Slow PC after malware removal

O

Obsidian1982

Posts: 19   +0
Hello broni. I have noticed that since the clean up I have done, my pc has become slower. Once I start my pc, I see a black screen with the white bar on the third option: start in normal mode, just for a sec. This never happened before. Opening up a video editing program makes youtube videos choppy and stutter. This also never happened before. Please be in mind that this is the case even after shutting down running programs that you recommended.

Could this mean that my pc is re-infected? Looking forward to hearing from you.​
 
"Could this mean that my PC is re-infected? Looking forward to hearing from you"... This could indicate that some critical system files were damaged by the malware infection. If you haven't backed up important files, I suggest that you do that now. Sometimes running Combofix can cure this, but since Broni helped you with the cleaning, he is available here:
https://www.techspot.com/community/forums/virus-and-malware-removal.28/
Are you able to install Windows fresh if you have to?
 
I posted a new forum there but it got removed for some reason. Could be an accident. Can you give me a hand with this? And no, I am not able to re-install my windows.
 
You still have malware. I see quite a few entries in the DDS log you ran that need to be removed. I can remove those and other undesirable entries using script in Combofix as suggested.

You may remember that Combofix won't run with AVG. You will need to temporarily uninstall AVG as follows:

Download AppRemoverand save to the desktop
  1. Double click the setup on the desktop> click Next
  2. Select “Remove Security Application”
  3. Let scan finish to determine security apps
  4. A screen like below will appear: (image courtesy billmullins.wordpress.)
    appremover2.jpg
  5. Check the AVG program you want to uninstall
  6. Click on Next after choice has been made
  7. After uninstall shows complete, follow online prompts to Exit the program.
Temporary AV: Use one:
Microsoft Security Essentials
Comodo AV
Avast! Free Antivirus
=============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HERE and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    The Recovery Console was successfully installed.
    Click to expand...
    Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    Note: No query will be made if the Recovery Console is already on the system.
  • Close any open browsers.
  • Before you run the Combofix scan, please disable any security software you have running.
    (If you need help with this, please see HERE)
  • Click on Yes, to continue scanning for malware
  • If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please paste the Combofix log in your next reply. I'll review it and set up the script for the removals.

For instance: Your Start page: klit.startnow.com
Per the WOT Site Advisor:
Warning! This site has a poor reputation.
This subdomain inherits the reputation of startnow.com. .
Click to expand...

There are also additional entries for the AskBar that need to be removed.

As for the black desktop: if either of the following apply, use them:
Correct Display Changes if needed:
If the desktop background is black or if the theme has been removed:
  • For Windows XP: Click on Start> Control Panel> Display> change theme and/or background if needed.
  • For Windows Vista or Windows 7: Click on Start> Control Panel> Appearance & Personalization> Select Change Theme or Change Desktop Background
=====================================
Some items may not show on the Start menu. To add them back:
  • Right click on Start> Properties
  • Taskbar and Start Menu Properties screen appears
  • choose Start Menu tab> Click on Customize
  • For Windows XP> Choose Advanced tab
  • Check the items you want back on the Start Menu
  • When finished> click on OK> Apply and close.
Can you tell me what this is? D:\P R O J E C T\quran\rm3hhv1t.exe
 
Hello, thanx for the assistance. Here is the combofix log:

ComboFix 12-08-20.02 - User 20-08-2012 19:51:43.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3071.2593 [GMT 2:00]
Gestart vanuit: d:\p r o j e c t\MIC CHECK\ComboFix.exe
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6aedd7562a23bdf2.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-20 to 2012-08-20 ))))))))))))))))))))))))))))))
.
.
2012-08-16 01:15 . 2012-08-16 01:15 -------- d-----w- c:\documents and settings\User\Application Data\Sony
2012-08-16 01:03 . 2012-08-20 17:40 -------- d--h--r- c:\documents and settings\User\Onlangs geopend
2012-08-08 01:08 . 2012-08-08 01:08 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Sun
2012-08-06 20:46 . 2012-08-06 20:46 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Secunia PSI
2012-08-06 20:45 . 2012-08-06 20:45 -------- d-----w- c:\program files\Secunia
2012-08-04 22:54 . 2012-08-04 22:54 -------- d-----w- c:\documents and settings\User\Application Data\addpcs
2012-08-04 22:46 . 2012-08-04 22:46 -------- d-----w- c:\program files\Microsoft.NET
2012-08-04 22:45 . 2012-08-04 22:53 -------- d-----w- c:\program files\Temp File Cleaner
2012-08-04 22:44 . 2012-08-04 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\blekko toolbars
2012-08-04 22:44 . 2012-08-04 22:44 -------- d-----w- c:\documents and settings\User\Application Data\blekkotb_031
2012-08-04 22:44 . 2012-08-04 22:44 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\blekkotb_031
2012-08-04 22:44 . 2012-08-04 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor
2012-08-04 22:11 . 2012-08-04 22:11 -------- d-----w- c:\program files\Common Files\Java
2012-08-04 22:10 . 2012-08-04 22:10 -------- d-----w- c:\program files\Oracle
2012-08-04 22:10 . 2012-08-04 22:10 -------- d-----w- c:\documents and settings\User\Application Data\Oracle
2012-08-04 22:10 . 2012-07-05 20:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-04 14:32 . 2012-08-20 17:36 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-25 12:21 . 2012-07-25 12:21 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2012-07-25 12:20 . 2012-07-25 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-25 12:20 . 2012-07-25 12:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-25 12:20 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 03:28 . 2012-04-04 11:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 03:28 . 2011-05-19 09:28 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-06 20:50 . 2012-04-03 17:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-06 13:58 . 2008-04-14 20:32 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-05 20:06 . 2011-04-28 16:55 687544 -c--a-w- c:\windows\system32\deployJava1.dll
2012-07-04 14:05 . 2011-04-26 12:05 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:23 . 2008-04-14 20:05 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:38 . 2008-04-14 20:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2008-04-14 20:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 17:38 . 2008-04-14 20:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 12:05 . 2008-04-14 20:05 385024 ------w- c:\windows\system32\html.iec
2012-06-25 18:00 . 2012-07-02 17:28 79872 ----a-w- c:\windows\system32\ff_vfw.dll
2012-06-09 17:21 . 2011-06-11 10:58 178688 ----a-w- c:\windows\system32\unrar.dll
2012-06-05 15:49 . 2008-04-14 20:32 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2008-04-14 20:32 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-14 20:32 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2009-08-06 17:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2011-04-26 12:07 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2011-04-26 12:07 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2011-04-26 12:07 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2011-04-26 12:07 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2011-04-26 12:07 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 17:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-04-14 20:32 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 17:24 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2011-04-26 12:07 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-08-06 17:23 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2011-04-26 12:07 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2009-08-06 17:23 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2011-05-04 08:24 18160 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2011-05-04 08:24 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2011-05-04 08:24 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2008-04-14 20:32 602624 ----a-w- c:\windows\system32\crypt32.dll
2012-07-14 00:15 . 2012-08-10 00:24 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-21 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-04 103720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2009-09-01 75048]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\User\Menu Start\Programma's\Opstarten\
Dropbox.lnk - c:\documents and settings\User\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [N/A]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-7-25 572000]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Documents and Settings\\User\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/04/27 10:17];c:\program files\CyberLink\PowerDVD9\000.fcl [1-9-2009 16:59 87536]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [25-7-2012 14:20 655944]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [25-7-2012 10:46 1326176]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [25-7-2012 10:46 681056]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [25-7-2012 14:20 22344]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [1-9-2010 10:30 15544]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21-6-2011 18:34 135664]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13-7-2012 13:28 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4-4-2012 13:44 250056]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [21-6-2011 18:34 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [10-8-2012 2:24 113120]
.
Inhoud van de 'Gedeelde Taken' map
.
2012-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 03:28]
.
2012-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
.
2012-02-03 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Software\ExpressBurn\expressburn.exe [2012-01-22 18:31]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-21 16:34]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-21 16:34]
.
2012-05-15 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2012-01-29 23:26]
.
2012-08-11 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2012-01-22 21:36]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=83810626649BBA6C303F9A501DA5D899&tbp=homepage
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\t0vs285m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1341485456&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx%3Frru%3Dinbox%26wa%3Dwsignin1.0&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1|http://www.youtube.com/user/Nebulous1982?feature=mhum
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={5E216714-5DC2-47F0-B250-CCED68078D75}&mid=dbf427c8a6b647d1aaebd15dc3a4a1d8-df0f0bc1345b559d18ac1897f1f9853433241d27&lang=en&ds=AVG&pr=fr&d=2012-08-20 18:51&v=12.2.0.5&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
AddRemove-Xilisoft Video Converter Platinum - c:\program files\Xilisoft\Video Converter Platinum\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-20 19:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-602162358-2025429265-1606980848-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{99079A25-328F-4BD4-BE04-00955ACAA0A7}"=hex:51,66,7a,6c,4c,1d,3b,1b,35,82,15,
82,b9,67,b9,05,a7,07,5f,ca,5a,8b,e0,bf
"{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}"=hex:51,66,7a,6c,4c,1d,3b,1b,d5,de,1f,
bf,e6,2c,c5,02,b8,86,d0,a6,89,ee,51,0d
"{9D717F81-9148-4F12-8568-69135F087DB0}"=hex:51,66,7a,6c,4c,1d,3b,1b,91,67,63,
86,7e,c4,7f,01,9c,6b,36,4c,5f,49,3d,a8
.
Voltooingstijd: 2012-08-20 19:58:26
ComboFix-quarantined-files.txt 2012-08-20 17:58
.
Pre-Run: 13.717.622.784 bytes beschikbaar
Post-Run: 13.769.052.160 bytes beschikbaar
.
- - End Of File - - 39CC529E363E6D4FDF7F6F605AA9203F

The file you asked about is GMER set up file.
 
Okay, there are quite a few removals to set up. Question: Did you buy the Malwarebytes program or are you still using the one from the link in our malware steps?

TMagic, he is carrying around a lot of processes that need to be removed. But Combofix works 2 ways: 1. will find and quarantine/delete some entries and 2. will show other entries to be removed through the script. He will be better after #2.
 
That's good, I've used Combofix in these instances and I have noticed that about 50% of the time, it works fine. The other 50% of the time, it is clean Windows installs after a full format for me. Of course, my customer's are okay with that :) Thanks again for your help here
 
Firefox Keyword Reset:
  • Open FireFox and instead of a url, type about:config in the Address Bar.
  • Firefox will give you a warning, but go in anyway.
  • Locate the keyword.url line. It should look like the image below.
    bing-zugo-firefox.gif
  • Right click on keyword.url, then select Reset
==============================

*SNIPPED COMBOFIX SCRIPT* ~DMJ


NOTE: In the scan below, you will not remove processes found. Please be sure to observe that line. I will handle them.


To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exe link and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

Both logs in next reply please.
 
Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:

My notepad version is in dutch, and I cannot find these references. Could you rephrase?
 
Translated to Dutch:
Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Click to expand...
Open kladblok = Open Notepad ( kladblobk=notepad)
klik op Opmaak = Click on Format (Opmaak =Format)
Vink 'Automatische terugloop = Uncheck Word Wrap (Automatische terugloop= Word Wrap)
en kopieer = and copy
de tekst hieronder plakken in de code erin: = paste the text below in it.
(de tekst=of text, hieronder=below, plakken=paste, de code=code boc)

For your convenience: Translate English to Dutch
 
ComboFix 12-08-22.03 - User 23-08-2012 11:55:17.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3071.2505 [GMT 2:00]
Gestart vanuit: d:\p r o j e c t\MIC CHECK\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\User\Bureaublad\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Nieuw herstelpunt werd aangemaakt
.
FILE ::
"c:\program files\Malwarebytes'Anti-Malware\mbamservice.exe"
"c:\program files\Mozilla Maintenance Service\maintenanceservice.exe"
"c:\windows\system32\drivers\mbam.sys"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor
c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\guid.dat
c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\StatIDs.dat
c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\uninstall.exe
c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.dll
c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.man
c:\documents and settings\All Users\Application Data\blekko toolbars
c:\documents and settings\All Users\Application Data\blekko toolbars\toolbar.txt
c:\documents and settings\User\Application Data\blekkotb_031
c:\documents and settings\User\Application Data\blekkotb_031\dtx.ini
c:\documents and settings\User\Application Data\blekkotb_031\geoip.xml
c:\documents and settings\User\Application Data\blekkotb_031\guid.dat
c:\documents and settings\User\Application Data\blekkotb_031\setupCfg.xml
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\catalog.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820180032-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820180032-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820181238-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820181238-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820184032-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820184032-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820184220-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820184220-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820191504-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820191504-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820192201-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820192201-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820201137-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820201137-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820201650-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820201650-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820204111-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820204111-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820211853-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820211853-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820212902-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820212902-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820222110-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820222110-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820232331-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820232331-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820235038-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120820235038-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821002114-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821002114-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821002443-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821002443-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821010211-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821010211-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821012603-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821012603-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821014127-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821014127-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821022033-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821022033-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821022725-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821022725-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821025118-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821025118-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821032155-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821032155-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821032847-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821032847-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821040303-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821040303-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821041140-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821041140-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821044043-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821044043-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821050436-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821050436-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821052145-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821052145-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821060037-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821060037-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821060551-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821060551-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821061100-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821061100-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821064137-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821064137-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821064503-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821064503-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821070704-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821070704-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821071035-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821071035-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821072100-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821072100-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821073113-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821073113-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821073804-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821073804-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821074131-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821074131-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821080308-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821080308-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821080820-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821080820-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821082037-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821082037-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821085158-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821085158-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821091112-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821091112-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821093029-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821093029-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821095129-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821095129-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821100851-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821100851-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821101044-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821101044-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821101418-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821101418-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821103143-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821103143-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821110109-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821110109-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821111642-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821111642-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821112203-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821112203-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821113036-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821113036-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821120131-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821120131-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821121329-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821121329-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821121845-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821121845-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821123239-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821123239-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821124431-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821124431-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821130131-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821130131-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821131507-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821131507-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821132023-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821132023-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821132216-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821132216-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821134112-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821134112-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821134621-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821134621-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821140147-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821140147-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821142211-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821142211-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821144107-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821144107-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821150144-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821150144-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821151853-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821151853-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821152043-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821152043-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821152433-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821152433-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821154103-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821154103-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821160136-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821160136-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120821182429-f.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822164457-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822164457-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822165124-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822165124-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822170114-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822170114-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822171143-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822171143-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822173041-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822173041-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822174108-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822174108-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822180202-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822180202-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822181047-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822181047-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822183123-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822183123-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822184146-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822184146-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822185037-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822185037-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822190428-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822190428-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822191131-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822191131-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822193032-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822193032-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822194101-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822194101-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822195136-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822195136-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822200204-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822200204-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822200723-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822200723-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822201100-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822201100-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822203151-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822203151-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822205110-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822205110-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822210141-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822210141-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822211031-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822211031-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822211224-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822211224-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822213138-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822213138-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822215100-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822215100-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822220136-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822220136-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822221210-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822221210-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822221403-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822221403-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822222129-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822222129-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822223202-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822223202-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822224048-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822224048-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822231214-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822231214-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822231550-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822231550-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822233137-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822233137-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822235046-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120822235046-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823000125-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823000125-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823001158-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823001158-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823001900-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823001900-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823002053-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823002053-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823003127-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823003127-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823004059-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823004059-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823011050-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823011050-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823012120-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823012120-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823013151-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823013151-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823014035-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823014035-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823015103-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823015103-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823021201-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823021201-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823022047-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823022047-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823022423-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823022423-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823023130-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823023130-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823024157-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823024157-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823030112-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823030112-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823031142-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823031142-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823032206-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823032206-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823032725-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823032725-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823033104-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823033104-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823034133-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823034133-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823035902-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823035902-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823041120-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823041120-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823043034-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823043034-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823044105-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823044105-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823050216-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823050216-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823051104-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823051104-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823054046-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823054046-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823060529-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823060529-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823060723-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823060723-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823061102-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823061102-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823062130-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823062130-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823063200-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823063200-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823065113-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823065113-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823070701-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823070701-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823071040-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823071040-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823073140-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823073140-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823074213-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823074213-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823080557-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823080557-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823080939-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823080939-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823081138-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823081138-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823082800-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823082800-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823084045-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823084045-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823085130-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823085130-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823091132-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823091132-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823092038-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823092038-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823094033-l.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\120823094033-m.list
c:\documents and settings\User\Local Settings\Application Data\blekkotb_031\data\temp.zip
c:\program files\Mozilla Maintenance Service\maintenanceservice.exe
c:\program files\Temp File Cleaner
c:\program files\Temp File Cleaner\logo.png
c:\program files\Temp File Cleaner\README.html
c:\program files\Temp File Cleaner\TempFileCleaner.exe
c:\program files\Temp File Cleaner\Uninstall.exe
c:\windows\system32\avgfwdx.dll
c:\windows\system32\drivers\mbam.sys
.
 
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MBAMPROTECTOR
-------\Legacy_MBAMSERVICE
-------\Service_MBAMProtector
-------\Service_MBAMService
-------\Service_MozillaMaintenance
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-23 to 2012-08-23 ))))))))))))))))))))))))))))))
.
.
2012-08-20 18:06 . 2012-08-20 18:06 -------- d-----w- c:\documents and settings\User\Application Data\AVG2012
2012-08-20 18:05 . 2012-08-20 18:05 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\AVG Secure Search
2012-08-20 18:05 . 2012-08-20 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-08-20 18:05 . 2012-08-20 18:05 -------- d-----w- c:\documents and settings\User\Application Data\AVG Secure Search
2012-08-20 18:05 . 2012-08-20 18:05 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-20 18:05 . 2012-08-20 18:05 -------- d-----w- c:\program files\AVG Secure Search
2012-08-20 18:05 . 2012-08-20 18:05 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-08-20 18:03 . 2012-08-20 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-08-20 18:03 . 2012-08-20 18:03 -------- d-----w- C:\$AVG
2012-08-20 18:02 . 2012-08-20 18:02 -------- d-----w- c:\program files\AVG
2012-08-20 17:59 . 2012-08-23 09:47 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-08-16 01:15 . 2012-08-16 01:15 -------- d-----w- c:\documents and settings\User\Application Data\Sony
2012-08-16 01:03 . 2012-08-23 09:50 -------- d--h--r- c:\documents and settings\User\Onlangs geopend
2012-08-08 01:08 . 2012-08-08 01:08 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Sun
2012-08-06 20:46 . 2012-08-06 20:46 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Secunia PSI
2012-08-06 20:45 . 2012-08-06 20:45 -------- d-----w- c:\program files\Secunia
2012-08-04 22:54 . 2012-08-04 22:54 -------- d-----w- c:\documents and settings\User\Application Data\addpcs
2012-08-04 22:46 . 2012-08-04 22:46 -------- d-----w- c:\program files\Microsoft.NET
2012-08-04 22:11 . 2012-08-04 22:11 -------- d-----w- c:\program files\Common Files\Java
2012-08-04 22:10 . 2012-08-04 22:10 -------- d-----w- c:\program files\Oracle
2012-08-04 22:10 . 2012-08-04 22:10 -------- d-----w- c:\documents and settings\User\Application Data\Oracle
2012-08-04 22:10 . 2012-07-05 20:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-04 14:32 . 2012-08-23 09:47 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-25 12:21 . 2012-07-25 12:21 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2012-07-25 12:20 . 2012-07-25 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-25 12:20 . 2012-07-25 12:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 03:28 . 2012-04-04 11:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 03:28 . 2011-05-19 09:28 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-06 20:50 . 2012-04-03 17:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-06 13:58 . 2008-04-14 20:32 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-05 20:06 . 2011-04-28 16:55 687544 -c--a-w- c:\windows\system32\deployJava1.dll
2012-07-04 14:05 . 2011-04-26 12:05 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:23 . 2008-04-14 20:05 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:38 . 2008-04-14 20:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2008-04-14 20:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 17:38 . 2008-04-14 20:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 12:05 . 2008-04-14 20:05 385024 ------w- c:\windows\system32\html.iec
2012-06-25 18:00 . 2012-07-02 17:28 79872 ----a-w- c:\windows\system32\ff_vfw.dll
2012-06-09 17:21 . 2011-06-11 10:58 178688 ----a-w- c:\windows\system32\unrar.dll
2012-06-05 15:49 . 2008-04-14 20:32 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2008-04-14 20:32 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-14 20:32 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2009-08-06 17:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2011-04-26 12:07 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2011-04-26 12:07 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2011-04-26 12:07 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2011-04-26 12:07 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2011-04-26 12:07 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 17:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-04-14 20:32 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 17:24 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2011-04-26 12:07 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-08-06 17:23 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2011-04-26 12:07 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2009-08-06 17:23 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2011-05-04 08:24 18160 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2011-05-04 08:24 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2011-05-04 08:24 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2008-04-14 20:32 602624 ----a-w- c:\windows\system32\crypt32.dll
2012-07-14 00:15 . 2012-08-10 00:24 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-20_17.56.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-23 10:03 . 2012-08-23 10:03 16384 c:\windows\Temp\Perflib_Perfdata_408.dat
+ 2012-01-31 02:46 . 2012-01-31 02:46 31952 c:\windows\system32\drivers\avgrkx86.sys
+ 2011-12-23 11:32 . 2011-12-23 11:32 41040 c:\windows\system32\drivers\avgmfx86.sys
+ 2011-12-23 11:32 . 2011-12-23 11:32 17232 c:\windows\system32\drivers\avgidsshimx.sys
+ 2012-04-19 02:50 . 2012-04-19 02:50 24896 c:\windows\system32\drivers\avgidshx.sys
+ 2011-12-23 11:32 . 2011-12-23 11:32 24144 c:\windows\system32\drivers\avgidsfilterx.sys
+ 2012-01-12 17:52 . 2012-01-12 17:52 30944 c:\windows\system32\drivers\avgfwdx.sys
- 2012-08-05 15:23 . 2012-08-05 15:23 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2012-08-05 15:23 . 2012-08-22 14:22 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-16 11:57 . 2012-08-22 14:22 16384 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
- 2011-09-16 11:57 . 2012-08-05 15:23 16384 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
- 2012-08-05 15:23 . 2012-08-05 15:23 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-08-22 14:23 . 2012-08-22 14:22 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-03-19 03:17 . 2012-03-19 03:17 301248 c:\windows\system32\drivers\avgtdix.sys
+ 2012-02-22 03:25 . 2012-02-22 03:25 235216 c:\windows\system32\drivers\avgldx86.sys
+ 2011-12-23 11:32 . 2011-12-23 11:32 139856 c:\windows\system32\drivers\avgidsdriverx.sys
+ 2012-08-20 18:05 . 2012-08-20 18:05 5164032 c:\windows\Installer\14f39e.msi
+ 2012-08-20 18:02 . 2012-08-20 18:02 2208768 c:\windows\Installer\14f39a.msi
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-20 18:05 2045024 ----a-w- c:\program files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll" [2012-08-20 2045024]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-21 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-04 103720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2009-09-01 75048]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-20 1162848]
"ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-08-20 1020512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\User\Menu Start\Programma's\Opstarten\
Dropbox.lnk - c:\documents and settings\User\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [N/A]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-7-25 572000]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Documents and Settings\\User\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 4:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31-1-2012 4:46 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22-2-2012 5:25 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [19-3-2012 5:17 301248]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [20-8-2012 20:05 27496]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/04/27 10:17];c:\program files\CyberLink\PowerDVD9\000.fcl [1-9-2009 16:59 87536]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [13-6-2012 3:48 2321560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4-7-2012 17:25 5160568]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-2-2012 4:53 193288]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [25-7-2012 10:46 1326176]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [25-7-2012 10:46 681056]
R2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [20-8-2012 20:05 927840]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12-1-2012 19:52 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 13:32 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 13:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 13:32 17232]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [1-9-2010 10:30 15544]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21-6-2011 18:34 135664]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13-7-2012 13:28 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4-4-2012 13:44 250056]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12-1-2012 19:52 30944]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [21-6-2011 18:34 135664]
.
Inhoud van de 'Gedeelde Taken' map
.
2012-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 03:28]
.
2012-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
.
2012-02-03 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Software\ExpressBurn\expressburn.exe [2012-01-22 18:31]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-21 16:34]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-21 16:34]
.
2012-05-15 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2012-01-29 23:26]
.
2012-08-11 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2012-01-22 21:36]
.
.
------- Bijkomende Scan -------
.
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\t0vs285m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1341485456&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx%3Frru%3Dinbox%26wa%3Dwsignin1.0&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1|http://www.youtube.com/user/Nebulous1982?feature=mhum
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS VERWIJDERD - - - -
.
AddRemove-Anti-phishing Domain Advisor - c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\uninstall.exe
AddRemove-Temp File Cleaner - c:\program files\Temp File Cleaner\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-23 12:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-602162358-2025429265-1606980848-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{99079A25-328F-4BD4-BE04-00955ACAA0A7}"=hex:51,66,7a,6c,4c,1d,3b,1b,35,82,15,
82,b9,67,b9,05,a7,07,5f,ca,5a,8b,e0,bf
"{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}"=hex:51,66,7a,6c,4c,1d,3b,1b,d5,de,1f,
bf,e6,2c,c5,02,b8,86,d0,a6,89,ee,51,0d
"{9D717F81-9148-4F12-8568-69135F087DB0}"=hex:51,66,7a,6c,4c,1d,3b,1b,91,67,63,
86,7e,c4,7f,01,9c,6b,36,4c,5f,49,3d,a8
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(1388)
c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
.
**************************************************************************
.
Voltooingstijd: 2012-08-23 12:09:57 - machine werd herstart
ComboFix-quarantined-files.txt 2012-08-23 10:09
ComboFix2.txt 2012-08-20 17:58
.
Pre-Run: 13.139.406.848 bytes beschikbaar
Post-Run: 13.112.217.600 bytes beschikbaar
.
- - End Of File - - 7DA2DE14797B7FD5A948AE7604189BFC

ESET did not produce a log.
 
It would have been best if you had removed AVG temporarily as requested.
Have you noticed any improvement in the speed?
-------------------
A tip for you: Whenever you get a download screen, look carefully for any pre-checked boxes. These are usually for toolbars, browser helper objects that don't have anything to do with the program you are downloading. They should be unchecked before you do the download.

When you are ready to run/install the program that you saved to the desktop, if given a choice, choose Custom install rather than Standard. You may find places this way to uncheck also>>>

Example: You downloaded something through
Visicom Media Network or VMN.net
It had the Blekko Search bar bundled with it, which may change your home page.
I put it in the script you ran and you can look in the Combofix log to see how many processes were removed.
===================================
I'd like you to run HijackThis. It is important that
you set up the directory first:

First, set up a Directory for HijackThis as follows:
Right click Start> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
Exit Explorer
You now have a folder C:\HijackThis
----------------------------------
Download HijackThis and save to your desktop.
  • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
  • Extract it to the directory on your hard drive you created C:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste (Ctrl+V) the log in your next reply.
NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
--------------------
I'll check this log to see if there are any left over files.
Let me know how the system is doing.
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:04:08, on 24-8-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared files\brs.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O9 - Extra button: YouTube Downloader - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\YouTubeDownloader\YouTubeDownloader.exe (file missing)
O9 - Extra 'Tools' menuitem: YouTube Downloader - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\YouTubeDownloader\YouTubeDownloader.exe (file missing)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: vToolbarUpdater12.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe

--
End of file - 8780 bytes

---------------------------------------------------------------------------------------------------------

I forgot to switch off AVG after recieving further instructions.

The system is still slow.
 
You must log in or register to reply here.

Similar threads

Cal Jeffrey
Hackers used Ars Technica and Vimeo to deliver malware using obfuscated binary instructions...
Replies
0
Views
134
Cal Jeffrey
Cal Jeffrey
midian182
Marvel's Guardians of the Galaxy is available for free from the Epic Games Store
Replies
13
Views
337
Bamda
Bamda
Daniel Sims
Here are the PC gaming highlights from Sony's PlayStation State of Play
Replies
0
Views
181
Daniel Sims
Daniel Sims

Latest posts

Back