-27 21:53:07 | 000,000,674 | ---- | M] () -- C:\39-index-4.5.8.txt
    [2010-01-10 16:05:07 | 000,000,674 | ---- | M] () -- C:\39-index-4.5.9.txt
    [2008-09-15 08:57:58 | 000,024,576 | ---- | M] (ashampoo) -- C:\ash_spti.dll
    [2008-10-01 10:29:44 | 000,966,656 | ---- | M] () -- C:\assistant.exe
    [2008-04-18 14:00:11 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2008-04-18 13:56:51 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010-08-29 20:19:58 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2001-09-07 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
    [2008-09-15 08:57:58 | 000,242,475 | ---- | M] () -- C:\ca-bundle.crt
    [2004-08-03 23:00:14 | 000,261,936 | ---- | M] () -- C:\cmldr
    [2010-09-01 17:24:25 | 000,011,217 | ---- | M] () -- C:\ComboFix.txt
    [2008-04-18 14:00:11 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2008-09-15 08:57:58 | 000,131,072 | ---- | M] () -- C:\fpxjpeg.dll
    [2009-03-27 19:05:00 | 000,000,154 | ---- | M] () -- C:\ident.xml
    [2008-04-18 14:00:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009-07-16 15:10:38 | 000,212,992 | ---- | M] (The cURL library, http://curl.haxx.se/) -- C:\libcurl.dll
    [2009-07-16 15:10:38 | 001,032,192 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\libeay32.dll
    [2008-09-15 08:58:00 | 000,319,488 | ---- | M] (http://hunspell.sourceforge.net/) -- C:\libhunspell.dll
    [2008-09-15 08:58:00 | 000,170,496 | ---- | M] () -- C:\libssh2.dll
    [2008-09-15 08:58:00 | 000,322,990 | ---- | M] () -- C:\libssl32.dll
    [2008-04-18 14:00:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004-08-03 22:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008-09-24 18:40:30 | 000,251,712 | RHS- | M] () -- C:\ntldr
    [2010-08-31 21:26:14 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2008-09-15 08:58:02 | 000,163,840 | ---- | M] (Pegasus Imaging Corporation) -- C:\picn1020.dll
    [2008-09-15 08:58:02 | 000,188,416 | ---- | M] (Pegasus Imaging Corporation) -- C:\picn1120.dll
    [2008-09-15 08:58:02 | 000,118,784 | ---- | M] (Pegasus Imaging Corporation) -- C:\picn1320.dll
    [2008-09-15 08:58:04 | 000,180,224 | ---- | M] (Pegasus Imaging Corp.) -- C:\picn20.dll
    [2008-09-15 08:58:04 | 000,159,744 | ---- | M] (Pegasus Imaging Corporation) -- C:\picn2720.dll
    [2008-09-15 08:58:06 | 001,511,424 | ---- | M] (Pegasus Imaging Corporation) -- C:\picn6620.dll
    [2008-09-15 08:58:06 | 001,507,328 | ---- | M] (Pegasus Imaging Corporation) -- C:\picn6720.dll
    [2009-11-27 13:48:00 | 005,558,272 | ---- | M] () -- C:\Pixum EasyBook.exe
    [2009-07-16 15:10:20 | 001,052,672 | ---- | M] () -- C:\QtCLucene4.dll
    [2009-07-16 15:10:22 | 002,076,672 | ---- | M] () -- C:\QtCore4.dll
    [2009-11-27 13:48:34 | 007,671,808 | ---- | M] () -- C:\QtGui4.dll
    [2009-07-16 15:10:32 | 000,413,696 | ---- | M] () -- C:\QtHelp4.dll
    [2009-07-16 15:10:32 | 000,921,600 | ---- | M] () -- C:\QtNetwork4.dll
    [2009-07-16 15:10:34 | 000,200,704 | ---- | M] () -- C:\QtSql4.dll
    [2009-07-16 15:10:34 | 000,270,336 | ---- | M] () -- C:\QtSvg4.dll
    [2009-07-16 15:10:34 | 009,318,400 | ---- | M] () -- C:\QtWebKit4.dll
    [2009-07-16 15:10:38 | 000,364,544 | ---- | M] () -- C:\QtXml4.dll
    [2008-09-15 08:57:56 | 000,450,560 | ---- | M] (RecDev GmbH) -- C:\RecDev.dll
    [2008-09-15 08:57:56 | 000,085,504 | ---- | M] (FotoNation Inc.) -- C:\RedEye.dll
    [2010-07-11 13:33:19 | 000,000,016 | ---- | M] () -- C:\RootRepeal report 07-11-10 (13-33-19).txt
    [2008-09-15 08:58:08 | 000,753,664 | ---- | M] (ashampoo Technology GmbH & Co KG) -- C:\sadw.dll
    [2008-09-15 08:58:08 | 000,380,928 | ---- | M] () -- C:\safpx.dll
    [2008-09-15 08:57:56 | 000,077,824 | ---- | M] (Smaller Animals Software, Inc) -- C:\SAFPXLB.dll
    [2008-09-15 08:57:56 | 000,147,456 | ---- | M] (RecDev GmbH) -- C:\SoftCore.dll
    [2010-08-06 17:35:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
    [2010-08-07 12:26:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
    [2010-08-07 17:26:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
    [2010-08-08 13:38:18 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
    [2010-08-09 16:57:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
    [2010-08-09 22:34:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
    [2010-08-12 12:56:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
    [2010-08-12 13:22:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
    [2010-08-29 13:38:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
    [2010-08-29 19:31:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
    [2010-07-21 19:51:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
    [2010-07-21 21:26:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
    [2010-07-23 22:27:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
    [2010-07-26 17:21:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
    [2010-07-27 22:05:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
    [2010-07-29 20:30:23 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
    [2010-07-30 12:50:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
    [2010-07-30 19:53:17 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
    [2010-07-31 16:01:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
    [2010-08-05 18:49:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
    [2010-08-06 17:35:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2010-08-07 12:26:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2010-08-07 17:26:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2010-08-08 13:38:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2010-08-09 16:57:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2010-08-09 22:34:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2010-08-12 12:56:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2010-08-12 13:22:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2010-08-29 13:38:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2010-08-29 19:31:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2010-07-21 19:51:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2010-07-21 21:26:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2010-07-23 22:27:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2010-07-26 17:21:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2010-07-27 22:05:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2010-07-29 20:30:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2010-07-30 12:50:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2010-07-30 19:53:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2010-07-31 16:01:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2010-08-05 18:49:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
    [2009-07-16 15:10:38 | 000,212,992 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\ssleay32.dll
    [2008-09-15 08:58:08 | 002,723,264 | ---- | M] (Microsoft Corporation) -- C:\vcredist_x86.exe
    [2008-09-15 08:58:10 | 000,077,824 | ---- | M] (RecDev GmbH) -- C:\wnaspi32.dll
    [2008-09-15 08:57:58 | 000,299,008 | ---- | M] () -- C:\XMPFiles.dll
    [2008-09-15 08:57:58 | 000,327,680 | ---- | M] () -- C:\XMPToolkit.dll
    [2008-09-15 08:58:10 | 000,069,632 | ---- | M] () -- C:\zlib1.dll
    [2008-09-15 08:57:58 | 001,053,696 | ---- | M] (Smaller Animals Software, Inc.) -- C:\_ISource30.dll
    [2008-09-15 08:57:58 | 000,081,920 | ---- | M] (Smaller Animals Software, Inc.) -- C:\_SAFPX10.dll
    [2008-09-15 08:57:58 | 000,368,640 | ---- | M] (Smaller Animals Software, Inc.) -- C:\_SAJ2K10.dll
    [2008-09-15 08:57:58 | 000,225,280 | ---- | M] (Smaller Animals Software, Inc.) -- C:\_SARAW10.dll

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2008-07-06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007-04-09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2006-10-26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.com >
    [2006-06-29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
    [2006-04-18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006-06-29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006-04-18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %systemroot%\*. /mp /s >


    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2008-04-18 15:34:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2008-04-18 15:34:34 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2008-04-18 15:34:34 | 000,430,080 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\user32.dll /md5 >
    [2008-04-14 19:02:44 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=4CF588D2F2363B73EB4AF57967D46DFF -- C:\WINDOWS\system32\user32.dll

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2008-04-14 19:02:45 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=520391367546218929749612ABFE840C -- C:\WINDOWS\system32\ws2_32.dll

    < %systemroot%\system32\ws2help.dll /md5 >
    [2008-04-14 19:02:45 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=7ED22EA6D840CD388BD68B68580468E1 -- C:\WINDOWS\system32\ws2help.dll

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-12 11:29:52

    < * >
    [2009-03-14 17:50:03 | 000,001,024 | ---- | M] () -- \.rnd
    [2009-01-22 21:43:22 | 000,000,416 | ---- | M] () -- \38-index-4.4.6.txt
    [2009-05-09 20:27:15 | 000,000,674 | ---- | M] () -- \39-index-4.5.4.txt
    [2009-11-27 21:53:07 | 000,000,674 | ---- | M] () -- \39-index-4.5.8.txt
    [2010-01-10 16:05:07 | 000,000,674 | ---- | M] () -- \39-index-4.5.9.txt
    [2008-09-15 08:57:58 | 000,024,576 | ---- | M] () -- \ash_spti.dll
    [2008-10-01 10:29:44 | 000,966,656 | ---- | M] () -- \assistant.exe
    [2008-04-18 14:00:11 | 000,000,000 | ---- | M] () -- \AUTOEXEC.BAT
    [2008-04-18 13:56:51 | 000,000,211 | ---- | M] () -- \Boot.bak
    [2010-08-29 20:19:58 | 000,000,281 | RHS- | M] () -- \boot.ini
    [2001-09-07 14:00:00 | 000,004,952 | RHS- | M] () -- \Bootfont.bin
    [2008-09-15 08:57:58 | 000,242,475 | ---- | M] () -- \ca-bundle.crt
    [2004-08-03 23:00:14 | 000,261,936 | ---- | M] () -- \cmldr
    [2010-09-01 17:24:25 | 000,011,217 | ---- | M] () -- \ComboFix.txt
    [2008-04-18 14:00:11 | 000,000,000 | ---- | M] () -- \CONFIG.SYS
    [2008-09-15 08:57:58 | 000,131,072 | ---- | M] () -- \fpxjpeg.dll
    [2009-03-27 19:05:00 | 000,000,154 | ---- | M] () -- \ident.xml
    [2008-04-18 14:00:11 | 000,000,000 | RHS- | M] () -- \IO.SYS
    [2009-07-16 15:10:38 | 000,212,992 | ---- | M] () -- \libcurl.dll
    [2009-07-16 15:10:38 | 001,032,192 | ---- | M] () -- \libeay32.dll
    [2008-09-15 08:58:00 | 000,319,488 | ---- | M] () -- \libhunspell.dll
    [2008-09-15 08:58:00 | 000,170,496 | ---- | M] () -- \libssh2.dll
    [2008-09-15 08:58:00 | 000,322,990 | ---- | M] () -- \libssl32.dll
    [2008-04-18 14:00:11 | 000,000,000 | RHS- | M] () -- \MSDOS.SYS
    [2004-08-03 22:38:34 | 000,047,564 | RHS- | M] () -- \NTDETECT.COM
    [2008-09-24 18:40:30 | 000,251,712 | RHS- | M] () -- \ntldr
    [2010-08-31 21:26:14 | 2145,386,496 | -HS- | M] () --
    [2008-09-15 08:58:02 | 000,163,840 | ---- | M] () -- \picn1020.dll
    [2008-09-15 08:58:02 | 000,188,416 | ---- | M] () -- \picn1120.dll
    [2008-09-15 08:58:02 | 000,118,784 | ---- | M] () -- \picn1320.dll
    [2008-09-15 08:58:04 | 000,180,224 | ---- | M] () -- \picn20.dll
    [2008-09-15 08:58:04 | 000,159,744 | ---- | M] () -- \picn2720.dll
    [2008-09-15 08:58:06 | 001,511,424 | ---- | M] () -- \picn6620.dll
    [2008-09-15 08:58:06 | 001,507,328 | ---- | M] () -- \picn6720.dll
    [2009-11-27 13:48:00 | 005,558,272 | ---- | M] () -- \Pixum EasyBook.exe
    [2009-07-16 15:10:20 | 001,052,672 | ---- | M] () -- \QtCLucene4.dll
    [2009-07-16 15:10:22 | 002,076,672 | ---- | M] () -- \QtCore4.dll
    [2009-11-27 13:48:34 | 007,671,808 | ---- | M] () -- \QtGui4.dll
    [2009-07-16 15:10:32 | 000,413,696 | ---- | M] () -- \QtHelp4.dll
    [2009-07-16 15:10:32 | 000,921,600 | ---- | M] () -- \QtNetwork4.dll
    [2009-07-16 15:10:34 | 000,200,704 | ---- | M] () -- \QtSql4.dll
    [2009-07-16 15:10:34 | 000,270,336 | ---- | M] () -- \QtSvg4.dll
    [2009-07-16 15:10:34 | 009,318,400 | ---- | M] () -- \QtWebKit4.dll
    [2009-07-16 15:10:38 | 000,364,544 | ---- | M] () -- \QtXml4.dll
    [2008-09-15 08:57:56 | 000,450,560 | ---- | M] () -- \RecDev.dll
    [2008-09-15 08:57:56 | 000,085,504 | ---- | M] () -- \RedEye.dll
    [2010-07-11 13:33:19 | 000,000,016 | ---- | M] () -- \RootRepeal report 07-11-10 (13-33-19).txt
    [2008-09-15 08:58:08 | 000,753,664 | ---- | M] () -- \sadw.dll
    [2008-09-15 08:58:08 | 000,380,928 | ---- | M] () -- \safpx.dll
    [2008-09-15 08:57:56 | 000,077,824 | ---- | M] () -- \SAFPXLB.dll
    [2008-09-15 08:57:56 | 000,147,456 | ---- | M] () -- \SoftCore.dll
    [2010-08-06 17:35:16 | 000,000,232 | -H-- | M] () -- \sqmdata00.sqm
    [2010-08-07 12:26:26 | 000,000,232 | -H-- | M] () -- \sqmdata01.sqm
    [2010-08-07 17:26:46 | 000,000,232 | -H-- | M] () -- \sqmdata02.sqm
    [2010-08-08 13:38:18 | 000,000,232 | -H-- | M] () -- \sqmdata03.sqm
    [2010-08-09 16:57:08 | 000,000,232 | -H-- | M] () -- \sqmdata04.sqm
    [2010-08-09 22:34:41 | 000,000,232 | -H-- | M] () -- \sqmdata05.sqm
    [2010-08-12 12:56:02 | 000,000,232 | -H-- | M] () -- \sqmdata06.sqm
    [2010-08-12 13:22:27 | 000,000,232 | -H-- | M] () -- \sqmdata07.sqm
    [2010-08-29 13:38:16 | 000,000,232 | -H-- | M] () -- \sqmdata08.sqm
    [2010-08-29 19:31:16 | 000,000,232 | -H-- | M] () -- \sqmdata09.sqm
    [2010-07-21 19:51:50 | 000,000,232 | -H-- | M] () -- \sqmdata10.sqm
    [2010-07-21 21:26:39 | 000,000,232 | -H-- | M] () -- \sqmdata11.sqm
    [2010-07-23 22:27:32 | 000,000,232 | -H-- | M] () -- \sqmdata12.sqm
    [2010-07-26 17:21:43 | 000,000,232 | -H-- | M] () -- \sqmdata13.sqm
    [2010-07-27 22:05:09 | 000,000,232 | -H-- | M] () -- \sqmdata14.sqm
    [2010-07-29 20:30:23 | 000,000,232 | -H-- | M] () -- \sqmdata15.sqm
    [2010-07-30 12:50:32 | 000,000,232 | -H-- | M] () -- \sqmdata16.sqm
    [2010-07-30 19:53:17 | 000,000,232 | -H-- | M] () -- \sqmdata17.sqm
    [2010-07-31 16:01:22 | 000,000,232 | -H-- | M] () -- \sqmdata18.sqm
    [2010-08-05 18:49:50 | 000,000,232 | -H-- | M] () -- \sqmdata19.sqm
    [2010-08-06 17:35:16 | 000,000,244 | -H-- | M] () -- \sqmnoopt00.sqm
    [2010-08-07 12:26:26 | 000,000,244 | -H-- | M] () -- \sqmnoopt01.sqm
    [2010-08-07 17:26:46 | 000,000,244 | -H-- | M] () -- \sqmnoopt02.sqm
    [2010-08-08 13:38:18 | 000,000,244 | -H-- | M] () -- \sqmnoopt03.sqm
    [2010-08-09 16:57:08 | 000,000,244 | -H-- | M] () -- \sqmnoopt04.sqm
    [2010-08-09 22:34:40 | 000,000,244 | -H-- | M] () -- \sqmnoopt05.sqm
    [2010-08-12 12:56:02 | 000,000,244 | -H-- | M] () -- \sqmnoopt06.sqm
    [2010-08-12 13:22:27 | 000,000,244 | -H-- | M] () -- \sqmnoopt07.sqm
    [2010-08-29 13:38:16 | 000,000,244 | -H-- | M] () -- \sqmnoopt08.sqm
    [2010-08-29 19:31:16 | 000,000,244 | -H-- | M] () -- \sqmnoopt09.sqm
    [2010-07-21 19:51:50 | 000,000,244 | -H-- | M] () -- \sqmnoopt10.sqm
    [2010-07-21 21:26:39 | 000,000,244 | -H-- | M] () -- \sqmnoopt11.sqm
    [2010-07-23 22:27:32 | 000,000,244 | -H-- | M] () -- \sqmnoopt12.sqm
    [2010-07-26 17:21:43 | 000,000,244 | -H-- | M] () -- \sqmnoopt13.sqm
    [2010-07-27 22:05:09 | 000,000,244 | -H-- | M] () -- \sqmnoopt14.sqm
    [2010-07-29 20:30:23 | 000,000,244 | -H-- | M] () -- \sqmnoopt15.sqm
    [2010-07-30 12:50:31 | 000,000,244 | -H-- | M] () -- \sqmnoopt16.sqm
    [2010-07-30 19:53:17 | 000,000,244 | -H-- | M] () -- \sqmnoopt17.sqm
    [2010-07-31 16:01:22 | 000,000,244 | -H-- | M] () -- \sqmnoopt18.sqm
    [2010-08-05 18:49:50 | 000,000,244 | -H-- | M] () -- \sqmnoopt19.sqm
    [2009-07-16 15:10:38 | 000,212,992 | ---- | M] () -- \ssleay32.dll
    [2008-09-15 08:58:08 | 002,723,264 | ---- | M] () -- \vcredist_x86.exe
    [2008-09-15 08:58:10 | 000,077,824 | ---- | M] () -- \wnaspi32.dll
    [2008-09-15 08:57:58 | 000,299,008 | ---- | M] () -- \XMPFiles.dll
    [2008-09-15 08:57:58 | 000,327,680 | ---- | M] () -- \XMPToolkit.dll
    [2008-09-15 08:58:10 | 000,069,632 | ---- | M] () -- \zlib1.dll
    [2008-09-15 08:57:58 | 001,053,696 | ---- | M] () -- \_ISource30.dll
    [2008-09-15 08:57:58 | 000,081,920 | ---- | M] () -- \_SAFPX10.dll
    [2008-09-15 08:57:58 | 000,368,640 | ---- | M] () -- \_SAJ2K10.dll
    [2008-09-15 08:57:58 | 000,225,280 | ---- | M] () -- \_SARAW10.dll
    < End of report >
     
  18. hansvanderveeke

    hansvanderveeke TS Rookie Topic Starter Posts: 16

    and the extras.log part 1 of 2

    OTL Extras logfile created on: 2-9-2010 19:43:43 - Run 1
    OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Hans\Bureaublad
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 79,00% Memory free
    5,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 97,65 Gb Total Space | 60,93 Gb Free Space | 62,40% Space Free | Partition Type: NTFS
    Drive D: | 195,31 Gb Total Space | 173,78 Gb Free Space | 88,98% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive S: | 172,79 Gb Total Space | 90,53 Gb Free Space | 52,39% Space Free | Partition Type: NTFS

    Computer Name: DE-STILLE
    Current User Name: Hans
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- C:\Documents and Settings\Hans\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Directory [Pixum EasyBook] -- "C:\Pixum EasyBook.exe" "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
    "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
    "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
    "C:\Program Files\VMware\VMware Workstation\vmware-authd.exe" = C:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)
    "C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
    "{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{220C5102-2566-337F-9E9B-C81C5C761BA2}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - NLD
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
    "{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{4277D135-5E38-4A5C-B5FB-F6EA03B72283}" = calibre
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{58FA5D40-E35A-47ED-8AFA-68CCC758559E}" = Garmin MapSource
    "{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
    "{7E1FBCB0-500C-4A0D-AC9C-B1B76E75666B}" = Windows Live aanmeldhulp
    "{7FF37D98-A8A1-4C24-860B-C0D20E601A6E}" = FotoTime FotoAlbum Pro
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{88AD4F45-AF1E-4A47-A9CE-8A542C6B3728}" = MapSource - European City Select v6
    "{8C788975-88ED-3C52-A188-6C944E9BD07D}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - NLD
    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0010-0413-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Dutch) 12
    "{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
    "{90120000-0015-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
    "{90120000-0016-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
    "{90120000-0018-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
    "{90120000-0019-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
    "{90120000-001A-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
    "{90120000-001B-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
    "{90120000-001F-0413-0000-0000000FF1CE}_ENTERPRISE_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
    "{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
    "{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
    "{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007
    "{90120000-0044-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
    "{90120000-006E-0413-0000-0000000FF1CE}_ENTERPRISE_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
     
  19. hansvanderveeke

    hansvanderveeke TS Rookie Topic Starter Posts: 16

    extras.log part2

    "{90120000-00A1-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2007
    "{90120000-00BA-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}" = Windows Live Messenger
    "{A258173E-F308-475A-951B-F1BF76A4451B}" = Windows Live installer
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A395750A-78D7-36D1-A59D-1A0B601D4BDC}" = Microsoft .NET Framework 3.5 Language Pack - nld
    "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
    "{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1043-7B44-A82000000003}" = Adobe Reader 8.2.4 - Nederlands
    "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
    "{B116E95E-01B1-420A-AECB-B2B330B9BD97}" = Polar Precision Performance SW
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
    "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CFE90F8E-17F5-434C-8446-E4BAD4C851EA}" = MapSource - City Select Europe v7 Update
    "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
    "{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}" = Garmin POI Loader
    "{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
    "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
    "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F5F6A0E6-77EE-49C3-85B5-BD3B435F35CC}_is1" = Onroute Fietskaart Nederland 1.62
    "{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}" = Garmin Communicator Plugin
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "Aangifte inkomstenbelasting 2008" = Aangifte inkomstenbelasting 2008
    "Aangifte inkomstenbelasting 2009" = Aangifte inkomstenbelasting 2009
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "Adobe_131f70761d1fd2ae00481a75aed0ccc" = Adobe Photoshop CS3
    "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
    "Album Art Downloader XUI" = Album Art Downloader XUI 0.21
    "Blokker_is1" = Blokker V1.5.1.3
    "CobBackup9" = Cobian Backup 9
    "CutePDF Writer Installation" = CutePDF Writer 2.7
    "Digital Editions" = Adobe Digital Editions
    "DVD Shrink_is1" = DVD Shrink 3.2
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "EPSON Printer and Utilities" = EPSON Printer Software
    "ESET Online Scanner" = ESET Online Scanner v3
    "Exact Audio Copy" = Exact Audio Copy 0.99pb3
    "Garmin TOPO Nederland_is1" = Garmin TOPO Nederland
    "GrabIt_is1" = GrabIt 1.7.2 Beta 3 (build 996)
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{88AD4F45-AF1E-4A47-A9CE-8A542C6B3728}" = MapSource - European City Select v6
    "InstallShield_{CFE90F8E-17F5-434C-8446-E4BAD4C851EA}" = MapSource - City Select Europe v7 Update
    "IrfanView" = IrfanView (remove only)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Matrix Code Emulator_is1" = Matrix Code Emulator 1.50
    "Microsoft .NET Framework 3.5 Language Pack - nld" = Taalpakket voor Microsoft .NET Framework 3.5 - NL
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mp3tag" = Mp3tag v2.41
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
    "Picasa 3" = Picasa 3
    "PoiEdit" = PoiEdit
    "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
    "PTAssembler_is1" = PTAssembler
    "SSC Service Utility_is1" = SSC Service Utility v4.30
    "TeamViewer 3" = TeamViewer 3
    "TweakNow RegCleaner_is1" = TweakNow RegCleaner
    "WebDesigner" = Microsoft Expression Web
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinGDB3" = WinGDB3 3.42
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11-7-2010 3:59:34 | Computer Name = DE-STILLE | Source = crypt32 | ID = 131083
    Description = Het uitpakken van een basislijst uit de cab voor automatische updates
    is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    met de fout: Een vereist certificaat valt niet binnen de geldigheidsperiode als
    gekeken wordt naar de huidige systeemklok of de tijdstempel in het ondertekende
    bestand.

    Error - 11-7-2010 3:59:34 | Computer Name = DE-STILLE | Source = crypt32 | ID = 131083
    Description = Het uitpakken van een basislijst uit de cab voor automatische updates
    is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    met de fout: Een vereist certificaat valt niet binnen de geldigheidsperiode als
    gekeken wordt naar de huidige systeemklok of de tijdstempel in het ondertekende
    bestand.

    Error - 11-7-2010 16:10:45 | Computer Name = DE-STILLE | Source = McLogEvent | ID = 259
    Description = Er zijn detecties gevonden. Scanprogrammaversie 5400.1158 met DAT-versie
    6040.

    Error - 13-7-2010 15:02:57 | Computer Name = DE-STILLE | Source = vmauthd | ID = 100
    Description = Cannot connect to VMX: S:\Virtual machines\workstation\workstation.vmx



    Error - 17-8-2010 12:42:03 | Computer Name = DE-STILLE | Source = Application Hang | ID = 1002
    Description = Vastgelopen toepassing: MyMoza.exe, versie: 0.0.0.0, vastgelopen module:
    hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

    Error - 21-8-2010 15:22:57 | Computer Name = DE-STILLE | Source = vmauthd | ID = 100
    Description = Cannot connect to VMX: S:\Virtual machines\workstation\workstation.vmx



    Error - 25-8-2010 14:55:00 | Computer Name = DE-STILLE | Source = vmauthd | ID = 100
    Description = Cannot connect to VMX: S:\Virtual machines\workstation\workstation.vmx



    Error - 29-8-2010 8:38:56 | Computer Name = DE-STILLE | Source = vmauthd | ID = 100
    Description = Cannot connect to VMX: S:\Virtual machines\workstation\workstation.vmx



    Error - 29-8-2010 14:24:02 | Computer Name = DE-STILLE | Source = McLogEvent | ID = 259
    Description = In het bestand C:\DOCUME~1\Hans\LOCALS~1\Temp\Av-test.txt is EICAR
    test file Testen aangetroffen. De opschoonfunctie is niet beschikbaar. Het bestand
    is verwijderd. Gedetecteerd met behulp van scanprogramma versie 5400.1158 met DAT-versie
    6089.0000.

    Error - 31-8-2010 12:44:11 | Computer Name = DE-STILLE | Source = vmauthd | ID = 100
    Description = Cannot connect to VMX: S:\Virtual machines\workstation\workstation.vmx



    [ OSession Events ]
    Error - 1-8-2008 10:36:45 | Computer Name = DE-STILLE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3697
    seconds with 540 seconds of active time. This session ended with a crash.

    Error - 29-8-2008 15:26:29 | Computer Name = DE-STILLE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
    12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 88890
    seconds with 480 seconds of active time. This session ended with a crash.

    Error - 19-9-2008 14:43:54 | Computer Name = DE-STILLE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
    12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 170990
    seconds with 1860 seconds of active time. This session ended with a crash.

    Error - 11-10-2008 14:30:15 | Computer Name = DE-STILLE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
    12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 560
    seconds with 120 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 30-8-2010 14:34:34 | Computer Name = DE-STILLE | Source = Print | ID = 23
    Description = Kan printer Easy PDF Creator niet initialiseren, omdat geen geschikt
    Easy PDF Creator stuurprogramma werd aangetroffen.

    Error - 30-8-2010 14:34:54 | Computer Name = DE-STILLE | Source = Service Control Manager | ID = 7023
    Description = De HID Input Service-service is gestopt met de volgende foutcode:
    %%126.

    Error - 30-8-2010 15:48:25 | Computer Name = DE-STILLE | Source = Print | ID = 23
    Description = Kan printer Easy PDF Creator niet initialiseren, omdat geen geschikt
    Easy PDF Creator stuurprogramma werd aangetroffen.

    Error - 30-8-2010 15:48:52 | Computer Name = DE-STILLE | Source = Service Control Manager | ID = 7023
    Description = De HID Input Service-service is gestopt met de volgende foutcode:
    %%126.

    Error - 30-8-2010 16:15:35 | Computer Name = DE-STILLE | Source = Dhcp | ID = 1000
    Description = Uw computer heeft de lease verloren van het IP-adres 192.168.2.30
    op de netwerkkaart met netwerkadres 001CC033FED6.

    Error - 31-8-2010 15:26:20 | Computer Name = DE-STILLE | Source = Print | ID = 23
    Description = Kan printer Easy PDF Creator niet initialiseren, omdat geen geschikt
    Easy PDF Creator stuurprogramma werd aangetroffen.

    Error - 31-8-2010 15:26:46 | Computer Name = DE-STILLE | Source = Service Control Manager | ID = 7023
    Description = De HID Input Service-service is gestopt met de volgende foutcode:
    %%126.

    Error - 1-9-2010 11:12:46 | Computer Name = DE-STILLE | Source = Dhcp | ID = 1000
    Description = Uw computer heeft de lease verloren van het IP-adres 192.168.2.30
    op de netwerkkaart met netwerkadres 001CC033FED6.

    Error - 1-9-2010 12:46:33 | Computer Name = DE-STILLE | Source = Dhcp | ID = 1000
    Description = Uw computer heeft de lease verloren van het IP-adres 192.168.2.30
    op de netwerkkaart met netwerkadres 001CC033FED6.

    Error - 2-9-2010 12:46:11 | Computer Name = DE-STILLE | Source = Dhcp | ID = 1000
    Description = Uw computer heeft de lease verloren van het IP-adres 192.168.2.30
    op de netwerkkaart met netwerkadres 001CC033FED6.


    < End of report >


    Thanks again!

    I wonder: Is there something I can read to understand what we are actually doing?
     
  20. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Well, we've been running different tools to find out, if your computer is clean.

    OTL log is perfectly clean.

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
  21. hansvanderveeke

    hansvanderveeke TS Rookie Topic Starter Posts: 16

    Logs

    Ok, here are the logs. First the chekup.log


    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    ESET Online Scanner v3
    McAfee VirusScan Enterprise
    McAfee Agent
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    TweakNow RegCleaner
    Java(TM) 6 Update 21
    Adobe Flash Player 10.0.45.2
    Adobe Reader 8.2.4 - Nederlands
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    McAfee VirusScan Enterprise SHSTAT.EXE
    McAfee VirusScan Enterprise EngineServer.exe
    McAfee VirusScan Enterprise VsTskMgr.exe
    McAfee VirusScan Enterprise Mcshield.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````


    And the Kaspersky.log


    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Friday, September 3, 2010
    Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Friday, September 03, 2010 07:35:37
    Records in database: 4183813
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    S:\
    Z:\

    Scan statistics:
    Objects scanned: 109674
    Threats found: 3
    Infected objects found: 3
    Suspicious objects found: 0
    Scan duration: 02:54:36


    File name / Threat / Threats count
    C:\Qoobox\Quarantine\MBR_HardDisk0.mbr Infected: Trojan-Clicker.Win32.Wistler.a 1
    D:\Voor een CD\Keyfinder\keyfinder.exe Infected: not-a-virus:pSWTool.Win32.RAS.g 1
    D:\Voor een CD\Keyfinder\keyfinder.exe Infected: not-a-virus:pSWTool.Win32.RAS.a 1

    Selected area has been scanned.



    Aparently some infections still exists.

    Hans
     
  22. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

    =======================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
     
  23. hansvanderveeke

    hansvanderveeke TS Rookie Topic Starter Posts: 16

    Broni,

    Thanks very much. You're the best. As a softwar engineer I knew a lot about computers already but you managed to educate me more.
    I have completed all the steps and installed the recommended software.
    This was the OTL log, in case it is important.


    All processes killed
    Error: Unable to interpret <Code:> in the current context!
    Error: Unable to interpret <---------> in the current context!
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Hans
    ->Temp folder emptied: 108955112 bytes
    ->Temporary Internet Files folder emptied: 51915019 bytes
    ->Java cache emptied: 128094 bytes
    ->Google Chrome cache emptied: 81720576 bytes
    ->Flash cache emptied: 963 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 71873085 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 20007786 bytes

    Total Files Cleaned = 319,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User

    User: Hans
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    Total Flash Files Cleaned = 0,00 mb

    Restore points cleared and new OTL Restore Point set!
    Error: Unable to interpret <---------> in the current context!

    OTL by OldTimer - Version 3.2.11.0 log created on 09042010_142952

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...



    Thanks again very much. The coputer is running fine now. No more popups and other stuff.
     
  24. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...