Solved Exploit.drop.gs

Status
Not open for further replies.

merijn

Posts: 19   +0
My computer was attacked by the Win 7 Anti Spyware Virus yesterday. I thought I removed everything by following this instructions: http://answers.microsoft.com/en-us/...12-virus/648fec23-e5c0-4d0a-aeda-0458a71317dd but it didn't remove everything.
When I do a flash scan with Malwarebytes I still get 14 infections, most of them are exploit.drop.gs. When I choose to remove them and restart my computer and scan again they are still there.
Furthermore the following things aren't working: Windows Update, Microsoft Security Essentials, taskmgr (missing pcwum.dll).
My computer is a MacBook air, running Windows Vista in Bootcamp.
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
Please review the 4-Step instructions and post the logs back here for my review.

Also, include this scan:

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
 
Firt of all thank you very much for helping me!

About step 1 of the 4-step instructions: I already had Microsoft Security Essentials and downloaded AVG 2013 (after the infection) but both aren't working correctly. But since the instruction states not to download a new one I didn't.

Here is the first log of Malwarebytes:

Malwarebytes Anti-Malware (-evaluatieversie-) 1.70.0.1100
www.malwarebytes.org
Databaseversie: v2013.01.14.09
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Merijn :: MERIJN-PC [administrator]
Bescherming: Uitgeschakeld
14-1-2013 20:50:20
mbam-log-2013-01-14 (20-50-20).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 192808
Verstreken tijd: 1 minuut/minuten, 10 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
(Is there a way to make English logfiles instead of Dutch?)
 
This is the DDS log:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
Run by Merijn at 20:57:19 on 2013-01-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.2217.1128 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AppleOSSMgr.exe
C:\Windows\system32\AppleTimeSrv.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Boot Camp\Bootcamp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Apple_KbdMgr] c:\program files\boot camp\Bootcamp.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
StartupFolder: c:\users\merijn\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Verzenden naar OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} - hxxps://vpn.stadsdeel-nieuwwest.nl/+CSCOL+/cscopf.cab
DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} - hxxps://vpn.stadsdeel-nieuwwest.nl/+CSCOL+/cscopf.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.178.1
TCP: Interfaces\{4E0D5054-D8B2-472F-B9D5-7C30677D8024} : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{4E0D5054-D8B2-472F-B9D5-7C30677D8024}\844343E65647775627B6 : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{5C69EC18-FD35-47C2-BE8C-BE5BACD8FE8D} : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{5C69EC18-FD35-47C2-BE8C-BE5BACD8FE8D}\844343E65647775627B6 : DHCPNameServer = 192.168.2.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AppleHFS;AppleHFS;c:\windows\system32\drivers\AppleHFS.sys [2011-6-9 49664]
R0 AppleMNT;AppleMNT;c:\windows\system32\drivers\AppleMNT.sys [2011-6-9 6784]
R2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2011-7-2 194432]
R2 AppleTimeSrv;Apple tijdvoorziening;c:\windows\system32\AppleTimeSrv.exe [2011-7-2 100224]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2011-6-26 6528]
R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2011-4-1 12928]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-14 398184]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-11-16 2655768]
R3 acpials;ALS-sensorfilter;c:\windows\system32\drivers\acpials.sys [2011-4-12 7680]
R3 applemtm;Apple Multitouch Mouse;c:\windows\system32\drivers\applemtm.sys [2011-11-16 10880]
R3 applemtp;Apple Multitouch;c:\windows\system32\drivers\applemtp.sys [2011-11-16 29824]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2011-11-16 349224]
R3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\drivers\CS420x86.sys [2011-11-16 14336]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-11-16 269824]
R3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\drivers\KeyMagic.sys [2011-11-16 26624]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2010-10-19 41088]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
S0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-14 682344]
S3 applebmt;Apple Wireless Mouse;c:\windows\system32\drivers\applebmt.sys [2011-11-16 34304]
S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\drivers\AppleBtBc.sys [2011-11-16 18944]
S3 AppleODD;Apple ODD;c:\windows\system32\drivers\AppleODD.sys [2011-11-16 7680]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-14 21104]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-23 1343400]
.
=============== Created Last 30 ================
.
2013-01-14 00:05:35 -------- d-----w- c:\users\merijn\appdata\roaming\AVG2013
2013-01-14 00:05:07 -------- d-----w- c:\users\merijn\appdata\roaming\TuneUp Software
2013-01-14 00:05:02 -------- d--h--w- C:\$AVG
2013-01-14 00:05:02 -------- d-----w- c:\programdata\AVG2013
2013-01-14 00:04:52 -------- d-----w- c:\program files\AVG
2013-01-14 00:03:30 -------- d--h--w- c:\programdata\Common Files
2013-01-14 00:03:30 -------- d-----w- c:\users\merijn\appdata\local\MFAData
2013-01-14 00:03:30 -------- d-----w- c:\users\merijn\appdata\local\Avg2013
2013-01-14 00:03:30 -------- d-----w- c:\programdata\MFAData
2013-01-13 23:18:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-13 23:18:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-13 22:40:16 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6cf8e55e-4e0d-4498-9c94-a96f6004ed1f}\mpengine.dll
2013-01-13 21:11:34 -------- d-----w- c:\users\merijn\appdata\roaming\Malwarebytes
2013-01-13 21:11:23 -------- d-----w- c:\programdata\Malwarebytes
2013-01-13 21:10:48 -------- d-----w- c:\users\merijn\appdata\local\Programs
2013-01-13 19:56:53 60872 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f2659715-7f6d-4795-9e0f-962a2c7eb0e4}\offreg.dll
2013-01-13 19:56:33 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f2659715-7f6d-4795-9e0f-962a2c7eb0e4}\mpengine.dll
2013-01-13 15:39:42 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ce896b86-190f-4e59-a1dc-903004102b45}\MpKsla88e1ee4.sys
2013-01-11 11:15:13 90112 ----a-w- c:\users\merijn\IDHWTSS1.dll
2013-01-11 11:15:13 81920 ----a-w- c:\users\merijn\hobjni.dll
2013-01-11 11:15:13 36868 ----a-w- c:\users\merijn\PrtDLL.dll
2013-01-11 11:14:22 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-11 11:14:22 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-11 11:14:20 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-08 20:24:35 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-01-08 20:24:35 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-01-08 20:09:29 293376 ----a-w- c:\windows\system32\browserchoice.exe
2013-01-07 14:19:45 317440 ----a-w- c:\windows\system32\spoolsv.exe
2013-01-07 14:19:22 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-01-07 14:19:21 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-01-07 14:19:16 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-01-07 14:19:10 376832 ----a-w- c:\windows\system32\dpnet.dll
2013-01-07 14:19:01 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-01-07 14:19:01 1159680 ----a-w- c:\windows\system32\crypt32.dll
2013-01-07 14:19:01 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-01-07 14:13:31 826880 ----a-w- c:\windows\system32\rdpcore.dll
2013-01-07 14:13:31 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-01-04 16:35:59 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-04 15:22:06 -------- d-----w- c:\program files\AutoHotkey
2013-01-04 15:16:36 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-01-04 15:16:33 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-01-04 15:16:31 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-01-04 15:16:31 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-01-04 14:56:53 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8021920d-8773-4126-87a5-b63a8e22bacb}\gapaengine.dll
2013-01-04 14:56:53 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
.
==================== Find3M ====================
.
2013-01-04 16:35:59 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-23 02:56:23 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-23 02:48:41 49152 ----a-w- c:\windows\system32\taskhost.exe
2012-11-22 04:45:03 626688 ----a-w- c:\windows\system32\usp10.dll
2012-11-20 04:51:09 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:43:04 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-01 04:47:54 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-10-22 12:02:46 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
.
============= FINISH: 20:57:29,76 ===============
 
And the DDS attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume4
Install Date: 16-11-2011 22:33:10
System Uptime: 14-1-2013 20:45:21 (0 hours ago)
.
Motherboard: Apple Inc. | | Mac-742912EFDBEE19B3
Processor: Intel(R) Core(TM) i7-2677M CPU @ 1.80GHz | U2E1 | 1801/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 14,634 GiB free.
D: is FIXED (HFS) - 196 GiB total, 54,159 GiB free.
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth USB Host Controller
Device ID: USB\VID_05AC&PID_821F\7&1B344649&0&3
Manufacturer:
Name: Bluetooth USB Host Controller
PNP Device ID: USB\VID_05AC&PID_821F\7&1B344649&0&3
Service:
.
==== System Restore Points ===================
.
RP28: 11-1-2013 12:14:05 - Installed Java 7 Update 10
RP29: 13-1-2013 23:48:51 - Installed Java 7 Update 11
RP30: 14-1-2013 0:02:56 - Installed Microsoft Fix it 50884
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.0) - Nederlands
Apple Software Update
AutoHotkey 1.1.09.02
AVG 2013
Boot Camp-services
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Java 7 Update 11
Java Auto Updater
Malwarebytes Anti-Malware versie 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile NLD Language Pack
Microsoft Antimalware
Microsoft Antimalware Service NL-NL Language Pack
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Dutch) 2010
Microsoft Office Excel MUI (Dutch) 2010
Microsoft Office Groove MUI (Dutch) 2010
Microsoft Office InfoPath MUI (Dutch) 2010
Microsoft Office OneNote MUI (Dutch) 2010
Microsoft Office Outlook MUI (Dutch) 2010
Microsoft Office PowerPoint MUI (Dutch) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proofing (Dutch) 2010
Microsoft Office Publisher MUI (Dutch) 2010
Microsoft Office Shared MUI (Dutch) 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (Dutch) 2010
Microsoft Office Word MUI (Dutch) 2010
Microsoft Security Client
Microsoft Security Client NL-NL Language Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Professional 2010
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Windows-stuurprogrammapakket - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.8.3.10)
Windows-stuurprogrammapakket - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
Windows-stuurprogrammapakket - Apple Inc. Apple Broadcom Bluetooth (04/27/2011 4.0.0.1)
Windows-stuurprogrammapakket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
Windows-stuurprogrammapakket - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
Windows-stuurprogrammapakket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
Windows-stuurprogrammapakket - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1)
Windows-stuurprogrammapakket - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1)
Windows-stuurprogrammapakket - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1)
Windows-stuurprogrammapakket - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)
Windows-stuurprogrammapakket - Apple Inc. Apple System Device (04/05/2011 3.2.0.8)
Windows-stuurprogrammapakket - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)
Windows-stuurprogrammapakket - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)
Windows-stuurprogrammapakket - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1)
Windows-stuurprogrammapakket - Apple Inc. Apple Wireless Trackpad (01/17/2011 3.2.0.0)
Windows-stuurprogrammapakket - Apple Inc. Bluetooth (03/01/2010 3.0.0.5)
Windows-stuurprogrammapakket - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113)
Windows-stuurprogrammapakket - Broadcom (b57nd60x) Net (12/02/2010 14.4.2.2)
Windows-stuurprogrammapakket - Broadcom (BCM43XX) Net (06/16/2011 5.100.98.78)
Windows-stuurprogrammapakket - Broadcom Corporation (bScsiSDx) SDHost (01/18/2011 1.0.0.220)
Windows-stuurprogrammapakket - Cirrus Logic, Inc. (CirrusFilter) MEDIA (04/14/2011 6.6001.1.32)
Windows-stuurprogrammapakket - Intel (e1express) Net (03/26/2010 9.13.41.0)
Windows-stuurprogrammapakket - Intel (e1kexpress) Net (04/12/2010 11.6.92.0)
Windows-stuurprogrammapakket - Intel (e1qexpress) Net (12/04/2009 11.4.7.0)
Windows-stuurprogrammapakket - Intel (e1rexpress) Net (01/07/2010 11.4.16.0)
Windows-stuurprogrammapakket - Intel (e1yexpress) Net (04/07/2010 10.1.9.0)
Windows-stuurprogrammapakket - Intel System (07/20/2007 1.2.76.0)
Windows-stuurprogrammapakket - Marvell (yukonwlh) Net (03/23/2007 10.12.7.3)
.
==== End Of File ===========================
 
And the AdwCleaner log:

# AdwCleaner v2.105 - Verslag gemaakt op 14/01/2013 om 21:02:43
# Geactualiseerd op 08/01/2013 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Gebruiker : Merijn - MERIJN-PC
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\Merijn\Downloads\adwcleaner.exe
# Optie [Verwijderen]

***** [Diensten] *****

***** [Files / Mappen] *****

***** [Register] *****
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** [Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Het register bevat geen enkele ongeoorloofde invoer.
*************************
AdwCleaner[S1].txt - [679 octets] - [14/01/2013 21:02:43]
########## EOF - C:\AdwCleaner[S1].txt - [738 octets] ##########
 
ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From TechSpot

Direct Link (alternative)

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.



Kaspersky Virus Removal Tool

The Kaspersky Virus Removal Tool is a scan-and-remove solution from Kaspersky that searches out the most common malware and attempts to remove it from your computer.

Please download the Kaspersky Virus Removal Tool from Kaspersky's Official Link and save it to your Desktop.

  • Double-click the Setup file to install it on your computer.
  • Once it has installed, review and accept the agreement and press the Start button.
  • You will presented with the main interface, but don't scan yet, click the options tab (gear icon):
    image1nz.png
  • On the Scan Scope tab, make sure to checkmark all the options, except for the CD/DVD drive:
    image2pmb.png
  • On the Security Level tab, make sure to move the slider up denoting "Current Security Level: High":
    image3vd.png
  • Now, go back to the Automatic Scan tab, and choose "Start Scanning". It may take several hours to complete. Please allow it to do so.
  • Once done scanning, choose the Report tab (page icon), select Detected Threats tab on left, and choose Disinfect All:
    image5mf.png
  • Then, choose Save. Also, in the Automatic Report tab, select Save:
    image4vy.png
  • Please post the reports in your next reply.
  • Once you exit, the tool should uninstall automatically.
 
The ComboFix log:

ComboFix 13-01-15.02 - Merijn 15-01-2013 20:41:31.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.2217.1330 [GMT 1:00]
Gestart vanuit: c:\users\Merijn\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Merijn\hobjni.dll
c:\users\Merijn\IDHWTSS1.dll
c:\users\Merijn\PrtDLL.dll
c:\windows\system32\drivers\a851a8d82b240c9.sys
c:\windows\system32\sysprep\CRYPTBASE.DLL
.
Besmet exemplaar van c:\windows\system32\drivers\ntfs.sys werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17945_none_a8592bc67b451464\ntfs.sys
Besmet exemplaar van c:\windows\system32\drivers\AGP440.sys werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
Besmet exemplaar van c:\windows\system32\drivers\asyncmac.sys werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_242e2506962cd3e0\asyncmac.sys
Besmet exemplaar van c:\windows\system32\drivers\cdrom.sys werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_a851a8d82b240c9
-------\Service_a851a8d82b240c9
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-12-15 to 2013-01-15 ))))))))))))))))))))))))))))))
.
.
2013-01-14 00:05 . 2013-01-14 00:05 -------- d-----w- c:\users\Merijn\AppData\Roaming\AVG2013
2013-01-14 00:05 . 2013-01-14 00:05 -------- d-----w- c:\users\Merijn\AppData\Roaming\TuneUp Software
2013-01-14 00:05 . 2013-01-14 00:05 -------- d-----w- c:\programdata\AVG2013
2013-01-14 00:05 . 2013-01-14 00:05 -------- d-----w- C:\$AVG
2013-01-14 00:04 . 2013-01-14 00:04 -------- d-----w- c:\program files\AVG
2013-01-14 00:03 . 2013-01-15 19:34 -------- d-----w- c:\programdata\MFAData
2013-01-14 00:03 . 2013-01-14 00:03 -------- d--h--w- c:\programdata\Common Files
2013-01-14 00:03 . 2013-01-14 00:03 -------- d-----w- c:\users\Merijn\AppData\Local\MFAData
2013-01-14 00:03 . 2013-01-14 00:03 -------- d-----w- c:\users\Merijn\AppData\Local\Avg2013
2013-01-13 23:18 . 2013-01-13 23:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-13 23:18 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-13 22:40 . 2012-11-19 00:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6CF8E55E-4E0D-4498-9C94-A96F6004ED1F}\mpengine.dll
2013-01-13 21:11 . 2013-01-13 21:11 -------- d-----w- c:\users\Merijn\AppData\Roaming\Malwarebytes
2013-01-13 21:11 . 2013-01-13 21:11 -------- d-----w- c:\programdata\Malwarebytes
2013-01-13 21:10 . 2013-01-13 21:10 -------- d-----w- c:\users\Merijn\AppData\Local\Programs
2013-01-13 19:56 . 2013-01-13 19:56 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2659715-7F6D-4795-9E0F-962A2C7EB0E4}\offreg.dll
2013-01-13 19:56 . 2012-11-08 09:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2659715-7F6D-4795-9E0F-962A2C7EB0E4}\mpengine.dll
2013-01-11 11:14 . 2013-01-11 11:14 -------- d-----w- c:\program files\Common Files\Java
2013-01-11 11:14 . 2013-01-11 11:14 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-11 11:14 . 2013-01-11 11:14 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-11 11:14 . 2013-01-12 02:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-11 11:14 . 2013-01-13 22:49 -------- d-----w- c:\program files\Java
2013-01-08 20:24 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-01-08 20:24 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-01-08 20:09 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2013-01-07 14:19 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2013-01-07 14:19 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-01-07 14:19 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-01-07 14:19 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-01-07 14:19 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll
2013-01-07 14:19 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-01-07 14:19 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll
2013-01-07 14:19 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-01-07 14:13 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2013-01-07 14:13 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-01-04 16:35 . 2013-01-04 16:35 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-04 15:22 . 2013-01-04 15:22 -------- d-----w- c:\program files\AutoHotkey
2013-01-04 15:16 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2013-01-04 15:16 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2013-01-04 15:16 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2013-01-04 15:16 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-01-04 15:16 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2013-01-04 15:16 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2013-01-04 15:16 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-01-04 15:16 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-01-04 15:16 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-01-04 14:56 . 2013-01-04 14:56 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8021920D-8773-4126-87A5-B63A8E22BACB}\gapaengine.dll
2013-01-04 14:56 . 2011-11-23 23:04 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-04 16:35 . 2011-11-23 14:07 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-15 22:33 . 2012-11-15 22:33 94048 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-11-08 09:00 . 2011-11-28 23:13 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-22 12:02 . 2012-10-22 12:02 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2011-07-02 526208]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 176408]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
c:\users\Merijn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - AVGIDSDRIVER
*NewlyCreated* - AVGIDSHX
*NewlyCreated* - AVGIDSSHIM
*NewlyCreated* - AVGLDX86
*NewlyCreated* - AVGLOGX
*NewlyCreated* - AVGMFX86
*NewlyCreated* - AVGRKX86
*NewlyCreated* - AVGTDIX
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - WS2IFSL
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} - hxxps://vpn.stadsdeel-nieuwwest.nl/+CSCOL+/cscopf.cab
DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} - hxxps://vpn.stadsdeel-nieuwwest.nl/+CSCOL+/cscopf.cab
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\progra~1\AVG\AVG2013\avgrsx.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\AppleOSSMgr.exe
c:\windows\system32\AppleTimeSrv.exe
c:\program files\AVG\AVG2013\avgidsagent.exe
c:\program files\AVG\AVG2013\avgwdsvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\AVG\AVG2013\avgnsx.exe
c:\program files\AVG\AVG2013\avgemcx.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Voltooingstijd: 2013-01-15 20:46:55 - machine werd herstart
ComboFix-quarantined-files.txt 2013-01-15 19:46
.
Pre-Run: 16.094.580.736 bytes beschikbaar
Post-Run: 16.295.223.296 bytes beschikbaar
.
- - End Of File - - E8ED095B5FF52CC68E207270FD6AD6D0
 
The Kaspersky log is 74.8 MB. How can I post it?

When running the Kaspersky scan I already had to delete some files during the scan to proceed scanning, also some files couldn't be deleted and had to be skipped to proceed. In total 6 threats were found.
 
Here is the Kaspersky log of the 8 threats:

Status: Deleted (events: 4)
15-1-2013 22:17:40 Deleted Trojan program Trojan-Dropper.Win32.Necurs.cxq C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{52D85A60-1F28-774E-E4B8-688175EF49BC}-syshost.exe High
15-1-2013 22:17:40 Deleted Trojan program Trojan-Dropper.Win32.Necurs.cxq C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{52D85A60-1F28-774E-E4B8-688175EF49BC}-syshost.exe//PE-Crypt.XorPE High
15-1-2013 22:17:40 Deleted Trojan program Trojan.Win32.FakeAV.pvpt C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{7313C944-08BA-0005-04C0-AB21FBB503F4}-vbb.exe High
15-1-2013 22:17:40 Deleted Trojan program Trojan.Win32.FakeAV.pvpt C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{7313C944-08BA-0005-04C0-AB21FBB503F4}-vbb.exe//PE-Crypt.XorPE High
Status: Absent (events: 4)
15-1-2013 23:39:17 Not found Trojan program Trojan-Dropper.Win32.Necurs.cxq C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{52D85A60-1F28-774E-E4B8-688175EF49BC}-syshost.exe//PE-Crypt.XorPE High
15-1-2013 23:39:17 Not found Trojan program Trojan.Win32.FakeAV.pvpt C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{7313C944-08BA-0005-04C0-AB21FBB503F4}-vbb.exe//PE-Crypt.XorPE High
15-1-2013 23:39:17 Not found Trojan program Trojan-Dropper.Win32.Necurs.cxq C:\Users\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{52D85A60-1F28-774E-E4B8-688175EF49BC}-syshost.exe//PE-Crypt.XorPE High
15-1-2013 23:39:17 Not found Trojan program Trojan.Win32.FakeAV.pvpt C:\Users\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{7313C944-08BA-0005-04C0-AB21FBB503F4}-vbb.exe//PE-Crypt.XorPE High
 
Good job!

OTL Quick Scan

Please download OTL by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Quick Scan button and let the program run uninterrupted.
  • It will produce a log for you called OTL.txt, please post it in your next reply.
  • You may need to use two posts to get it all.
 
Don't you need the full Kaspersky log?
(There were also some files that could't be scanned because they were password protected.)

Should I still leave the anti-virus software disabled (als I did for the Combofix scan)?
 
The OLT log:

OTL logfile created on: 16-1-2013 21:31:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Merijn\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

2,16 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 57,24% Memory free
4,33 Gb Paging File | 3,23 Gb Available in Paging File | 74,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 37,38 Gb Total Space | 15,17 Gb Free Space | 40,59% Space Free | Partition Type: NTFS
Drive D: | 195,58 Gb Total Space | 52,71 Gb Free Space | 26,95% Space Free | Partition Type: HFS

Computer Name: MERIJN-PC | User Name: Merijn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-01-16 21:30:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Merijn\Desktop\OTL.exe
PRC - [2012-12-14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-12-14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-12-14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012-12-11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012-11-30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012-11-23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012-11-15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012-10-30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012-10-22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012-10-22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012-10-22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012-10-22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2011-07-02 14:29:28 | 000,526,208 | ---- | M] (Apple Inc.) -- C:\Program Files\Boot Camp\Bootcamp.exe
PRC - [2011-07-02 14:29:24 | 000,100,224 | ---- | M] (Apple Inc.) -- C:\Windows\System32\AppleTimeSrv.exe
PRC - [2011-07-02 14:29:22 | 000,194,432 | ---- | M] () -- C:\Windows\System32\AppleOSSMgr.exe
PRC - [2011-06-15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011-04-27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-12-21 01:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE


========== Modules (No Company Name) ==========

MOD - [2011-07-02 14:21:45 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2011-03-17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Services (SafeList) ==========

SRV - [2012-12-14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-12-14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-11-15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012-10-22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012-09-20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011-11-23 20:19:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011-07-02 14:29:24 | 000,100,224 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Windows\System32\AppleTimeSrv.exe -- (AppleTimeSrv)
SRV - [2011-07-02 14:29:22 | 000,194,432 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV - [2011-06-09 16:21:45 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011-06-09 16:21:44 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011-04-27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011-04-27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Merijn\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012-12-14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012-11-15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012-10-22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012-10-15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012-10-02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012-09-21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012-09-21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012-09-21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012-09-14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011-07-02 14:22:05 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2011-06-26 16:46:18 | 000,006,528 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KeyAgent.sys -- (KeyAgent)
DRV - [2011-06-09 16:21:41 | 000,014,336 | ---- | M] (Cirrus Logic) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CS420x86.sys -- (CirrusFilter)
DRV - [2011-06-09 16:21:00 | 000,049,664 | ---- | M] (Apple Inc.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AppleHFS.sys -- (AppleHFS)
DRV - [2011-06-09 16:21:00 | 000,006,784 | ---- | M] (Apple Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AppleMNT.sys -- (AppleMNT)
DRV - [2011-05-25 00:25:16 | 000,034,304 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\applebmt.sys -- (applebmt)
DRV - [2011-05-24 23:40:24 | 000,026,624 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KeyMagic.sys -- (KeyMagic)
DRV - [2011-05-19 12:39:22 | 000,018,944 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AppleBtBc.sys -- (AppleBtBc)
DRV - [2011-04-27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011-04-18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011-04-01 14:16:06 | 000,012,928 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV - [2011-01-31 23:10:14 | 000,007,680 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AppleODD.sys -- (AppleODD)
DRV - [2011-01-31 23:10:10 | 000,029,824 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\applemtp.sys -- (applemtp)
DRV - [2011-01-31 23:10:10 | 000,010,880 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\applemtm.sys -- (applemtm)
DRV - [2010-11-20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010-10-19 23:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2009-07-14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009-07-14 00:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE 77 DE 07 B4 A4 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2013-01-15 20:45:54 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Merijn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Verzenden naar OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} https://vpn.stadsdeel-nieuwwest.nl/+CSCOL+/cscopf.cab (CISCO Portforwarder Control)
O16 - DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} https://vpn.stadsdeel-nieuwwest.nl/+CSCOL+/cscopf.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E0D5054-D8B2-472F-B9D5-7C30677D8024}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C69EC18-FD35-47C2-BE8C-BE5BACD8FE8D}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-01-16 21:30:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Merijn\Desktop\OTL.exe
[2013-01-15 20:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013-01-15 20:45:55 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013-01-15 20:44:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013-01-15 20:44:01 | 000,000,000 | ---D | C] -- C:\Users\Merijn\AppData\Local\temp
[2013-01-15 20:40:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013-01-15 20:40:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013-01-15 20:40:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013-01-15 20:40:54 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013-01-15 20:40:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013-01-15 20:40:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013-01-15 20:35:07 | 005,022,206 | R--- | C] (Swearware) -- C:\Users\Merijn\Desktop\ComboFix.exe
[2013-01-14 01:05:35 | 000,000,000 | ---D | C] -- C:\Users\Merijn\AppData\Roaming\AVG2013
[2013-01-14 01:05:07 | 000,000,000 | ---D | C] -- C:\Users\Merijn\AppData\Roaming\TuneUp Software
[2013-01-14 01:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013-01-14 01:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013-01-14 01:05:02 | 000,000,000 | ---D | C] -- C:\$AVG
[2013-01-14 01:04:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013-01-14 01:03:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013-01-14 01:03:30 | 000,000,000 | ---D | C] -- C:\Users\Merijn\AppData\Local\MFAData
[2013-01-14 01:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013-01-14 01:03:30 | 000,000,000 | ---D | C] -- C:\Users\Merijn\AppData\Local\Avg2013
[2013-01-14 00:18:49 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013-01-14 00:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013-01-14 00:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013-01-13 22:11:34 | 000,000,000 | ---D | C] -- C:\Users\Merijn\AppData\Roaming\Malwarebytes
[2013-01-13 22:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013-01-13 22:10:48 | 000,000,000 | ---D | C] -- C:\Users\Merijn\AppData\Local\Programs
[2013-01-13 22:09:59 | 010,156,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Merijn\Desktop\mbam-setup.exe
[2013-01-13 22:07:31 | 001,754,528 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Merijn\Desktop\iExplore.exe
[2013-01-11 12:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013-01-11 12:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013-01-11 12:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013-01-04 16:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
[2013-01-04 16:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\AutoHotkey

========== Files - Modified Within 30 Days ==========

[2013-01-16 21:30:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Merijn\Desktop\OTL.exe
[2013-01-16 21:29:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-01-16 21:28:51 | 1743,310,848 | -HS- | M] () -- C:\hiberfil.sys
[2013-01-15 22:31:03 | 000,000,696 | -HS- | M] () -- C:\Windows\0665259drv.spi
[2013-01-15 20:53:55 | 000,022,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-01-15 20:53:55 | 000,022,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-01-15 20:51:07 | 152,051,056 | ---- | M] () -- C:\Users\Merijn\Desktop\setup_11.0.0.1245.x01_2013_01_15_21_42.exe
[2013-01-15 20:50:27 | 000,703,664 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2013-01-15 20:50:27 | 000,618,108 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-01-15 20:50:27 | 000,134,564 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2013-01-15 20:50:27 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-01-15 20:45:54 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013-01-15 20:35:25 | 005,022,206 | R--- | M] (Swearware) -- C:\Users\Merijn\Desktop\ComboFix.exe
[2013-01-14 01:05:07 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013-01-14 00:21:05 | 000,001,274 | ---- | M] () -- C:\Users\Merijn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk
[2013-01-14 00:18:50 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013-01-13 22:05:26 | 000,011,246 | -HS- | M] () -- C:\Users\Merijn\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2013-01-13 22:05:26 | 000,011,246 | -HS- | M] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2013-01-13 22:01:10 | 010,156,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Merijn\Desktop\mbam-setup.exe
[2013-01-13 21:57:48 | 001,754,528 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Merijn\Desktop\iExplore.exe
[2013-01-11 17:22:50 | 000,000,091 | ---- | M] () -- C:\Users\Merijn\connbar.ini
[2013-01-11 12:05:26 | 000,409,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-01-08 21:41:54 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\Internetbrowser selecteren.lnk
[2013-01-04 16:34:47 | 000,000,497 | ---- | M] () -- C:\Users\Merijn\Desktop\ReverseScrolling.ahk
[2013-01-04 16:22:34 | 000,001,351 | ---- | M] () -- C:\Users\Merijn\Documents\AutoHotkey.ahk

========== Files Created - No Company Name ==========

[2013-01-15 22:17:48 | 000,000,696 | -HS- | C] () -- C:\Windows\0665259drv.spi
[2013-01-15 20:50:13 | 152,051,056 | ---- | C] () -- C:\Users\Merijn\Desktop\setup_11.0.0.1245.x01_2013_01_15_21_42.exe
[2013-01-15 20:40:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013-01-15 20:40:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013-01-15 20:40:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013-01-15 20:40:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013-01-15 20:40:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013-01-14 01:05:07 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013-01-14 00:18:50 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013-01-13 20:51:10 | 000,011,246 | -HS- | C] () -- C:\Users\Merijn\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2013-01-13 20:51:10 | 000,011,246 | -HS- | C] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2013-01-11 12:15:14 | 000,000,091 | ---- | C] () -- C:\Users\Merijn\connbar.ini
[2013-01-08 21:41:54 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\Internetbrowser selecteren.lnk
[2013-01-08 21:10:56 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013-01-08 21:10:36 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013-01-04 16:24:35 | 000,000,497 | ---- | C] () -- C:\Users\Merijn\Desktop\ReverseScrolling.ahk
[2013-01-04 16:22:34 | 000,001,351 | ---- | C] () -- C:\Users\Merijn\Documents\AutoHotkey.ahk
[2011-11-16 22:44:41 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2011-11-16 22:44:41 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011-11-16 22:44:41 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011-11-16 22:44:38 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011-11-16 22:44:06 | 000,014,184 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2011-08-31 19:46:14 | 000,216,000 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2011-08-31 19:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2011-08-31 19:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2011-08-31 19:15:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011-07-02 14:29:22 | 000,194,432 | ---- | C] () -- C:\Windows\System32\AppleOSSMgr.exe
[2011-04-12 05:48:01 | 000,703,664 | ---- | C] () -- C:\Windows\System32\perfh013.dat
[2011-04-12 05:48:01 | 000,341,322 | ---- | C] () -- C:\Windows\System32\perfi013.dat
[2011-04-12 05:48:01 | 000,134,564 | ---- | C] () -- C:\Windows\System32\perfc013.dat
[2011-04-12 05:48:01 | 000,043,068 | ---- | C] () -- C:\Windows\System32\perfd013.dat

========== ZeroAccess Check ==========

[2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013-01-14 01:05:35 | 000,000,000 | ---D | M] -- C:\Users\Merijn\AppData\Roaming\AVG2013
[2013-01-14 01:05:07 | 000,000,000 | ---D | M] -- C:\Users\Merijn\AppData\Roaming\TuneUp Software

========== Purity Check ==========


< End of report >
 
Don't know if you need the extras logfile:


OTL Extras logfile created on: 16-1-2013 21:31:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Merijn\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

2,16 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 57,24% Memory free
4,33 Gb Paging File | 3,23 Gb Available in Paging File | 74,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 37,38 Gb Total Space | 15,17 Gb Free Space | 40,59% Space Free | Partition Type: NTFS
Drive D: | 195,58 Gb Total Space | 52,71 Gb Free Space | 26,95% Space Free | Partition Type: HFS

Computer Name: MERIJN-PC | User Name: Merijn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0365C22A-97E8-44AC-9974-1EB23F517C92}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{321A8DA3-28B2-4321-8959-D607CE50722B}" = lport=445 | protocol=6 | dir=in | app=system |
"{510184BE-E1DF-47C6-A4D6-58DEF3A9DA5B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{55A0AA7D-A4B5-45A5-8894-348D8F7633A0}" = rport=138 | protocol=17 | dir=out | app=system |
"{59F92A4F-21CB-44AF-9EBA-83E7A5245EAA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{631DE6B9-DF6F-4AD3-BB00-13D0237C77D1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{70C501AB-A499-458B-9C8A-BBA0180EB9E9}" = lport=139 | protocol=6 | dir=in | app=system |
"{7D975288-1448-4E38-ABE9-278431B0F7EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E1B4E87-6DF3-4F40-92C1-01A14E506B74}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7E5B1671-3C89-4E1B-81F9-A49DB1864CCF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84D26095-6C47-489E-99C9-EC5F8F8CE277}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B573B3DE-F113-476E-8374-AB77EBCEEB70}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BA83567C-CF26-4F87-AD85-A799D054702C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BEB28193-69E7-4813-873A-68E4290FDF89}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C2CE8968-7360-4D79-9BBC-0DE9F04B5205}" = rport=139 | protocol=6 | dir=out | app=system |
"{D0800395-D8E6-4A92-BD70-34C0D584E5DE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DC2EB3F7-003D-4304-95EC-B448B8B5B8F7}" = rport=137 | protocol=17 | dir=out | app=system |
"{EF8A32C6-1EA2-4CF6-A61A-280955E2E3FA}" = lport=138 | protocol=17 | dir=in | app=system |
"{F25C91D6-51F7-442C-9878-C41A5800D5DE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F2A9FCBD-61D9-40EB-8174-65DD3DDB4D17}" = lport=137 | protocol=17 | dir=in | app=system |
"{F5E3BD89-B0C1-46CF-8455-9E067DF73E66}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17BC5AE2-AAA4-480D-8922-5C60D003F352}" = dir=out | name=core networking - system ip core |
"{222AD938-4580-4159-80FB-70873691538D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{225FB811-05C0-4C61-A18D-76B3D60A9E25}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2E03BE16-8419-4D9C-A221-F4770A1F3277}" = dir=in | name=core networking - system ip core |
"{3B38C10F-4D8C-4BEA-8D8F-02D57DCA34FB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{40BA2088-3016-4E41-9592-FD66D10A2085}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{42E647B2-7F49-40A7-A193-090F60FD7A2F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4B2E6724-2C54-4F13-B13C-CEB8A1E2D353}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{50FAC443-E4B0-4765-B7E7-63CF478A817E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5103FB93-8012-4664-B81E-976FFA65A59A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{52894D04-78D7-4434-920F-2F1E20C16F55}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{5CFB02BB-E067-4C79-9FA8-671B5899AB3D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5E756538-49AC-4836-B5F9-EBD8EF391A70}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{739F2CE2-D25A-428B-A65C-7574E7F6FE01}" = protocol=6 | dir=out | app=system |
"{77E2FD31-AF87-4F7F-B952-6805C235DC45}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7B017B4F-EBBE-4EFD-9D76-2CD57C75BB89}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{828295C7-D504-4F1D-8E5C-683F65B93D59}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{9B0F47F0-3C02-43F8-AFD8-934E4A35BBA9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AF4A1559-18DD-4B50-8727-2F92608372FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1C2E818-5CC4-4669-8321-95A130533B46}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{BF08E610-7CB0-4497-AEF3-19F64688AA3A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BF1DCFD9-0CEF-4F08-9993-943D4EBAEFB8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C48C609B-34DE-4B43-BE52-C298AE1C9786}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C611CF4E-03A5-48F1-935B-500B1B26B2E2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{C7AC7E99-D756-48A6-BDB0-34A0C7814D08}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{D0408CE5-AAB3-4395-AB4A-81B20A729002}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{D58A8626-C3AC-4494-96EB-FAC6092C7EE2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{D69AEC03-3F94-479A-97E5-6D8B65AF66C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D8439C2C-071B-404E-8A13-8C5DA0CC8F3F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{E84711AD-3B8E-494A-A9BA-312FC12F906E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 11
"{2CCC5C78-20FF-478E-8B65-46B58CC5781B}" = AVG 2013
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client NL-NL Language Pack
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8990CF47-8B04-4CCE-89E2-A9241DB27E3B}" = AVG 2013
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2010
"{90140000-0015-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2010
"{90140000-0016-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2010
"{90140000-0018-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2010
"{90140000-0019-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2010
"{90140000-001A-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2010
"{90140000-001B-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0413-0000-0000000FF1CE}_Office14.VISIOR_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2010
"{90140000-002C-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{D3B92058-CF96-445F-A297-F7ED19C4E841}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2010
"{90140000-0044-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0413-0000-0000000FF1CE}" = Microsoft Office Visio MUI (Dutch) 2010
"{90140000-0054-0413-0000-0000000FF1CE}_Office14.VISIOR_{01C54C3B-1844-4874-9B6F-CAFC0B4C43B0}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2010
"{90140000-006E-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{260407D0-98A1-4D9A-A956-3D1DEDDDF3B9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2010
"{90140000-00A1-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2010
"{90140000-00BA-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1043-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Nederlands
"{E8F8AF38-7FFA-407A-8E4B-4722AE20FA30}" = Boot Camp-services
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8EDC0F8-15BC-4411-8762-77105C8AAEEC}" = Microsoft Antimalware Service NL-NL Language Pack
"07170A155D5587C8782EABA10E94E4127A86F6E4" = Windows-stuurprogrammapakket - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.8.3.10)
"0A8E69CB2299FB82BA54D1D4C0F3B1810146DBAB" = Windows-stuurprogrammapakket - Apple Inc. Apple Broadcom Bluetooth (04/27/2011 4.0.0.1)
"111E266FDD1556398EFC13BE47678F96E8497682" = Windows-stuurprogrammapakket - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)
"157C5C3D3E97D5439AD0C6268A489EF68FB7AD4F" = Windows-stuurprogrammapakket - Intel (e1yexpress) Net (04/07/2010 10.1.9.0)
"1D68F7A8B8397256B162B831457A6775BD17F3F4" = Windows-stuurprogrammapakket - Marvell (yukonwlh) Net (03/23/2007 10.12.7.3)
"20CF1F4786CB13A83CD2EC358929609A9B7A205C" = Windows-stuurprogrammapakket - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1)
"28AB5A817BE0B4C6952E913DEB9CA907C7871C74" = Windows-stuurprogrammapakket - Broadcom (b57nd60x) Net (12/02/2010 14.4.2.2)
"2E2B6DCC02509BB8D2629A009DE8B5C3055B6779" = Windows-stuurprogrammapakket - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)
"31BC243044B2C02B454ECDA8F5B44427F3754DD0" = Windows-stuurprogrammapakket - Apple Inc. Bluetooth (03/01/2010 3.0.0.5)
"44E2556E81BCB991055DD976642491906DD3B8A0" = Windows-stuurprogrammapakket - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1)
"4A92273B670E1AF46863F93542352C780755E201" = Windows-stuurprogrammapakket - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113)
"4B114013DDC5858DB929CE55F363AB88CDE1F78C" = Windows-stuurprogrammapakket - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1)
"4D00971668041EDAD7097C5827D1739F03B9E5D7" = Windows-stuurprogrammapakket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
"5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Windows-stuurprogrammapakket - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"7E77301EAEB38AFBF074A5EEACED05B618975B6C" = Windows-stuurprogrammapakket - Apple Inc. Apple Wireless Trackpad (01/17/2011 3.2.0.0)
"82BE89CA9B7493FA05D2D4D32B415CF07EA08B47" = Windows-stuurprogrammapakket - Intel System (07/20/2007 1.2.76.0)
"8BB769A00E5FB4E3C5C45B4B60C20B4322C430BD" = Windows-stuurprogrammapakket - Intel (e1rexpress) Net (01/07/2010 11.4.16.0)
"9324ED54E32F5399037F87E076CA01C6CEB92830" = Windows-stuurprogrammapakket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"9646DB3A0BD532DCF0A6750140F84D0089FF608E" = Windows-stuurprogrammapakket - Intel (e1express) Net (03/26/2010 9.13.41.0)
"A0DAD483951AB3046050D68A2A1D8CEB4A7C61EE" = Windows-stuurprogrammapakket - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AF5930CAB6A628999B8500F18549DCD96021E8FC" = Windows-stuurprogrammapakket - Broadcom (BCM43XX) Net (06/16/2011 5.100.98.78)
"AutoHotkey" = AutoHotkey 1.1.09.02
"AVG" = AVG 2013
"B9491C5C199D7236FCDCB76367922461FADC80C7" = Windows-stuurprogrammapakket - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1)
"BCFD182AEFFCC167E74298C1563F0C84CEE4D92C" = Windows-stuurprogrammapakket - Intel (e1qexpress) Net (12/04/2009 11.4.7.0)
"C5CE3BA75A23622D2140C5D5D0998C07DDC4CF1C" = Windows-stuurprogrammapakket - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
"D885E9963D372B22E9F3CD04F0AF501F1FCCF220" = Windows-stuurprogrammapakket - Intel (e1kexpress) Net (04/12/2010 11.6.92.0)
"E81D39E9D96872D02774D1E6A6D5DC1F222CB21F" = Windows-stuurprogrammapakket - Cirrus Logic, Inc. (CirrusFilter) MEDIA (04/14/2011 6.6001.1.32)
"F46F6C2CF86ECDFF2CE25B508923B04E2F23F1CE" = Windows-stuurprogrammapakket - Apple Inc. Apple System Device (04/05/2011 3.2.0.8)
"F4FD74182DF87939B302E81C3D80CA0D38D287AB" = Windows-stuurprogrammapakket - Broadcom Corporation (bScsiSDx) SDHost (01/18/2011 1.0.0.220)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 14-1-2013 15:47:20 | Computer Name = Merijn-PC | Source = WinMgmt | ID = 10
Description =

Error - 14-1-2013 16:05:59 | Computer Name = Merijn-PC | Source = WinMgmt | ID = 10
Description =

Error - 14-1-2013 16:13:52 | Computer Name = Merijn-PC | Source = Application Hang | ID = 1002
Description = Het programma iexplore.exe, versie 9.0.8112.16457 reageert niet meer
op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem
beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum
in het Configuratiescherm. Proces-id: b60 Starttijd: 01cdf29270edb73b Eindtijd: 16
Toepassingspad:
C:\Program Files\Internet Explorer\iexplore.exe Rapport-id:

Error - 15-1-2013 15:35:32 | Computer Name = Merijn-PC | Source = WinMgmt | ID = 10
Description =

Error - 15-1-2013 15:41:40 | Computer Name = Merijn-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: wmpnscfg.exe, versie: 12.0.7600.16385,
tijdstempel: 0x4a5bccbc Naam van module met fout: KERNELBASE.dll, versie: 6.1.7601.18015,
tijdstempel: 0x50b83b16 Uitzonderingscode: 0xc06d007f Foutoffset: 0x0000812f Id van
proces met fout: 0x678 Starttijd van toepassing met fout: 0x01cdf35855b2f43e Pad
naar toepassing met fout: C:\Program Files\Windows Media Player\wmpnscfg.exe Pad
naar module met fout: C:\Windows\system32\KERNELBASE.dll Rapport-id: 94631c2c-5f4b-11e2-9a27-c82a144ea1c7

Error - 15-1-2013 15:41:40 | Computer Name = Merijn-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: wmpnscfg.exe, versie: 12.0.7600.16385,
tijdstempel: 0x4a5bccbc Naam van module met fout: KERNELBASE.dll, versie: 6.1.7601.18015,
tijdstempel: 0x50b83b16 Uitzonderingscode: 0xc06d007f Foutoffset: 0x0000812f Id van
proces met fout: 0x1730 Starttijd van toepassing met fout: 0x01cdf35855c860a1 Pad
naar toepassing met fout: C:\Program Files\Windows Media Player\wmpnscfg.exe Pad
naar module met fout: C:\Windows\system32\KERNELBASE.dll Rapport-id: 9462f51c-5f4b-11e2-9a27-c82a144ea1c7

Error - 15-1-2013 15:47:03 | Computer Name = Merijn-PC | Source = WinMgmt | ID = 10
Description =

Error - 15-1-2013 15:56:07 | Computer Name = Merijn-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = De service Cryptografische services is mislukt tijdens het verwerken
van aanroep OnIdentity() op het object System Writer. Details: AddLegacyDriverFiles:
Unable to back up image of binary 0665259drv. System Error: Het systeem kan het opgegeven
bestand niet vinden. .

Error - 15-1-2013 18:43:16 | Computer Name = Merijn-PC | Source = Application Hang | ID = 1002
Description = Het programma NOTEPAD.EXE, versie 6.1.7600.16385 reageert niet meer
op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem
beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum
in het Configuratiescherm. Proces-id: 5c6c Starttijd: 01cdf371a3bebca1 Eindtijd: 0
Toepassingspad:
C:\Windows\system32\NOTEPAD.EXE Rapport-id: ee024eb6-5f64-11e2-9128-c82a144ea1c7

Error - 16-1-2013 16:30:47 | Computer Name = Merijn-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 15-1-2013 15:42:34 | Computer Name = Merijn-PC | Source = Service Control Manager | ID = 7030
Description = De PEVSystemStart-service staat aangeduid als een interactieve service.
Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn
toegestaan. Deze service werkt mogelijk niet juist.

Error - 15-1-2013 15:44:01 | Computer Name = Merijn-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 heeft een fout aangetroffen bij het bijwerken van handtekeningen.
Nieuwe
handtekeningversie: Vorige handtekeningversie: 1.141.3834.0 Updatebron: %%859 Updatefase:
%%852 Bronpad: Default URL Handtekeningtype: %%800 Updatetype: %%803 Gebruiker: NT
AUTHORITY\SYSTEM Huidige engineversie: Vorige engineversie: 1.1.9002.0 Foutcode: 0x80070424
Foutbeschrijving:
De opgegeven service is geen geïnstalleerde service.

Error - 15-1-2013 15:44:06 | Computer Name = Merijn-PC | Source = Service Control Manager | ID = 7030
Description = De PEVSystemStart-service staat aangeduid als een interactieve service.
Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn
toegestaan. Deze service werkt mogelijk niet juist.

Error - 15-1-2013 15:44:08 | Computer Name = Merijn-PC | Source = Service Control Manager | ID = 7030
Description = De PEVSystemStart-service staat aangeduid als een interactieve service.
Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn
toegestaan. Deze service werkt mogelijk niet juist.

Error - 15-1-2013 15:45:38 | Computer Name = Merijn-PC | Source = Service Control Manager | ID = 7006
Description = ScRegSetValueExW-oproep voor FailureActions is niet geslaagd vanwege
deze fout: %%5.

Error - 15-1-2013 15:45:38 | Computer Name = Merijn-PC | Source = Service Control Manager | ID = 7006
Description = ScRegSetValueExW-oproep voor FailureActions is niet geslaagd vanwege
deze fout: %%5.

Error - 15-1-2013 15:45:39 | Computer Name = Merijn-PC | Source = Service Control Manager | ID = 7026
Description = De volgende opstartstuurprogramma's zijn niet geladen: cdrom

Error - 16-1-2013 16:29:11 | Computer Name = Merijn-PC | Source = Service Control Manager | ID = 7006
Description = ScRegSetValueExW-oproep voor FailureActions is niet geslaagd vanwege
deze fout: %%5.

Error - 16-1-2013 16:29:12 | Computer Name = Merijn-PC | Source = Service Control Manager | ID = 7006
Description = ScRegSetValueExW-oproep voor FailureActions is niet geslaagd vanwege
deze fout: %%5.

Error - 16-1-2013 16:29:12 | Computer Name = Merijn-PC | Source = Service Control Manager | ID = 7026
Description = De volgende opstartstuurprogramma's zijn niet geladen: cdrom


< End of report >
 
OTL Fix

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :OTL
    [2013-01-15 22:31:03 | 000,000,696 | -HS- | M] () -- C:\Windows\0665259drv.spi
    [2013-01-13 22:05:26 | 000,011,246 | -HS- | M] () -- C:\Users\Merijn\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
    [2013-01-13 22:05:26 | 000,011,246 | -HS- | M] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl

    :files
    ipconfig /flushdns /c

    :commands
    [emptytemp]
    [reboot]
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.


Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death

Note: Absence of issues does not mean that you're protected in the future.
 
OLT log file:

All processes killed
========== OTL ==========
C:\Windows\0665259drv.spi moved successfully.
C:\Users\Merijn\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl moved successfully.
C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP-configuratie
De DNS-omzettingscache is leeggemaakt.
C:\Users\Merijn\Desktop\cmd.bat deleted successfully.
C:\Users\Merijn\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Merijn
->Temp folder emptied: 7501 bytes
->Temporary Internet Files folder emptied: 184686356 bytes
->Java cache emptied: 1210227 bytes
->Flash cache emptied: 1624 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 453670 bytes
RecycleBin emptied: 78468637 bytes

Total Files Cleaned = 253,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01182013_222056
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
The ESET log:

C:\Qoobox\Quarantine\C\Windows\System32\sysprep\CRYPTBASE.DLL.vir a variant of Win32/Kryptik.ASDY trojan cleaned by deleting - quarantined
 
Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name I.e. Clean
  • Select Create


Remove tools, temp files, old Restore Points

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :files
    ipconfig /flushdns /c

    :commands
    [CREATERESTOREPOINT]
    [CLEARALLRESTOREPOINTS]
    [emptyflash]
    [emptytemp]
    [emptyjava]
    [reboot]
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
  • It may open a log for you, but I don't need that.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 
Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
AVG Anti-Virus Free Edition 2013
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware versie 1.70.0.1100
Java 7 Update 11
Adobe Reader 10.1.0 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Microsoft Security Client Antimalware MsMpEng.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Microsoft Security Client Antimalware NisSrv.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
 
Is there a possibility that the D: drive of my computer (Mac OS partition) is infected, or my NAS or other Windows computers in the network?
 
Status
Not open for further replies.
Back