Solved Google redirects, compromissed game account

Status
Not open for further replies.
Scanned with the same settings as before.


RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB95DA000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 6868992 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xACD35000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 6168576 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0xBF25F000 C:\WINDOWS\System32\ati3duag.dll 4018176 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBF9C6000 C:\WINDOWS\System32\ativvaxx.dll 3268608 bytes (Advanced Micro Devices, Inc. , Radeon Video Acceleration Universal Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2158592 bytes (Microsoft Corporation, NT-kernel & -systeem)
0x804D7000 PnpManager 2158592 bytes
0x804D7000 RAW 2158592 bytes
0x804D7000 WMIxWDM 2158592 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32-stuurprogramma)
0xB9E94000 PCI_PNP2584 1126400 bytes
0xB9E94000 sptd.sys 1126400 bytes
0xBF060000 C:\WINDOWS\System32\ati2cqag.dll 851968 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF130000 C:\WINDOWS\System32\atikvmag.dll 716800 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xB9CF6000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF1DF000 C:\WINDOWS\System32\atiok3x2.dll 524288 bytes (Advanced Micro Devices, Inc., Ring 0 x2 component)
0xAC9C3000 C:\WINDOWS\System32\Drivers\wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xACA5F000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB93A1000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xACC32000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA94D8000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 319488 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF634000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA8E5D000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB951F000 C:\WINDOWS\System32\Drivers\al70m808.SYS 229376 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB93FF000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9E4D000 ACPI.sys 192512 bytes (Microsoft Corporation, ACPI-stuurprogramma voor NT)
0xA9710000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9CC9000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA8B62000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xACAF7000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB959E000 C:\WINDOWS\System32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xACC0A000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xACCBE000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xB9DF7000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT-schijfbeheer I/O-stuurprogramma)
0xACBE4000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA90D1000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xAD317000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB957A000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9557000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA90F5000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xACBC2000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E6000 ACPI_HAL 134400 bytes
0x806E6000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9DBF000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9E1D000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT-schijfstuurprogramma)
0xAD33B000 C:\WINDOWS\system32\drivers\AtiHdmi.sys 114688 bytes (ATI Technologies, Inc., ATI High Definition Audio Function Driver)
0xB9CAF000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xACA34000 C:\WINDOWS\system32\DRIVERS\RzSynapse.sys 106496 bytes (Razer USA Ltd, Razer Synapse Engine)
0xB9DDF000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAC9AB000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9E7C000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9D96000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9508000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA9AD5000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB95C6000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xACC8B000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB9D83000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9DAD000 sr.sys 73728 bytes (Microsoft Corporation, Stuurprogramma voor systeemherstel)
0xB9E3C000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug en Play PCI-enumerator)
0xB942F000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xACA4E000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xA9458000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA2C8000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA2E8000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA0A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA2F8000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Stuurprogramma voor serieel apparaat)
0xBA258000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xBA1E8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA2D8000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter-stuurprogramma)
0xA9F42000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB94F8000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xBA1F8000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0B8000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA0E8000 VolSnap.sys 57344 bytes (Microsoft Corporation, Volume Shadow Copy-stuurprogramma)
0xB94D8000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xBA108000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA308000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA168000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA268000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, Cryptografisch FIPS-stuurprogramma)
0xBA2B8000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA318000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA278000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Processorstuurprogramm)
0xBA0C8000 isapnp.sys 40960 bytes (Microsoft Corporation, Stuurprogramma voor PNP ISA-bus)
0xBA198000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA118000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA188000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA8F36000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB94E8000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xA9378000 C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xBA178000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA238000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA228000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA390000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA3A0000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA3B0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA3D0000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xBA378000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA450000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Stuurprogramma voor verschillende toetsenbordtypen)
0xBA328000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA3C0000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA458000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Stuurprogramma voor muistypen)
0xBA498000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xBA3A8000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA380000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA478000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xBA388000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA440000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA448000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA3C8000 C:\WINDOWS\System32\DRIVERS\RTL8029.SYS 20480 bytes (Realtek Semiconductor Corporation, NDIS 5.0 driver)
0xBA438000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA3E0000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xACCFD000 C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys 16384 bytes
0xA98D9000 C:\WINDOWS\system32\drivers\cpuz134_x32.sys 16384 bytes (Windows (R) Win 7 DDK provider, CPUID Driver)
0xB9399000 C:\WINDOWS\System32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, Stuurprogramma voor HID-muisfilter)
0xBA598000 C:\WINDOWS\system32\drivers\LGBusEnum.sys 16384 bytes (Logitech Inc., Logitech WingMan Virtual Bus Enumerator Driver)
0xA9EC2000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xBA594000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA9E26000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA568000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB9385000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xACCE9000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xACCE5000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, Stuurprogramma voor HID-muisfilter)
0xBA578000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xACD0D000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA632000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA63C000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA630000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA61C000 C:\WINDOWS\system32\drivers\LGVirHid.sys 8192 bytes (Logitech Inc., Logitech GamePanel Virtual Hid Device Driver)
0xBA634000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA636000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5C2000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5D8000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA733000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA7D3000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA6F9000 C:\WINDOWS\System32\Drivers\LBeepKE.sys 4096 bytes (Logitech, Inc., Logitech Consumer Control Filter Driver.)
0xBA714000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus-stuurprogramma)
0x8AEC21F8 unknown_irp_handler 3592 bytes
0x8A0F41F8 unknown_irp_handler 3592 bytes
0x8ACED1F8 unknown_irp_handler 3592 bytes
0x8A10E1F8 unknown_irp_handler 3592 bytes
0x8ACB3430 unknown_irp_handler 3024 bytes
0x8AC5A430 unknown_irp_handler 3024 bytes
0x8AC64430 unknown_irp_handler 3024 bytes
0x8ACBB430 unknown_irp_handler 3024 bytes
0x8ACB4430 unknown_irp_handler 3024 bytes
0x8AC86430 unknown_irp_handler 3024 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    O4 - Startup: C:\Documents and Settings\Lennart de Groot\Menu Start\Programma's\Opstarten\ATI Tray Tools.lnk = File not found
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2011-06-09 14:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2011-06-09 13:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2011-06-09 13:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\AVG10
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8D65F32
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96D0C06F
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

===================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Done scanning everything.


OTL logfile created on: 19-6-2011 0:34:20 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Lennart de Groot\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3,25 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 75,33% Memory free
5,09 Gb Paging File | 4,28 Gb Available in Paging File | 84,04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 128,00 Gb Total Space | 43,12 Gb Free Space | 33,69% Space Free | Partition Type: NTFS
Drive D: | 7,51 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 195,30 Gb Total Space | 79,38 Gb Free Space | 40,64% Space Free | Partition Type: NTFS
Drive F: | 272,87 Gb Total Space | 55,73 Gb Free Space | 20,42% Space Free | Partition Type: NTFS

Computer Name: LENNART | User Name: Lennart de Groot | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-06-19 00:32:41 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\OTL.exe
PRC - [2011-05-29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011-05-29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011-04-30 13:52:10 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-02-25 22:56:44 | 001,242,448 | ---- | M] (Valve Corporation) -- F:\Games\Steam\steam.exe
PRC - [2010-11-30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010-11-11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010-04-06 19:21:22 | 000,385,024 | ---- | M] () -- C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe
PRC - [2009-12-10 10:27:26 | 000,357,384 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2009-12-10 10:25:16 | 003,203,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2009-12-10 10:00:42 | 001,573,384 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2009-04-23 15:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008-04-14 22:33:00 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-05-30 14:52:32 | 000,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2007-04-02 08:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
PRC - [2003-03-20 09:21:00 | 001,855,488 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe


========== Modules (SafeList) ==========

MOD - [2011-06-19 00:32:41 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\OTL.exe
MOD - [2010-08-23 18:13:25 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010-04-06 19:21:12 | 000,241,664 | ---- | M] (AMD) -- C:\Program Files\ATI Technologies\HydraVision\HydraGH.dll
MOD - [2009-08-29 18:09:14 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.dll
MOD - [2008-05-15 16:12:33 | 000,065,536 | ---- | M] (Stardock.net, Inc) -- C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll


========== Win32 Services (SafeList) ==========

SRV - [2011-06-16 09:12:28 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e877e12.dll -- (Akamai)
SRV - [2011-05-29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-03-06 01:51:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- f:\Games\Steam\SteamApps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2010-11-11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008-05-21 13:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007-04-02 08:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011-05-29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011-05-29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011-04-20 04:41:56 | 006,537,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010-12-16 10:23:14 | 000,103,424 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RzSynapse.sys -- (RzSynapse)
DRV - [2010-12-07 18:50:26 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-07-09 13:18:54 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2010-04-07 01:42:12 | 000,095,232 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010-04-06 18:13:04 | 005,912,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010-03-18 11:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010-03-18 11:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010-03-18 11:01:12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010-01-27 11:05:00 | 004,078,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2009-12-21 20:39:14 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2009-12-21 20:39:12 | 000,011,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2009-11-23 17:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009-11-23 17:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009-11-18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009-11-18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008-04-14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007-11-05 09:55:04 | 000,017,952 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys -- (atitray)
DRV - [2007-05-31 19:13:48 | 000,008,832 | ---- | M] (Atola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\slicedisk.sys -- (slicedisk.sys)
DRV - [2006-11-10 15:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2002-11-18 10:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2002-07-17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2001-08-17 22:12:40 | 000,019,017 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8029.sys -- (rtl8029) NT-stuurprogramma voor Realtek RTL8029(AS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-789336058-616249376-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.volkskrant.nl"
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.4
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-05-18 19:46:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-06-18 13:19:02 | 000,000,000 | ---D | M]

[2011-03-03 17:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lennart de Groot\Application Data\Mozilla\Extensions
[2011-03-03 17:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lennart de Groot\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2011-06-18 21:55:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lennart de Groot\Application Data\Mozilla\Firefox\Profiles\x60z6gy6.default\extensions
[2011-03-06 10:24:30 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Lennart de Groot\Application Data\Mozilla\Firefox\Profiles\x60z6gy6.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2011-03-06 10:24:30 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\Lennart de Groot\Application Data\Mozilla\Firefox\Profiles\x60z6gy6.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2011-03-06 10:24:29 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Lennart de Groot\Application Data\Mozilla\Firefox\Profiles\x60z6gy6.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011-06-16 09:28:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lennart de Groot\Application Data\Mozilla\Firefox\Profiles\x60z6gy6.default\extensions\Access Privileges Test
[2011-03-25 14:31:28 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Documents and Settings\Lennart de Groot\Application Data\Mozilla\Firefox\Profiles\x60z6gy6.default\extensions\battlefieldplay4free@ea.com
[2011-03-06 10:24:31 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Documents and Settings\Lennart de Groot\Application Data\Mozilla\Firefox\Profiles\x60z6gy6.default\extensions\nasanightlaunch@example.com
[2011-06-18 21:55:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-07-09 13:56:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011-06-18 13:27:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011-06-18 13:27:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2002-01-01 08:55:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011-06-18 13:27:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-12-10 21:13:35 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010-12-10 21:13:35 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010-12-10 21:13:35 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010-12-10 21:13:35 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2010-12-10 21:13:35 | 000,001,106 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2011-06-18 23:42:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-789336058-616249376-725345543-1003..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKU\S-1-5-21-789336058-616249376-725345543-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-789336058-616249376-725345543-1003..\Run: [Grid] C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe ()
O4 - HKU\S-1-5-21-789336058-616249376-725345543-1003..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-789336058-616249376-725345543-1003..\Run: [Steam] F:\games\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\Lennart de Groot\Menu Start\Programma's\Opstarten\ATI Tray Tools.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-616249376-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-616249376-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-789336058-616249376-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-789336058-616249376-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} http://operation7.fiaa.eu/OPLauncher.cab (Perparer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Lennart de Groot\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lennart de Groot\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-04-10 21:43:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (5599091165757440)

========== Files/Folders - Created Within 30 Days ==========

[2011-06-19 00:32:38 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\OTL.exe
[2011-06-18 22:00:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011-06-18 21:57:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011-06-18 21:57:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011-06-18 21:57:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011-06-18 21:57:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011-06-18 21:57:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011-06-18 21:57:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-06-18 21:52:06 | 004,130,419 | R--- | C] (Swearware) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\ComboFix.exe
[2011-06-18 21:13:10 | 000,581,120 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\aswMBR.exe
[2011-06-18 13:44:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lennart de Groot\Menu Start\Programma's\Systeembeheer
[2011-06-18 13:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011-06-18 13:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011-06-18 13:09:55 | 012,557,920 | ---- | C] (Foxit Corporation ) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\FoxitReader501.0523_enu_Setup.exe
[2011-06-18 11:57:43 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\spybotsd162.exe
[2011-06-18 11:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lennart de Groot\Application Data\Malwarebytes
[2011-06-18 11:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware
[2011-06-18 11:52:40 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-06-18 11:52:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-06-18 11:50:59 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-06-18 11:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-06-18 11:49:37 | 000,607,310 | R--- | C] (Swearware) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\dds.scr
[2011-06-18 11:48:51 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\mbam-setup-1.51.0.1200.exe
[2011-06-10 09:17:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011-06-10 09:16:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011-06-09 14:01:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011-06-09 14:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011-06-09 13:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lennart de Groot\Bureaublad\Nieuwe map
[2011-06-09 13:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2011-06-09 13:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lennart de Groot\Application Data\AVG10
[2011-06-09 13:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011-06-09 13:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011-06-07 15:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lennart de Groot\Mijn documenten\Crysis2
[2011-06-07 15:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2011-06-07 15:51:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011-06-07 15:51:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011-05-30 16:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lennart de Groot\Local Settings\Application Data\Ubisoft Game Launcher
[2011-05-24 22:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lennart de Groot\Mijn documenten\My Cheat Tables
[2011-05-21 17:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lennart de Groot\Mijn documenten\Witcher 2
[2011-05-21 17:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lennart de Groot\Local Settings\Application Data\The Witcher 2
[2011-05-21 17:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\The Witcher 2
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-06-19 00:32:41 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\OTL.exe
[2011-06-18 23:47:39 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011-06-18 23:42:46 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011-06-18 23:42:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011-06-18 23:42:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-06-18 22:00:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011-06-18 21:52:37 | 004,130,419 | R--- | M] (Swearware) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\ComboFix.exe
[2011-06-18 21:17:06 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\MBR.dat
[2011-06-18 21:14:28 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\RKUnhookerLE.EXE
[2011-06-18 21:14:07 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\MBR.dat
[2011-06-18 21:13:11 | 000,581,120 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\aswMBR.exe
[2011-06-18 13:10:57 | 012,557,920 | ---- | M] (Foxit Corporation ) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\FoxitReader501.0523_enu_Setup.exe
[2011-06-18 11:58:25 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\spybotsd162.exe
[2011-06-18 11:52:41 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2011-06-18 11:50:22 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\mbam-setup-1.51.0.1200.exe
[2011-06-18 11:49:40 | 000,607,310 | R--- | M] (Swearware) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\dds.scr
[2011-06-18 11:49:20 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe
[2011-06-18 10:15:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-06-15 08:07:56 | 000,499,226 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2011-06-15 08:07:56 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-06-15 08:07:56 | 000,086,256 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2011-06-15 08:07:56 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-06-14 21:46:11 | 000,000,322 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\Warriors_Archery_and_Dual_Weapon-2340-1.zip
[2011-06-14 21:45:26 | 000,001,287 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\Level_Cap_50-2844-1-02.rar
[2011-06-14 21:41:59 | 000,038,284 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\Ability_Restrictions_Removal-2213-1-1.rar
[2011-06-10 11:47:54 | 004,261,556 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\Duran Duran - The Reflex.mp3
[2011-06-09 14:33:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat
[2011-06-09 14:02:00 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011-05-29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-05-29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-05-25 22:16:26 | 000,140,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011-05-25 22:16:18 | 000,280,768 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2011-05-25 22:11:26 | 000,266,400 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-06-18 22:00:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011-06-18 22:00:49 | 000,261,936 | RHS- | C] () -- C:\cmldr
[2011-06-18 21:57:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011-06-18 21:57:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011-06-18 21:57:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011-06-18 21:57:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011-06-18 21:57:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011-06-18 21:17:06 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\MBR.dat
[2011-06-18 21:14:25 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\RKUnhookerLE.EXE
[2011-06-18 21:14:07 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\MBR.dat
[2011-06-18 11:52:41 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2011-06-18 11:49:16 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe
[2011-06-14 21:46:10 | 000,000,322 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\Warriors_Archery_and_Dual_Weapon-2340-1.zip
[2011-06-14 21:45:26 | 000,001,287 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\Level_Cap_50-2844-1-02.rar
[2011-06-14 21:41:59 | 000,038,284 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\Ability_Restrictions_Removal-2213-1-1.rar
[2011-06-10 11:47:11 | 004,261,556 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\Duran Duran - The Reflex.mp3
[2011-06-09 14:06:32 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011-06-09 13:53:36 | 000,001,912 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011-04-19 23:10:32 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011-03-03 18:57:56 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011-03-03 18:57:56 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011-02-28 02:31:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat
[2011-02-17 00:52:24 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\M2000Twn.dll
[2011-02-17 00:52:23 | 000,728,858 | ---- | C] () -- C:\Program Files\Common Files\unins000.exe
[2011-02-17 00:52:23 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\CompressATI2.dll
[2011-02-17 00:52:23 | 000,003,054 | ---- | C] () -- C:\Program Files\Common Files\unins000.dat
[2011-02-17 00:39:44 | 000,025,037 | ---- | C] () -- C:\WINDOWS\System32\Nucleus.dll
[2011-02-17 00:28:39 | 000,124,931 | ---- | C] () -- C:\WINDOWS\System32\dxgi.dll
[2011-02-17 00:28:39 | 000,000,236 | ---- | C] () -- C:\Program Files\Common Files\dx.reg
[2011-02-17 00:28:38 | 000,874,502 | ---- | C] () -- C:\WINDOWS\System32\kernel32new.dll
[2011-02-17 00:28:38 | 000,716,153 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2011-02-17 00:28:38 | 000,182,275 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll
[2011-02-17 00:28:38 | 000,007,871 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2010-11-04 20:01:05 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2010-11-04 20:01:05 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2010-11-04 20:01:05 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2010-11-04 20:01:05 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2010-10-14 02:36:44 | 000,179,263 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010-05-15 19:45:44 | 002,373,712 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010-05-01 09:09:50 | 003,494,576 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010-04-12 16:21:38 | 000,472,576 | ---- | C] () -- C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
[2010-04-12 16:21:01 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010-04-12 15:06:37 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\atiamdag.dat
[2010-04-12 09:59:02 | 000,140,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010-04-12 09:59:02 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\Application Data\PnkBstrK.sys
[2010-04-12 09:58:33 | 000,280,768 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010-04-12 09:58:32 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
[2010-04-12 09:58:32 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010-04-12 08:39:26 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010-04-11 22:47:44 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-04-11 12:35:24 | 000,461,368 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2010-04-11 12:35:23 | 000,016,456 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2010-04-11 12:35:23 | 000,011,088 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2010-04-10 23:51:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010-04-10 23:51:11 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010-04-10 23:51:10 | 000,233,012 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010-04-10 23:51:10 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010-04-10 23:35:20 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-04-10 23:33:34 | 000,135,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-04-10 22:38:28 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2010-04-10 22:01:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010-04-10 22:00:18 | 000,039,279 | ---- | C] () -- C:\WINDOWS\cmijack.dat
[2010-04-10 22:00:18 | 000,023,041 | ---- | C] () -- C:\WINDOWS\cmaudio.dat
[2010-04-10 22:00:18 | 000,018,442 | ---- | C] () -- C:\WINDOWS\cmijack.ini
[2010-04-10 22:00:18 | 000,016,271 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2010-04-10 22:00:18 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2010-04-10 22:00:18 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2010-04-10 21:44:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010-04-10 21:41:37 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006-11-10 15:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2004-08-02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001-09-07 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-09-07 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001-09-07 14:00:00 | 000,499,226 | ---- | C] () -- C:\WINDOWS\System32\perfh013.dat
[2001-09-07 14:00:00 | 000,432,492 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001-09-07 14:00:00 | 000,318,670 | ---- | C] () -- C:\WINDOWS\System32\perfi013.dat
[2001-09-07 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001-09-07 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001-09-07 14:00:00 | 000,086,256 | ---- | C] () -- C:\WINDOWS\System32\perfc013.dat
[2001-09-07 14:00:00 | 000,067,448 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001-09-07 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001-09-07 14:00:00 | 000,039,178 | ---- | C] () -- C:\WINDOWS\System32\perfd013.dat
[2001-09-07 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001-09-07 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-09-07 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001-09-07 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011-06-09 14:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011-06-09 13:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011-03-06 13:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2011-03-14 17:13:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010-05-15 20:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011-06-07 15:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011-06-07 15:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010-12-07 21:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011-06-09 13:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011-06-07 15:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2011-03-04 02:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011-02-25 22:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tunngle
[2011-03-14 20:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2011-03-04 01:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010-04-12 22:40:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{26D901A1-2540-4430-81DC-0317F01BD7BE}
[2011-03-03 19:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010-04-12 09:25:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}
[2010-04-12 22:40:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BF1E655E-0210-4F9E-BE22-94A9069BF84B}
[2011-03-03 17:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{F0489EF2-D393-4114-85BA-A94D71D89543}
[2010-04-12 22:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{F40E9D30-5DFC-4B21-BFDB-A5CDEE6440A6}
[2011-04-23 22:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\.minecraft
[2010-11-04 19:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\Aura4You
[2011-06-09 13:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\AVG10
[2011-02-18 10:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\Belastingdienst
[2010-04-14 19:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\Command and Conquer 4
[2010-05-15 20:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\DAEMON Tools Lite
[2010-11-04 20:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\DataCast
[2010-04-30 23:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\FreeAudioPack
[2011-02-17 00:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\GetRightToGo
[2011-03-16 12:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\gtk-2.0
[2011-06-09 14:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\id Software
[2011-01-18 16:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\IrfanView
[2010-04-13 15:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\Leadertech
[2010-05-25 14:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\LG Electronics
[2011-06-18 00:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\Mumble
[2010-07-04 21:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\NCH Swift Sound
[2010-04-28 22:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\Notepad++
[2010-06-24 19:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\OpenOffice.org
[2011-03-03 17:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\Philips-Songbird
[2011-06-09 14:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\SWF.max
[2010-11-18 01:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\TS3Client
[2011-03-31 23:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\Tunngle
[2011-05-30 16:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\Ubisoft
[2011-06-06 20:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\uTorrent
[2011-03-04 01:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\WindSolutions
[2011-06-18 23:47:39 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011-06-18 23:42:46 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010-04-10 21:43:38 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011-01-02 11:58:56 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011-06-18 22:00:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2001-09-07 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2004-08-03 23:00:14 | 000,261,936 | RHS- | M] () -- C:\cmldr
[2011-06-19 00:20:47 | 000,027,105 | ---- | M] () -- C:\ComboFix.txt
[2010-04-10 21:43:38 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-04-10 21:43:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-04-10 21:43:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010-04-10 22:23:57 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010-04-10 22:30:50 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2011-06-18 23:42:22 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011-05-20 08:10:19 | 000,023,344 | ---- | M] () -- C:\wmdm.log

< %systemroot%\Fonts\*.com >
[2006-04-18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006-06-29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-04-18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-06-29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010-04-10 21:43:27 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008-07-06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008-07-06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010-04-10 23:32:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010-04-10 23:32:31 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010-04-10 23:32:31 | 000,458,752 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010-04-10 21:47:35 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureaublad weergeven.scf
[2010-04-10 22:38:18 | 000,000,189 | -HS- | M] () -- C:\Documents and Settings\Lennart de Groot\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >
[2008-03-09 08:25:10 | 000,000,236 | ---- | M] () -- C:\Program Files\Common Files\dx.reg
[2011-02-17 00:52:26 | 000,003,054 | ---- | M] () -- C:\Program Files\Common Files\unins000.dat
[2011-02-17 00:51:50 | 000,728,858 | ---- | M] () -- C:\Program Files\Common Files\unins000.exe

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
 
< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >
Radeon Omega Drivers v4.8.442 Uninstall.exe

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011-06-19 00:20:58 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2005-01-28 13:44:28 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2001-05-02 15:24:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\blogo.gif
[2008-04-14 22:32:24 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004-07-17 11:41:10 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2001-03-07 06:00:26 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2001-05-29 12:38:10 | 000,000,958 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008-05-02 16:05:59 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008-04-13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008-04-14 22:33:08 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2001-02-01 06:00:26 | 000,000,685 | ---- | M] () -- C:\Program Files\Messenger\msmsgs.exe.manifest
[2001-08-01 21:58:12 | 000,016,415 | ---- | M] () -- C:\Program Files\Messenger\msmsgsin.exe
[2004-07-17 11:41:10 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004-07-17 11:41:10 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004-07-17 11:41:10 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2000-12-05 13:10:32 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004-07-17 11:35:48 | 000,118,265 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8D65F32
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96D0C06F

< End of report >

==========================

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

ESET Online Scanner v3
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.2.153.1
Mozilla Firefox (3.6.17)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

================================

C:\iduhsfuisdf\28ED27230B7.exe Win32/Spy.SpyEye.CA trojan
C:\System Volume Information\_restore{B92A4FE4-3E3D-4416-B2A4-69C1259896D7}\RP143\A0117472.exe Win32/Spy.SpyEye.CA trojan
C:\System Volume Information\_restore{B92A4FE4-3E3D-4416-B2A4-69C1259896D7}\RP146\A0119925.exe Win32/Spy.SpyEye.CA trojan
E:\Back-Up Folder\installer_ffdshow_mpeg-4_video_decoder_20090320_rev2792_(x64)_Nederlands_Dutch.exe Win32/Hoax.ArchSMS.KC application
 
OTL log is incorrect. You clicked on "Scan" button, instead of "Fix" button.
Please, redo.
 
Ah, sorry. Redid the step.

All processes killed
========== OTL ==========
File move failed. C:\Documents and Settings\Lennart de Groot\Menu Start\Programma's\Opstarten\ATI Tray Tools.lnk scheduled to be moved on reboot.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
Folder C:\Documents and Settings\All Users\Application Data\AVG10\ not found.
Folder C:\Documents and Settings\All Users\Application Data\avg9\ not found.
Folder C:\Documents and Settings\Lennart de Groot\Application Data\AVG10\ not found.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:F8D65F32 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:63238B95 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:96D0C06F .
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lennart de Groot
->Temp folder emptied: 675558 bytes
->Temporary Internet Files folder emptied: 6305529 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 48819322 bytes
->Flash cache emptied: 1088 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 2374 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17986 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 53,00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Lennart de Groot
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.24.1 log created on 06192011_203045

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Lennart de Groot\Menu Start\Programma's\Opstarten\ATI Tray Tools.lnk not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_1d4.dat not found!

Registry entries deleted on Reboot...
 
Update Internet Explorer to version 8. Version 6 is obsolete and thus dangerous.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    
    :Services
    
    :Reg
    
    :Files
    C:\iduhsfuisdf
    E:\Back-Up Folder\installer_ffdshow_mpeg-4_video_decoder_20090320_rev2792_(x64)_Nederlands_Dutch.exe
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

==================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
I wanted to run the OTL steps before I post the logs, but it seems with the final OTL step the logs were removed (I managed to save one to my desktop, the first log)

If you'd like me to I can download OTL again and rerun the 2nd step and post the resulting log.

As for the final steps; downloading IE8, Windows Updates is set to auto-update now, passwords have been changed already, I will download Secunia and schedule scans for MBAM, MSE and TFC.

Redirects work fine now, MBAM stopped reporting my PC trying to contact the IP previously mentioned and boot-up is substantially quicker.


All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\iduhsfuisdf folder moved successfully.
E:\Back-Up Folder\installer_ffdshow_mpeg-4_video_decoder_20090320_rev2792_(x64)_Nederlands_Dutch.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lennart de Groot
->Temp folder emptied: 672316 bytes
->Temporary Internet Files folder emptied: 524783 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45328445 bytes
->Flash cache emptied: 998 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 2374 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17986 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 44,00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Lennart de Groot
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.24.1 log created on 06192011_210403

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_7ec.dat not found!

Registry entries deleted on Reboot...
 
Way to go!!
p4193510.gif

Good luck and stay safe :)
 
Status
Not open for further replies.
Back