TechSpot

Slow PC after malware removal

By Obsidian1982
Aug 16, 2012
Post New Reply
  1. Hello broni. I have noticed that since the clean up I have done, my pc has become slower. Once I start my pc, I see a black screen with the white bar on the third option: start in normal mode, just for a sec. This never happened before. Opening up a video editing program makes youtube videos choppy and stutter. This also never happened before. Please be in mind that this is the case even after shutting down running programs that you recommended.

    Could this mean that my pc is re-infected? Looking forward to hearing from you.​
     
  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 20,927   +167

    "Could this mean that my PC is re-infected? Looking forward to hearing from you"... This could indicate that some critical system files were damaged by the malware infection. If you haven't backed up important files, I suggest that you do that now. Sometimes running Combofix can cure this, but since Broni helped you with the cleaning, he is available here:
    http://www.techspot.com/community/forums/virus-and-malware-removal.28/
    Are you able to install Windows fresh if you have to?
     
  3. Obsidian1982

    Obsidian1982 TS Rookie Topic Starter Posts: 19

    I posted a new forum there but it got removed for some reason. Could be an accident. Can you give me a hand with this? And no, I am not able to re-install my windows.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You still have malware. I see quite a few entries in the DDS log you ran that need to be removed. I can remove those and other undesirable entries using script in Combofix as suggested.

    You may remember that Combofix won't run with AVG. You will need to temporarily uninstall AVG as follows:

    Download AppRemoverand save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear: (image courtesy billmullins.wordpress.)
      [​IMG]
    5. Check the AVG program you want to uninstall
    6. Click on Next after choice has been made
    7. After uninstall shows complete, follow online prompts to Exit the program.
    Temporary AV: Use one:
    Microsoft Security Essentials
    Comodo AV
    Avast! Free Antivirus
    =============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      Note: No query will be made if the Recovery Console is already on the system.
    • Close any open browsers.
    • Before you run the Combofix scan, please disable any security software you have running.
      (If you need help with this, please see HERE)
    • Click on Yes, to continue scanning for malware
    • If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Please paste the Combofix log in your next reply. I'll review it and set up the script for the removals.

    For instance: Your Start page: klit.startnow.com
    Per the WOT Site Advisor:
    There are also additional entries for the AskBar that need to be removed.

    As for the black desktop: if either of the following apply, use them:
    Correct Display Changes if needed:
    If the desktop background is black or if the theme has been removed:
    • For Windows XP: Click on Start> Control Panel> Display> change theme and/or background if needed.
    • For Windows Vista or Windows 7: Click on Start> Control Panel> Appearance & Personalization> Select Change Theme or Change Desktop Background
    =====================================
    Some items may not show on the Start menu. To add them back:
    • Right click on Start> Properties
    • Taskbar and Start Menu Properties screen appears
    • choose Start Menu tab> Click on Customize
    • For Windows XP> Choose Advanced tab
    • Check the items you want back on the Start Menu
    • When finished> click on OK> Apply and close.
    Can you tell me what this is? D:\P R O J E C T\quran\rm3hhv1t.exe
     
  5. Tmagic650

    Tmagic650 TS Ambassador Posts: 20,927   +167

    Thanks Bobbye :)
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You're welcome. Combofix might also find and remove some other entries.
     
  7. Obsidian1982

    Obsidian1982 TS Rookie Topic Starter Posts: 19

    Hello, thanx for the assistance. Here is the combofix log:

    ComboFix 12-08-20.02 - User 20-08-2012 19:51:43.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3071.2593 [GMT 2:00]
    Gestart vanuit: d:\p r o j e c t\MIC CHECK\ComboFix.exe
    FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
    c:\program files\Mozilla Firefox\searchplugins\search.xml
    c:\windows\system32\Cache
    c:\windows\system32\Cache\272512937d9e61a4.fb
    c:\windows\system32\Cache\287204568329e189.fb
    c:\windows\system32\Cache\28bc8f716fd76a47.fb
    c:\windows\system32\Cache\2c53092c95605355.fb
    c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
    c:\windows\system32\Cache\32c84fe32bb74d60.fb
    c:\windows\system32\Cache\3917078cb68ec657.fb
    c:\windows\system32\Cache\590ba23ce359fd0c.fb
    c:\windows\system32\Cache\610289e025a3ee9a.fb
    c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
    c:\windows\system32\Cache\6aedd7562a23bdf2.fb
    c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
    c:\windows\system32\Cache\6d03dad1035885d3.fb
    c:\windows\system32\Cache\a8556537add6dfc5.fb
    c:\windows\system32\Cache\ad10a52aff5e038d.fb
    c:\windows\system32\Cache\c1fa887b03019701.fb
    c:\windows\system32\Cache\c4d28dca2e7648be.fb
    c:\windows\system32\Cache\d201ef9910cd39de.fb
    c:\windows\system32\Cache\d2e94710a5708128.fb
    c:\windows\system32\Cache\d79b9dfe81484ec4.fb
    c:\windows\system32\Cache\f998975c9cc711ee.fb
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-07-20 to 2012-08-20 ))))))))))))))))))))))))))))))
    .
    .
    2012-08-16 01:15 . 2012-08-16 01:15 -------- d-----w- c:\documents and settings\User\Application Data\Sony
    2012-08-16 01:03 . 2012-08-20 17:40 -------- d--h--r- c:\documents and settings\User\Onlangs geopend
    2012-08-08 01:08 . 2012-08-08 01:08 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Sun
    2012-08-06 20:46 . 2012-08-06 20:46 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Secunia PSI
    2012-08-06 20:45 . 2012-08-06 20:45 -------- d-----w- c:\program files\Secunia
    2012-08-04 22:54 . 2012-08-04 22:54 -------- d-----w- c:\documents and settings\User\Application Data\addpcs
    2012-08-04 22:46 . 2012-08-04 22:46 -------- d-----w- c:\program files\Microsoft.NET
    2012-08-04 22:45 . 2012-08-04 22:53 -------- d-----w- c:\program files\Temp File Cleaner
    2012-08-04 22:44 . 2012-08-04 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\blekko toolbars
    2012-08-04 22:44 . 2012-08-04 22:44 -------- d-----w- c:\documents and settings\User\Application Data\blekkotb_031
    2012-08-04 22:44 . 2012-08-04 22:44 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\blekkotb_031
    2012-08-04 22:44 . 2012-08-04 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor
    2012-08-04 22:11 . 2012-08-04 22:11 -------- d-----w- c:\program files\Common Files\Java
    2012-08-04 22:10 . 2012-08-04 22:10 -------- d-----w- c:\program files\Oracle
    2012-08-04 22:10 . 2012-08-04 22:10 -------- d-----w- c:\documents and settings\User\Application Data\Oracle
    2012-08-04 22:10 . 2012-07-05 20:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-08-04 14:32 . 2012-08-20 17:36 -------- d-----w- c:\windows\system32\drivers\AVG
    2012-07-25 12:21 . 2012-07-25 12:21 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
    2012-07-25 12:20 . 2012-07-25 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-07-25 12:20 . 2012-07-25 12:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-07-25 12:20 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-15 03:28 . 2012-04-04 11:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-15 03:28 . 2011-05-19 09:28 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-06 20:50 . 2012-04-03 17:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-07-06 13:58 . 2008-04-14 20:32 78336 ----a-w- c:\windows\system32\browser.dll
    2012-07-05 20:06 . 2011-04-28 16:55 687544 -c--a-w- c:\windows\system32\deployJava1.dll
    2012-07-04 14:05 . 2011-04-26 12:05 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 18:23 . 2008-04-14 20:05 1866240 ----a-w- c:\windows\system32\win32k.sys
    2012-07-02 17:38 . 2008-04-14 20:32 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-07-02 17:38 . 2008-04-14 20:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-07-02 17:38 . 2008-04-14 20:32 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-07-02 12:05 . 2008-04-14 20:05 385024 ------w- c:\windows\system32\html.iec
    2012-06-25 18:00 . 2012-07-02 17:28 79872 ----a-w- c:\windows\system32\ff_vfw.dll
    2012-06-09 17:21 . 2011-06-11 10:58 178688 ----a-w- c:\windows\system32\unrar.dll
    2012-06-05 15:49 . 2008-04-14 20:32 1372672 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-05 15:49 . 2008-04-14 20:32 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32 . 2008-04-14 20:32 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 13:19 . 2009-08-06 17:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 13:19 . 2011-04-26 12:07 329240 ----a-w- c:\windows\system32\wucltui.dll
    2012-06-02 13:19 . 2011-04-26 12:07 210968 ----a-w- c:\windows\system32\wuweb.dll
    2012-06-02 13:19 . 2011-04-26 12:07 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 13:19 . 2011-04-26 12:07 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 13:19 . 2011-04-26 12:07 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 13:19 . 2009-08-06 17:24 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 13:19 . 2008-04-14 20:32 97304 ----a-w- c:\windows\system32\cdm.dll
    2012-06-02 13:19 . 2009-08-06 17:24 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 13:19 . 2011-04-26 12:07 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 13:19 . 2009-08-06 17:23 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 13:19 . 2011-04-26 12:07 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 13:19 . 2009-08-06 17:23 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 13:19 . 2011-05-04 08:24 18160 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-06-02 13:18 . 2011-05-04 08:24 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 13:18 . 2011-05-04 08:24 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-05-31 13:22 . 2008-04-14 20:32 602624 ----a-w- c:\windows\system32\crypt32.dll
    2012-07-14 00:15 . 2012-08-10 00:24 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-21 39408]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
    "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
    "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-04 103720]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
    "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
    "BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2009-09-01 75048]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\User\Menu Start\Programma's\Opstarten\
    Dropbox.lnk - c:\documents and settings\User\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [N/A]
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-7-25 572000]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
    "c:\\Documents and Settings\\User\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/04/27 10:17];c:\program files\CyberLink\PowerDVD9\000.fcl [1-9-2009 16:59 87536]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [25-7-2012 14:20 655944]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [25-7-2012 10:46 1326176]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [25-7-2012 10:46 681056]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [25-7-2012 14:20 22344]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [1-9-2010 10:30 15544]
    S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21-6-2011 18:34 135664]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13-7-2012 13:28 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4-4-2012 13:44 250056]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [21-6-2011 18:34 135664]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [10-8-2012 2:24 113120]
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 03:28]
    .
    2012-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
    .
    2012-02-03 c:\windows\Tasks\expressburnShakeIcon.job
    - c:\program files\NCH Software\ExpressBurn\expressburn.exe [2012-01-22 18:31]
    .
    2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-21 16:34]
    .
    2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-21 16:34]
    .
    2012-05-15 c:\windows\Tasks\videopadShakeIcon.job
    - c:\program files\NCH Software\VideoPad\videopad.exe [2012-01-29 23:26]
    .
    2012-08-11 c:\windows\Tasks\wavepadShakeIcon.job
    - c:\program files\NCH Software\WavePad\wavepad.exe [2012-01-22 21:36]
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=83810626649BBA6C303F9A501DA5D899&tbp=homepage
    mSearch Bar = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\t0vs285m.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1341485456&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx%3Frru%3Dinbox%26wa%3Dwsignin1.0&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1|http://www.youtube.com/user/Nebulous1982?feature=mhum
    FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={5E216714-5DC2-47F0-B250-CCED68078D75}&mid=dbf427c8a6b647d1aaebd15dc3a4a1d8-df0f0bc1345b559d18ac1897f1f9853433241d27&lang=en&ds=AVG&pr=fr&d=2012-08-20 18:51&v=12.2.0.5&sap=ku&q=
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
    AddRemove-Xilisoft Video Converter Platinum - c:\program files\Xilisoft\Video Converter Platinum\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-08-20 19:56
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen ...
    .
    scannen van verborgen autostart items ...
    .
    scannen van verborgen bestanden ...
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_USERS\S-1-5-21-602162358-2025429265-1606980848-500\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (Administrator)
    "{99079A25-328F-4BD4-BE04-00955ACAA0A7}"=hex:51,66,7a,6c,4c,1d,3b,1b,35,82,15,
    82,b9,67,b9,05,a7,07,5f,ca,5a,8b,e0,bf
    "{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}"=hex:51,66,7a,6c,4c,1d,3b,1b,d5,de,1f,
    bf,e6,2c,c5,02,b8,86,d0,a6,89,ee,51,0d
    "{9D717F81-9148-4F12-8568-69135F087DB0}"=hex:51,66,7a,6c,4c,1d,3b,1b,91,67,63,
    86,7e,c4,7f,01,9c,6b,36,4c,5f,49,3d,a8
    .
    Voltooingstijd: 2012-08-20 19:58:26
    ComboFix-quarantined-files.txt 2012-08-20 17:58
    .
    Pre-Run: 13.717.622.784 bytes beschikbaar
    Post-Run: 13.769.052.160 bytes beschikbaar
    .
    - - End Of File - - 39CC529E363E6D4FDF7F6F605AA9203F

    The file you asked about is GMER set up file.
     
  8. Tmagic650

    Tmagic650 TS Ambassador Posts: 20,927   +167

    So how is the PC running now?
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, there are quite a few removals to set up. Question: Did you buy the Malwarebytes program or are you still using the one from the link in our malware steps?

    TMagic, he is carrying around a lot of processes that need to be removed. But Combofix works 2 ways: 1. will find and quarantine/delete some entries and 2. will show other entries to be removed through the script. He will be better after #2.
     
  10. Tmagic650

    Tmagic650 TS Ambassador Posts: 20,927   +167

    That's good, I've used Combofix in these instances and I have noticed that about 50% of the time, it works fine. The other 50% of the time, it is clean Windows installs after a full format for me. Of course, my customer's are okay with that :) Thanks again for your help here
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Firefox Keyword Reset:
    • Open FireFox and instead of a url, type about:config in the Address Bar.
    • Firefox will give you a warning, but go in anyway.
    • Locate the keyword.url line. It should look like the image below.
      [​IMG]
    • Right click on keyword.url, then select Reset
    ==============================

    *SNIPPED COMBOFIX SCRIPT* ~DMJ


    NOTE: In the scan below, you will not remove processes found. Please be sure to observe that line. I will handle them.


    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exe link and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

    Both logs in next reply please.
     
     
  12. Obsidian1982

    Obsidian1982 TS Rookie Topic Starter Posts: 19

    Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:

    My notepad version is in dutch, and I cannot find these references. Could you rephrase?
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Translated to Dutch:
    Open kladblok = Open Notepad ( kladblobk=notepad)
    klik op Opmaak = Click on Format (Opmaak =Format)
    Vink 'Automatische terugloop = Uncheck Word Wrap (Automatische terugloop= Word Wrap)
    en kopieer = and copy
    de tekst hieronder plakken in de code erin: = paste the text below in it.
    (de tekst=of text, hieronder=below, plakken=paste, de code=code boc)

    For your convenience: Translate English to Dutch
     
  14. Obsidian1982

    Obsidian1982 TS Rookie Topic Starter Posts: 19

    ComboFix 12-08-22.03 - User 23-08-2012 11:55:17.3.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3071.2505 [GMT 2:00]
    Gestart vanuit: d:\p r o j e c t\MIC CHECK\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\User\Bureaublad\CFScript.txt
    AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
    FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    * Nieuw herstelpunt werd aangemaakt
    .
    FILE ::
    "c:\program files\Malwarebytes'Anti-Malware\mbamservice.exe"
    "c:\program files\Mozilla Maintenance Service\maintenanceservice.exe"
    "c:\windows\system32\drivers\mbam.sys"
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor
    c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\guid.dat
    c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\StatIDs.dat
    c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\uninstall.exe
    c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.dll
    c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
    c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.man
    c:\documents and settings\All Users\Application Data\blekko toolbars
    c:\documents and settings\All Users\Application Data\blekko toolbars\toolbar.txt
    c:\documents and settings\User\Application Data\blekkotb_031
    c:\documents and settings\User\Application Data\blekkotb_031\dtx.ini
    c:\documents and settings\User\Application Data\blekkotb_031\geoip.xml
    c:\documents and settings\User\Application Data\blekkotb_031\guid.dat
    c:\documents and settings\User\Application Data\blekkotb_031\setupCfg.xml
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\catalog.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820180032-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820180032-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820181238-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820181238-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820184032-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820184032-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820184220-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820184220-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820191504-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820191504-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820192201-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820192201-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820201137-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820201137-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820201650-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820201650-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820204111-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820204111-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820211853-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820211853-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820212902-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820212902-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820222110-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820222110-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820232331-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820232331-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820235038-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820235038-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821002114-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821002114-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821002443-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821002443-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821010211-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821010211-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821012603-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821012603-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821014127-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821014127-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821022033-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821022033-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821022725-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821022725-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821025118-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821025118-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821032155-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821032155-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821032847-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821032847-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821040303-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821040303-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821041140-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821041140-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821044043-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821044043-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821050436-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821050436-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821052145-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821052145-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821060037-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821060037-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821060551-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821060551-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821061100-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821061100-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821064137-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821064137-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821064503-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821064503-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821070704-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821070704-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821071035-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821071035-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821072100-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821072100-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821073113-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821073113-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821073804-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821073804-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821074131-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821074131-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821080308-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821080308-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821080820-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821080820-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821082037-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821082037-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821085158-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821085158-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821091112-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821091112-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821093029-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821093029-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821095129-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821095129-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821100851-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821100851-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821101044-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821101044-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821101418-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821101418-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821103143-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821103143-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821110109-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821110109-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821111642-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821111642-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821112203-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821112203-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821113036-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821113036-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821120131-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821120131-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821121329-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821121329-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821121845-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821121845-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821123239-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821123239-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821124431-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821124431-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821130131-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821130131-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821131507-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821131507-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821132023-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821132023-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821132216-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821132216-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821134112-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821134112-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821134621-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821134621-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821140147-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821140147-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821142211-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821142211-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821144107-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821144107-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821150144-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821150144-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821151853-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821151853-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821152043-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821152043-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821152433-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821152433-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821154103-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821154103-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821160136-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821160136-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821182429-f.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822164457-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822164457-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822165124-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822165124-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822170114-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822170114-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822171143-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822171143-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822173041-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822173041-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822174108-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822174108-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822180202-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822180202-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822181047-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822181047-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822183123-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822183123-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822184146-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822184146-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822185037-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822185037-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822190428-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822190428-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822191131-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822191131-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822193032-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822193032-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822194101-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822194101-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822195136-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822195136-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822200204-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822200204-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822200723-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822200723-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822201100-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822201100-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822203151-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822203151-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822205110-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822205110-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822210141-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822210141-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822211031-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822211031-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822211224-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822211224-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822213138-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822213138-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822215100-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822215100-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822220136-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822220136-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822221210-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822221210-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822221403-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822221403-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822222129-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822222129-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822223202-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822223202-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822224048-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822224048-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822231214-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822231214-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822231550-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822231550-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822233137-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822233137-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822235046-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822235046-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823000125-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823000125-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823001158-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823001158-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823001900-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823001900-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823002053-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823002053-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823003127-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823003127-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823004059-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823004059-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823011050-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823011050-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823012120-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823012120-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823013151-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823013151-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823014035-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823014035-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823015103-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823015103-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823021201-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823021201-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823022047-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823022047-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823022423-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823022423-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823023130-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823023130-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823024157-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823024157-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823030112-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823030112-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823031142-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823031142-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823032206-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823032206-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823032725-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823032725-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823033104-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823033104-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823034133-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823034133-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823035902-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823035902-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823041120-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823041120-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823043034-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823043034-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823044105-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823044105-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823050216-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823050216-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823051104-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823051104-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823054046-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823054046-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823060529-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823060529-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823060723-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823060723-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823061102-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823061102-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823062130-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823062130-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823063200-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823063200-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823065113-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823065113-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823070701-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823070701-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823071040-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823071040-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823073140-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823073140-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823074213-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823074213-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823080557-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823080557-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823080939-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823080939-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823081138-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823081138-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823082800-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823082800-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823084045-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823084045-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823085130-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823085130-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823091132-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823091132-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823092038-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823092038-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823094033-l.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823094033-m.list
    c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\temp.zip
    c:\program files\Mozilla Maintenance Service\maintenanceservice.exe
    c:\program files\Temp File Cleaner
    c:\program files\Temp File Cleaner\logo.png
    c:\program files\Temp File Cleaner\README.html
    c:\program files\Temp File Cleaner\TempFileCleaner.exe
    c:\program files\Temp File Cleaner\Uninstall.exe
    c:\windows\system32\avgfwdx.dll
    c:\windows\system32\drivers\mbam.sys
    .
     
  15. Obsidian1982

    Obsidian1982 TS Rookie Topic Starter Posts: 19

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_MBAMPROTECTOR
    -------\Legacy_MBAMSERVICE
    -------\Service_MBAMProtector
    -------\Service_MBAMService
    -------\Service_MozillaMaintenance
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-07-23 to 2012-08-23 ))))))))))))))))))))))))))))))
    .
    .
    2012-08-20 18:06 . 2012-08-20 18:06 -------- d-----w- c:\documents and settings\User\Application Data\AVG2012
    2012-08-20 18:05 . 2012-08-20 18:05 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\AVG Secure Search
    2012-08-20 18:05 . 2012-08-20 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
    2012-08-20 18:05 . 2012-08-20 18:05 -------- d-----w- c:\documents and settings\User\Application Data\AVG Secure Search
    2012-08-20 18:05 . 2012-08-20 18:05 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2012-08-20 18:05 . 2012-08-20 18:05 -------- d-----w- c:\program files\AVG Secure Search
    2012-08-20 18:05 . 2012-08-20 18:05 -------- d-----w- c:\program files\Common Files\AVG Secure Search
    2012-08-20 18:03 . 2012-08-20 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
    2012-08-20 18:03 . 2012-08-20 18:03 -------- d-----w- C:\$AVG
    2012-08-20 18:02 . 2012-08-20 18:02 -------- d-----w- c:\program files\AVG
    2012-08-20 17:59 . 2012-08-23 09:47 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2012-08-16 01:15 . 2012-08-16 01:15 -------- d-----w- c:\documents and settings\User\Application Data\Sony
    2012-08-16 01:03 . 2012-08-23 09:50 -------- d--h--r- c:\documents and settings\User\Onlangs geopend
    2012-08-08 01:08 . 2012-08-08 01:08 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Sun
    2012-08-06 20:46 . 2012-08-06 20:46 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Secunia PSI
    2012-08-06 20:45 . 2012-08-06 20:45 -------- d-----w- c:\program files\Secunia
    2012-08-04 22:54 . 2012-08-04 22:54 -------- d-----w- c:\documents and settings\User\Application Data\addpcs
    2012-08-04 22:46 . 2012-08-04 22:46 -------- d-----w- c:\program files\Microsoft.NET
    2012-08-04 22:11 . 2012-08-04 22:11 -------- d-----w- c:\program files\Common Files\Java
    2012-08-04 22:10 . 2012-08-04 22:10 -------- d-----w- c:\program files\Oracle
    2012-08-04 22:10 . 2012-08-04 22:10 -------- d-----w- c:\documents and settings\User\Application Data\Oracle
    2012-08-04 22:10 . 2012-07-05 20:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-08-04 14:32 . 2012-08-23 09:47 -------- d-----w- c:\windows\system32\drivers\AVG
    2012-07-25 12:21 . 2012-07-25 12:21 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
    2012-07-25 12:20 . 2012-07-25 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-07-25 12:20 . 2012-07-25 12:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-15 03:28 . 2012-04-04 11:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-15 03:28 . 2011-05-19 09:28 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-06 20:50 . 2012-04-03 17:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-07-06 13:58 . 2008-04-14 20:32 78336 ----a-w- c:\windows\system32\browser.dll
    2012-07-05 20:06 . 2011-04-28 16:55 687544 -c--a-w- c:\windows\system32\deployJava1.dll
    2012-07-04 14:05 . 2011-04-26 12:05 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 18:23 . 2008-04-14 20:05 1866240 ----a-w- c:\windows\system32\win32k.sys
    2012-07-02 17:38 . 2008-04-14 20:32 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-07-02 17:38 . 2008-04-14 20:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-07-02 17:38 . 2008-04-14 20:32 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-07-02 12:05 . 2008-04-14 20:05 385024 ------w- c:\windows\system32\html.iec
    2012-06-25 18:00 . 2012-07-02 17:28 79872 ----a-w- c:\windows\system32\ff_vfw.dll
    2012-06-09 17:21 . 2011-06-11 10:58 178688 ----a-w- c:\windows\system32\unrar.dll
    2012-06-05 15:49 . 2008-04-14 20:32 1372672 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-05 15:49 . 2008-04-14 20:32 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32 . 2008-04-14 20:32 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 13:19 . 2009-08-06 17:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 13:19 . 2011-04-26 12:07 329240 ----a-w- c:\windows\system32\wucltui.dll
    2012-06-02 13:19 . 2011-04-26 12:07 210968 ----a-w- c:\windows\system32\wuweb.dll
    2012-06-02 13:19 . 2011-04-26 12:07 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 13:19 . 2011-04-26 12:07 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 13:19 . 2011-04-26 12:07 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 13:19 . 2009-08-06 17:24 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 13:19 . 2008-04-14 20:32 97304 ----a-w- c:\windows\system32\cdm.dll
    2012-06-02 13:19 . 2009-08-06 17:24 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 13:19 . 2011-04-26 12:07 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 13:19 . 2009-08-06 17:23 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 13:19 . 2011-04-26 12:07 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 13:19 . 2009-08-06 17:23 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 13:19 . 2011-05-04 08:24 18160 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-06-02 13:18 . 2011-05-04 08:24 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 13:18 . 2011-05-04 08:24 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-05-31 13:22 . 2008-04-14 20:32 602624 ----a-w- c:\windows\system32\crypt32.dll
    2012-07-14 00:15 . 2012-08-10 00:24 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-08-20_17.56.01 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-08-23 10:03 . 2012-08-23 10:03 16384 c:\windows\Temp\Perflib_Perfdata_408.dat
    + 2012-01-31 02:46 . 2012-01-31 02:46 31952 c:\windows\system32\drivers\avgrkx86.sys
    + 2011-12-23 11:32 . 2011-12-23 11:32 41040 c:\windows\system32\drivers\avgmfx86.sys
    + 2011-12-23 11:32 . 2011-12-23 11:32 17232 c:\windows\system32\drivers\avgidsshimx.sys
    + 2012-04-19 02:50 . 2012-04-19 02:50 24896 c:\windows\system32\drivers\avgidshx.sys
    + 2011-12-23 11:32 . 2011-12-23 11:32 24144 c:\windows\system32\drivers\avgidsfilterx.sys
    + 2012-01-12 17:52 . 2012-01-12 17:52 30944 c:\windows\system32\drivers\avgfwdx.sys
    - 2012-08-05 15:23 . 2012-08-05 15:23 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2012-08-05 15:23 . 2012-08-22 14:22 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2011-09-16 11:57 . 2012-08-22 14:22 16384 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    - 2011-09-16 11:57 . 2012-08-05 15:23 16384 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    - 2012-08-05 15:23 . 2012-08-05 15:23 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2012-08-22 14:23 . 2012-08-22 14:22 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2012-03-19 03:17 . 2012-03-19 03:17 301248 c:\windows\system32\drivers\avgtdix.sys
    + 2012-02-22 03:25 . 2012-02-22 03:25 235216 c:\windows\system32\drivers\avgldx86.sys
    + 2011-12-23 11:32 . 2011-12-23 11:32 139856 c:\windows\system32\drivers\avgidsdriverx.sys
    + 2012-08-20 18:05 . 2012-08-20 18:05 5164032 c:\windows\Installer\14f39e.msi
    + 2012-08-20 18:02 . 2012-08-20 18:02 2208768 c:\windows\Installer\14f39a.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-08-20 18:05 2045024 ----a-w- c:\program files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll" [2012-08-20 2045024]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-21 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
    "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
    "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-04 103720]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
    "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
    "BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2009-09-01 75048]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-20 1162848]
    "ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-08-20 1020512]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\User\Menu Start\Programma's\Opstarten\
    Dropbox.lnk - c:\documents and settings\User\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [N/A]
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-7-25 572000]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
    "c:\\Documents and Settings\\User\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 4:50 24896]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31-1-2012 4:46 31952]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22-2-2012 5:25 235216]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [19-3-2012 5:17 301248]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [20-8-2012 20:05 27496]
    R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/04/27 10:17];c:\program files\CyberLink\PowerDVD9\000.fcl [1-9-2009 16:59 87536]
    R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [13-6-2012 3:48 2321560]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4-7-2012 17:25 5160568]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-2-2012 4:53 193288]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [25-7-2012 10:46 1326176]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [25-7-2012 10:46 681056]
    R2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [20-8-2012 20:05 927840]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12-1-2012 19:52 30944]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 13:32 139856]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 13:32 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 13:32 17232]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [1-9-2010 10:30 15544]
    S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21-6-2011 18:34 135664]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13-7-2012 13:28 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4-4-2012 13:44 250056]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12-1-2012 19:52 30944]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [21-6-2011 18:34 135664]
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 03:28]
    .
    2012-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
    .
    2012-02-03 c:\windows\Tasks\expressburnShakeIcon.job
    - c:\program files\NCH Software\ExpressBurn\expressburn.exe [2012-01-22 18:31]
    .
    2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-21 16:34]
    .
    2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-21 16:34]
    .
    2012-05-15 c:\windows\Tasks\videopadShakeIcon.job
    - c:\program files\NCH Software\VideoPad\videopad.exe [2012-01-29 23:26]
    .
    2012-08-11 c:\windows\Tasks\wavepadShakeIcon.job
    - c:\program files\NCH Software\WavePad\wavepad.exe [2012-01-22 21:36]
    .
    .
    ------- Bijkomende Scan -------
    .
    mSearch Bar = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
    FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\t0vs285m.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1341485456&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx%3Frru%3Dinbox%26wa%3Dwsignin1.0&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1|http://www.youtube.com/user/Nebulous1982?feature=mhum
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    AddRemove-Anti-phishing Domain Advisor - c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\uninstall.exe
    AddRemove-Temp File Cleaner - c:\program files\Temp File Cleaner\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-08-23 12:05
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen ...
    .
    scannen van verborgen autostart items ...
    .
    scannen van verborgen bestanden ...
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_USERS\S-1-5-21-602162358-2025429265-1606980848-500\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (Administrator)
    "{99079A25-328F-4BD4-BE04-00955ACAA0A7}"=hex:51,66,7a,6c,4c,1d,3b,1b,35,82,15,
    82,b9,67,b9,05,a7,07,5f,ca,5a,8b,e0,bf
    "{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}"=hex:51,66,7a,6c,4c,1d,3b,1b,d5,de,1f,
    bf,e6,2c,c5,02,b8,86,d0,a6,89,ee,51,0d
    "{9D717F81-9148-4F12-8568-69135F087DB0}"=hex:51,66,7a,6c,4c,1d,3b,1b,91,67,63,
    86,7e,c4,7f,01,9c,6b,36,4c,5f,49,3d,a8
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------
    .
    - - - - - - - > 'explorer.exe'(1388)
    c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    c:\program files\CyberLink\Shared files\RichVideo.exe
    c:\windows\SOUNDMAN.EXE
    c:\windows\ALCWZRD.EXE
    c:\program files\AVG\AVG2012\avgnsx.exe
    c:\program files\AVG\AVG2012\avgemcx.exe
    c:\program files\AVG\AVG2012\avgrsx.exe
    c:\program files\AVG\AVG2012\avgcsrvx.exe
    c:\program files\AVG\AVG2012\avgcsrvx.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-08-23 12:09:57 - machine werd herstart
    ComboFix-quarantined-files.txt 2012-08-23 10:09
    ComboFix2.txt 2012-08-20 17:58
    .
    Pre-Run: 13.139.406.848 bytes beschikbaar
    Post-Run: 13.112.217.600 bytes beschikbaar
    .
    - - End Of File - - 7DA2DE14797B7FD5A948AE7604189BFC

    ESET did not produce a log.
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    It would have been best if you had removed AVG temporarily as requested.
    Have you noticed any improvement in the speed?
    -------------------
    A tip for you: Whenever you get a download screen, look carefully for any pre-checked boxes. These are usually for toolbars, browser helper objects that don't have anything to do with the program you are downloading. They should be unchecked before you do the download.

    When you are ready to run/install the program that you saved to the desktop, if given a choice, choose Custom install rather than Standard. You may find places this way to uncheck also>>>

    Example: You downloaded something through
    Visicom Media Network or VMN.net
    It had the Blekko Search bar bundled with it, which may change your home page.
    I put it in the script you ran and you can look in the Combofix log to see how many processes were removed.
    ===================================
    I'd like you to run HijackThis. It is important that
    you set up the directory first:

    First, set up a Directory for HijackThis as follows:
    Right click Start> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
    Exit Explorer
    You now have a folder C:\HijackThis
    ----------------------------------
    Download HijackThis and save to your desktop.
    • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
    • Extract it to the directory on your hard drive you created C:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.
    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
    --------------------
    I'll check this log to see if there are any left over files.
    Let me know how the system is doing.
     
  17. Obsidian1982

    Obsidian1982 TS Rookie Topic Starter Posts: 19

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:04:08, on 24-8-2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files\Cyberlink\Shared files\brs.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\AVG\AVG2012\avgfws.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
    C:\Program Files\AVG\AVG2012\avgidsagent.exe
    C:\Program Files\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Program Files\Secunia\PSI\sua.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
    O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
    O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
    O9 - Extra button: YouTube Downloader - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\YouTubeDownloader\YouTubeDownloader.exe (file missing)
    O9 - Extra 'Tools' menuitem: YouTube Downloader - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\YouTubeDownloader\YouTubeDownloader.exe (file missing)
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
    O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: vToolbarUpdater12.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe

    --
    End of file - 8780 bytes

    ---------------------------------------------------------------------------------------------------------

    I forgot to switch off AVG after recieving further instructions.

    The system is still slow.
     
  18. Tmagic650

    Tmagic650 TS Ambassador Posts: 20,927   +167



Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.