Vrighty

I removed all files. Only Yontoo gave me some trobble. First attempt gave an error and AVG popped up with a message ''Tarma installer'' was being annoying. I removed it manualy and Yontoo got removed (i think). I couldnt shut down AVG antivir and anispyware... there was just no button on AVG to temp close it-,-. JUNKWARE: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 3.4.8 (11.22.2012) OS: Windows Vista Home Premium x86 Ran by Koen on vr 23-11-2012 at 19:18:07,13 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3040196533-823620445-3569254780-1000\software\microsoft\internet explorer\main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\conduit" Successfully deleted: [Registry Key] "hkey_current_user\software\babylontoolbar" Successfully deleted: [Registry Key] "hkey_current_user\software\sweetim" Successfully deleted: [Registry Key] "hkey_local_machine\software\babylon" Successfully deleted: [Registry Key] "hkey_local_machine\software\conduit" Successfully deleted: [Registry Key] "hkey_local_machine\software\iminent" Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd72061e-9fde-484d-a58a-0bab4151cad8} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\babylon" Successfully deleted: [Folder] "C:\Users\Koen\AppData\Roaming\babylon" Successfully deleted: [Folder] "C:\Users\Koen\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Program Files\conduit" Successfully deleted: [Folder] "C:\Program Files\yontoo" ~~~ FireFox Successfully deleted: [File] C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\9t0tliyt.default\user.js Successfully deleted: [File] C:\user.js Successfully deleted: [Folder] C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\9t0tliyt.default\extensions\ffxtlbr@babylon.com Successfully deleted: [Folder] C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\9t0tliyt.default\extensions\oneclickdownload@oneclickdownload.com Successfully deleted: [Folder] C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\9t0tliyt.default\extensions\plugin@yontoo.com Successfully deleted: [Folder] C:\Users\Koen\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} Successfully deleted: [File] "C:\Program Files\mozilla firefox\searchplugins"\babylon.xml Successfully deleted the following from "C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\9t0tliyt.default\prefs.js" user_pref("CT1142338.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx"); user_pref("CT1142338.AllowNonPrivacy", false); user_pref("CT1142338.CTID", "CT1142338"); user_pref("CT1142338.CTPBaseServerUrl", "http://grouping.services.conduit.com/"); user_pref("CT1142338.CommunityChanged", false); user_pref("CT1142338.CurrentServerDate", "20-3-2010"); user_pref("CT1142338.DialogsAlignMode", "LTR"); user_pref("CT1142338.EMailNotifierPollDate", "Sat Mar 20 2010 12:24:49 GMT+0100"); user_pref("CT1142338.FeedLastCount128311388426518939", 383); user_pref("CT1142338.FeedPollDate128400382093694199", "Sat Mar 20 2010 12:24:47 GMT+0100"); user_pref("CT1142338.FeedPollDate128400382093694200", "Sat Mar 20 2010 12:24:47 GMT+0100"); user_pref("CT1142338.FeedPollDate128400382093694201", "Sat Mar 20 2010 12:24:47 GMT+0100"); user_pref("CT1142338.FeedPollDate128400382093694202", "Sat Mar 20 2010 12:24:48 GMT+0100"); user_pref("CT1142338.FeedPollDate128400382093694203", "Sat Mar 20 2010 12:24:48 GMT+0100"); user_pref("CT1142338.FeedPollDate128400382093694204", "Sat Mar 20 2010 12:24:48 GMT+0100"); user_pref("CT1142338.FeedPollDate128795189875412541", "Sat Mar 20 2010 14:24:49 GMT+0100"); user_pref("CT1142338.FeedPollDate128795190048693893", "Sat Mar 20 2010 14:24:49 GMT+0100"); user_pref("CT1142338.FeedPollDate128795190288694224", "Sat Mar 20 2010 12:24:48 GMT+0100"); user_pref("CT1142338.FeedPollDate128795190536975738", "Sat Mar 20 2010 14:24:49 GMT+0100"); user_pref("CT1142338.FeedPollDate128795190743694609", "Sat Mar 20 2010 14:24:49 GMT+0100"); user_pref("CT1142338.FeedPollDate128795190874007232", "Sat Mar 20 2010 14:24:50 GMT+0100"); user_pref("CT1142338.FeedPollDate128795191041350439", "Sat Mar 20 2010 14:24:50 GMT+0100"); user_pref("CT1142338.FeedPollDate128795191313381778", "Sat Mar 20 2010 14:24:50 GMT+0100"); user_pref("CT1142338.FeedPollDate128795191487444304", "Sat Mar 20 2010 14:24:50 GMT+0100"); user_pref("CT1142338.FeedPollDate128795191630569465", "Sat Mar 20 2010 14:24:50 GMT+0100"); user_pref("CT1142338.FeedPollDate128795191790100333", "Sat Mar 20 2010 14:24:50 GMT+0100"); user_pref("CT1142338.FeedPollDate128795191910256261", "Sat Mar 20 2010 14:24:50 GMT+0100"); user_pref("CT1142338.FeedPollDate128795192020569087", "Sat Mar 20 2010 14:24:50 GMT+0100"); user_pref("CT1142338.FeedPollDate128795192359788404", "Sat Mar 20 2010 14:24:50 GMT+0100"); user_pref("CT1142338.FeedTTL128795190288694224", 1440); user_pref("CT1142338.FeedTTL128795190874007232", 15); user_pref("CT1142338.FeedTTL128795191313381778", 10); user_pref("CT1142338.FeedTTL128795192020569087", 5); user_pref("CT1142338.FirstServerDate", "20-3-2010"); user_pref("CT1142338.FirstTime", true); user_pref("CT1142338.FirstTimeFF3", true); user_pref("CT1142338.FixPageNotFoundErrors", true); user_pref("CT1142338.FixPageNotFoundUrl", "http://SoftonicEnglish.OurToolbar.com/notfound/?actid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&url=EB_MAIN_FRAME_URL"); user_pref("CT1142338.GroupingServerCheckInterval", 1440); user_pref("CT1142338.GroupingServiceUrl", "http://grouping.services.conduit.com/"); user_pref("CT1142338.Initialize", true); user_pref("CT1142338.InitializeCommonPrefs", true); user_pref("CT1142338.InvalidateCache", false); user_pref("CT1142338.IsGrouping", false); user_pref("CT1142338.IsMulticommunity", false); user_pref("CT1142338.IsOpenThankYouPage", true); user_pref("CT1142338.IsOpenUninstallPage", true); user_pref("CT1142338.LanguagePackLastCheckTime", "Sat Mar 20 2010 12:24:48 GMT+0100"); user_pref("CT1142338.LanguagePackReloadInterval", "24"); user_pref("CT1142338.LanguagePackReloadIntervalMM", 1440); user_pref("CT1142338.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx"); user_pref("CT1142338.LastLogin", "Fri Apr 17 2009 18:38:39 GMT+0200"); user_pref("CT1142338.LastLogin_2.5.6.0", "Sat Mar 20 2010 12:24:47 GMT+0100"); user_pref("CT1142338.LatestVersion", "2.1.0.18"); user_pref("CT1142338.Locale", "en-us"); user_pref("CT1142338.LoginCache", 4); user_pref("CT1142338.MCDetectTooltipHeight", "83"); user_pref("CT1142338.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); user_pref("CT1142338.MCDetectTooltipWidth", "295"); user_pref("CT1142338.MyGadgetsServerUrl", "http://services.MyStuff.u-page.com/MyStuffService.asmx/LegacyLogin"); user_pref("CT1142338.MyGadgetsTrustedDomains", "u-page.com"); user_pref("CT1142338.RadioIsPodcast", false); user_pref("CT1142338.RadioLastCheckTime", "Sat Mar 20 2010 12:24:47 GMT+0100"); user_pref("CT1142338.RadioLastUpdateIPServer", "3"); user_pref("CT1142338.RadioLastUpdateServer", "128929877726170000"); user_pref("CT1142338.RadioMediaID", "6866669"); user_pref("CT1142338.RadioMediaType", "Media Player"); user_pref("CT1142338.RadioMenuSelectedID", "EBRadioMenu_CT11423386866669"); user_pref("CT1142338.RadioStationName", "MTV"); user_pref("CT1142338.RadioStationURL", "http://www.radios.com.br/asx/dmtvgo-br.asx"); user_pref("CT1142338.SHRINK_TOOLBAR", 1); user_pref("CT1142338.SearchEngine", "Search||http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT1142338&octid=EB_ORIGINAL_CTID"); user_pref("CT1142338.SearchFromAddressBarIsInit", true); user_pref("CT1142338.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=2&q="); user_pref("CT1142338.SearchInNewTabEnabled", true); user_pref("CT1142338.SearchInNewTabIntervalMM", 1440); user_pref("CT1142338.SearchInNewTabLastCheckTime", "Sat Mar 20 2010 12:24:49 GMT+0100"); user_pref("CT1142338.SearchInNewTabServiceUrl", "http://hosting.conduit-services.com/newtab/?ctid=EB_TOOLBAR_ID"); user_pref("CT1142338.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID"); user_pref("CT1142338.Server", "http://users.conduit.com"); user_pref("CT1142338.SettingsCheckIntervalMin", 120); user_pref("CT1142338.SettingsInvalidateCache", false); user_pref("CT1142338.SettingsLastCheckTime", "Sat Mar 20 2010 12:24:46 GMT+0100"); user_pref("CT1142338.SettingsLastUpdate", "1268899490"); user_pref("CT1142338.ThirdPartyComponentsInterval", 504); user_pref("CT1142338.ThirdPartyComponentsLastCheck", "Sat Mar 20 2010 12:24:46 GMT+0100"); user_pref("CT1142338.ThirdPartyComponentsLastUpdate", "1268899490"); user_pref("CT1142338.ToolbarAlignMode", "SYSTEM"); user_pref("CT1142338.ToolbarName", "Softonic English"); user_pref("CT1142338.TrusteLinkUrl", "http://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112"); user_pref("CT1142338.UserID", "UN20090417183838862"); user_pref("CT1142338.VusualLastUpdateTime", "1236942811"); user_pref("CT1142338.WeatherNetwork", ""); user_pref("CT1142338.WeatherPollDate", "Sat Mar 20 2010 12:24:48 GMT+0100"); user_pref("CT1142338.WeatherUnit", "C"); user_pref("CT1142338.alertChannelId", "634"); user_pref("CT1142338.clientLogIsEnabled", true); user_pref("CT1142338.clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); user_pref("CT1142338.myStuffEnabled", true); user_pref("CT1142338.myStuffPublihserMinWidth", 400); user_pref("CT1142338.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=2&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"); user_pref("CT1142338.myStuffServiceIntervalMM", 1440); user_pref("CT1142338.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT"); user_pref("CT1142338.uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); user_pref("CT1640187.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx"); user_pref("CT1640187.AllowNonPrivacy", false); user_pref("CT1640187.CTID", "CT1640187"); user_pref("CT1640187.CTPBaseServerUrl", "http://grouping.services.conduit.com/"); user_pref("CT1640187.CommunityChanged", false); user_pref("CT1640187.CurrentServerDate", "20-3-2010"); user_pref("CT1640187.DialogsAlignMode", "LTR"); user_pref("CT1640187.EMailNotifierPollDate", "Sat Mar 20 2010 12:24:53 GMT+0100"); user_pref("CT1640187.EnableUsage", true); user_pref("CT1640187.FeedLastCount128540215162575518", 200); user_pref("CT1640187.FeedPollDate128779600725843963", "Sat Mar 20 2010 14:24:51 GMT+0100"); user_pref("CT1640187.FeedPollDate128779601561937848", "Sat Mar 20 2010 14:24:51 GMT+0100"); user_pref("CT1640187.FeedPollDate128779602135218837", "Sat Mar 20 2010 14:24:51 GMT+0100"); user_pref("CT1640187.FeedPollDate128779602603813070", "Sat Mar 20 2010 12:24:52 GMT+0100"); user_pref("CT1640187.FeedPollDate128779602899750840", "Sat Mar 20 2010 12:24:52 GMT+0100"); user_pref("CT1640187.FeedPollDate128779603139437656", "Sat Mar 20 2010 12:24:52 GMT+0100"); user_pref("CT1640187.FirstServerDate", "20-3-2010"); user_pref("CT1640187.FirstTime", true); user_pref("CT1640187.FirstTimeFF3", true); user_pref("CT1640187.FixPageNotFoundErrors", false); user_pref("CT1640187.GroupingServerCheckInterval", 1440); user_pref("CT1640187.GroupingServiceUrl", "http://grouping.services.conduit.com/"); user_pref("CT1640187.Initialize", true); user_pref("CT1640187.InitializeCommonPrefs", true); user_pref("CT1640187.InstalledDate", "Sat Mar 20 2010 12:24:52 GMT+0100"); user_pref("CT1640187.InvalidateCache", false); user_pref("CT1640187.IsGrouping", false); user_pref("CT1640187.IsMulticommunity", false); user_pref("CT1640187.LanguagePackLastCheckTime", "Sat Mar 20 2010 12:24:52 GMT+0100"); user_pref("CT1640187.LanguagePackReloadInterval", "24"); user_pref("CT1640187.LanguagePackReloadIntervalMM", 1440); user_pref("CT1640187.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx"); user_pref("CT1640187.LastLogin", "Fri Apr 17 2009 17:42:57 GMT+0200"); user_pref("CT1640187.LastLogin_2.5.6.0", "Sat Mar 20 2010 12:24:51 GMT+0100"); user_pref("CT1640187.LatestVersion", "2.1.0.18"); user_pref("CT1640187.Locale", "en-us"); user_pref("CT1640187.LoginCache", 4); user_pref("CT1640187.MCDetectTooltipHeight", "83"); user_pref("CT1640187.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); user_pref("CT1640187.MCDetectTooltipWidth", "295"); user_pref("CT1640187.RadioIsPodcast", false); user_pref("CT1640187.RadioLastCheckTime", "Sat Mar 20 2010 12:24:51 GMT+0100"); user_pref("CT1640187.RadioLastUpdateIPServer", "3"); user_pref("CT1640187.RadioLastUpdateServer", "128929877726170000"); user_pref("CT1640187.RadioMediaType", "Media Player"); user_pref("CT1640187.RadioMenuSelectedID", "EBRadioMenu_CT164018710984132"); user_pref("CT1640187.RadioStationName", "181%20Rock%20on%20181.FM"); user_pref("CT1640187.RadioStationURL", "http://www.181.fm/stream/asx/181-rock"); user_pref("CT1640187.SHRINK_TOOLBAR", 1); user_pref("CT1640187.SearchFromAddressBarIsInit", true); user_pref("CT1640187.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=2&q="); user_pref("CT1640187.SearchInNewTabEnabled", true); user_pref("CT1640187.SearchInNewTabIntervalMM", 1440); user_pref("CT1640187.SearchInNewTabServiceUrl", "http://hosting.conduit-services.com/newtab/?ctid=EB_TOOLBAR_ID"); user_pref("CT1640187.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID"); user_pref("CT1640187.Server", "http://users.conduit.com"); user_pref("CT1640187.SettingsCheckIntervalMin", 120); user_pref("CT1640187.SettingsLastCheckTime", "Sat Mar 20 2010 12:24:50 GMT+0100"); user_pref("CT1640187.SettingsLastUpdate", "1239882342"); user_pref("CT1640187.ThirdPartyComponentsInterval", 504); user_pref("CT1640187.ThirdPartyComponentsLastCheck", "Sat Mar 20 2010 12:24:50 GMT+0100"); user_pref("CT1640187.ThirdPartyComponentsLastUpdate", "1267806643"); user_pref("CT1640187.ToolbarAlignMode", "SYSTEM"); user_pref("CT1640187.ToolbarName", "TorrentMan"); user_pref("CT1640187.TrusteLinkUrl", "http://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112"); user_pref("CT1640187.UserID", "UN20090417174257058"); user_pref("CT1640187.VusualLastUpdateTime", "1239882342"); user_pref("CT1640187.WeatherNetwork", ""); user_pref("CT1640187.WeatherPollDate", "Sat Mar 20 2010 12:24:52 GMT+0100"); user_pref("CT1640187.WeatherUnit", "C"); user_pref("CT1640187.alertChannelId", "45107"); user_pref("CT1640187.clientLogIsEnabled", false); user_pref("CT1640187.clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); user_pref("CT1640187.myStuffEnabled", true); user_pref("CT1640187.myStuffPublihserMinWidth", 400); user_pref("CT1640187.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=2&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"); user_pref("CT1640187.myStuffServiceIntervalMM", 1440); user_pref("CT1640187.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT"); user_pref("CT1640187.uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); user_pref("CommunityToolbar.MyGadgetsIntervalMM", 1440); user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties"); user_pref("CommunityToolbar.ToolbarsList", "CT1142338,CT1640187"); user_pref("CommunityToolbar.ToolbarsList2", "CT1142338"); user_pref("CommunityToolbar.alert.alertInfoInterval", 60); user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Mar 20 2010 14:24:51 GMT+0100"); user_pref("CommunityToolbar.alert.clientsServerUrl", "http://alert.client.conduit.com"); user_pref("CommunityToolbar.alert.locale", "en"); user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Mar 20 2010 12:24:46 GMT+0100"); user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1234796400"); user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); user_pref("CommunityToolbar.alert.servicesServerUrl", "http://alert.services.conduit.com"); user_pref("CommunityToolbar.alert.showTrayIcon", false); user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); user_pref("CommunityToolbar.alert.userId", "{1818bed1-b1ba-4db3-99ca-54a258a260f2}"); user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Mar 20 2010 12:24:50 GMT+0100"); user_pref("browser.newtab.url", "http://search.babylon.com/?affID=109217&tt=3612_6&babsrc=NT_ss&mntrId=226b3e1200000000000000221528e026"); user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q="); user_pref("browser.search.order.1", "Search the web (Babylon)"); user_pref("browser.search.selectedEngine", "Search the web (Babylon)"); user_pref("browser.startup.homepage", "http://search.babylon.com/?affID=109217&tt=3612_6&babsrc=HP_ss&mntrId=226b3e1200000000000000221528e026"); user_pref("extensions.BabylonToolbar.admin", false); user_pref("extensions.BabylonToolbar.aflt", "babsst"); user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); user_pref("extensions.BabylonToolbar.autoRvrt", "false"); user_pref("extensions.BabylonToolbar.babExt", ""); user_pref("extensions.BabylonToolbar.babTrack", "affID=109217&tt=3612_6"); user_pref("extensions.BabylonToolbar.bbDpng", "7"); user_pref("extensions.BabylonToolbar.cntry", "NL"); user_pref("extensions.BabylonToolbar.dfltLng", "en"); user_pref("extensions.BabylonToolbar.envrmnt", "production"); user_pref("extensions.BabylonToolbar.excTlbr", false); user_pref("extensions.BabylonToolbar.hdrMd5", "D297B6E1EA8223314E1A39CDD2818B43"); user_pref("extensions.BabylonToolbar.hmpg", true); user_pref("extensions.BabylonToolbar.id", "226b3e1200000000000000221528e026"); user_pref("extensions.BabylonToolbar.instlDay", "15586"); user_pref("extensions.BabylonToolbar.instlRef", "sst"); user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1219:56:24"); user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1"); user_pref("extensions.BabylonToolbar.newTab", false); user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"26\",\"lastVrsn\":\"26\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0}"); user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); user_pref("extensions.BabylonToolbar.sg", "none"); user_pref("extensions.BabylonToolbar.smplGrp", "none"); user_pref("extensions.BabylonToolbar.srcExt", "ss"); user_pref("extensions.BabylonToolbar.tlbrId", "base"); user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=226b3e1200000000000000221528e026&q="); user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12"); user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1219:56:24"); user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12"); user_pref("extensions.BabylonToolbar_i.babExt", ""); user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109217&tt=3612_6"); user_pref("extensions.BabylonToolbar_i.newTab", false); user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1219:56:24"); user_pref("extentions.y2layers.defaultEnableAppsList", "bestvideodownloader,ezLooker,pagerage,buzzdock,dropdowndeals,twittube,YontooNewOffers"); user_pref("extentions.y2layers.installId", "74be9997-943b-4ad6-9fd0-adba258ee303"); user_pref("keyword.URL", "http://search.babylon.com/?affID=109217&tt=3612_6&babsrc=KW_ss&mntrId=226b3e1200000000000000221528e026&q="); ~~~ Chrome Successfully deleted: [Folder] C:\Users\Koen\appdata\local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc Successfully deleted: [Folder] C:\Users\Koen\appdata\local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\niapdbllcanepiiimjjndipklodoedlc Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\pmlghpafmmnmmkjdhacccolfgnkiboco ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on vr 23-11-2012 at 19:25:33,49 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ RKILL: Rkill 2.4.5 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 11/23/2012 07:30:30 PM in x86 mode. Windows Version: Windows Vista Home Premium Service Pack 2 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\Windows\System32\ACEngSvr.exe (PID: 2928) [WD-HEUR] * C:\Windows\ASScrPro.exe (PID: 4344) [WD-HEUR] 2 proccesses terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 Checking Windows Service Integrity: * Windows Defender (WinDefend) is not Running. Startup Type set to: Automatic Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost ::1 localhost Program finished at: 11/23/2012 07:30:55 PM Execution time: 0 hours(s), 0 minute(s), and 24 seconds(s) COMBOFIX ComboFix 12-11-23.02 - Koen 23-11-2012 19:48:55.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3070.1603 [GMT 1:00] Gestart vanuit: c:\users\Koen\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\SecureW2 c:\program files\SecureW2\Uninstall.exe c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2 c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk c:\users\Koen\AppData\Local\TempDIR c:\users\Koen\AppData\Local\Windows Server c:\users\Koen\AppData\Local\Windows Server\flags.ini c:\users\Koen\AppData\Local\Windows Server\server.dat c:\users\Koen\AppData\Local\Windows Server\uses32.dat D:\install.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-23 to 2012-11-23 )))))))))))))))))))))))))))))) . . 2012-11-23 19:14 . 2012-11-23 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-23 18:17 . 2012-11-23 18:17 -------- d-----w- c:\windows\ERUNT 2012-11-23 18:17 . 2012-11-23 18:17 -------- d-----w- C:\JRT 2012-11-18 16:59 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll 2012-11-18 16:58 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-23 19:38 . 2008-07-03 00:20 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-10-09 10:58 . 2012-04-09 08:36 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 10:58 . 2011-05-27 07:10 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-24 13:32 . 2012-06-21 09:39 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-09-24 13:32 . 2010-04-18 15:08 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-13 13:28 . 2012-10-10 10:28 2048 ----a-w- c:\windows\system32\tzres.dll 2012-08-29 11:27 . 2012-10-10 10:28 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-29 11:27 . 2012-10-10 10:28 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-08 14:28 . 2011-04-08 14:28 3050664 ----a-w- c:\program files\ccsetup305.exe 2010-03-25 18:07 . 2010-03-25 18:06 42281152 ----a-w- c:\program files\avira_antivir_personal_en.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "Akamai NetSession Interface"="c:\users\Koen\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-27 4702208] "Skytel"="Skytel.exe" [2007-08-03 1826816] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440] "PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240] "ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-07-03 37232] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-07-03 33136] "CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-01-26 2077536] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\APSHook.dll . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel Akamai REG_MULTI_SZ Akamai LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2012-11-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 10:58] . 2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-08 14:28] . 2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-08 14:28] . 2012-11-23 c:\windows\Tasks\ParetoLogic Registration.job - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59] . 2012-10-31 c:\windows\Tasks\ParetoLogic Update Version2.job - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 213.46.228.196 62.179.104.196 DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxp://secure.gopetslive.com/dev/GoPetsWeb.cab FF - ProfilePath - c:\users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\9t0tliyt.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} . . ------- Bestandsassociaties ------- . .scr=AutoCADScriptFile . - - - - ORPHANS VERWIJDERD - - - - . HKCU-Run-Badoo Desktop - c:\programdata\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe AddRemove-SecureW2 EAP Suite - c:\program files\SecureW2\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-23 20:39 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(2540) c:\windows\system32\APSHook.dll c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\ATK Hotkey\ASLDRSrv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\windows\system32\WLANExt.exe c:\windows\system32\agrsmsvc.exe c:\program files\AVG\AVG9\avgwdsvc.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\ASUS\NB Probe\SPM\spmgr.exe c:\program files\TeamViewer\Version4\TeamViewer_Service.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe c:\program files\ASUS\SmartLogon\sensorsrv.exe c:\program files\ATK Hotkey\Hcontrol.exe c:\program files\ATKOSD2\ATKOSD2.exe c:\program files\Wireless Console 2\wcourier.exe c:\program files\ASUS\ASUS CopyProtect\aspg.exe c:\program files\P4G\BatteryLife.exe c:\program files\ASUS\Splendid\ACMON.exe c:\windows\System32\ACEngSvr.exe c:\windows\system32\conime.exe c:\program files\ATK Hotkey\ATKOSD.exe c:\program files\ATK Hotkey\KBFiltr.exe c:\program files\ATK Hotkey\WDC.exe c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Voltooingstijd: 2012-11-23 20:42:46 - machine werd herstart ComboFix-quarantined-files.txt 2012-11-23 19:42 . Pre-Run: 28.189.061.120 bytes beschikbaar Post-Run: 27.987.021.824 bytes beschikbaar . - - End Of File - - A1A77A456CF97A2A70C8A2C5D03F65A1

Sorry, forgot you wanted them posted them with copy/paste. Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 3-7-2008 0:38:28 System Uptime: 22-11-2012 12:09:19 (4 hours ago) . Motherboard: ASUSTeK Computer Inc. | | M51SE Processor: Intel® Core2 Duo CPU T5750 @ 2.00GHz | Socket 478 | 1000/167mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 116 GiB total, 26,268 GiB free. D: is FIXED (NTFS) - 107 GiB total, 29,514 GiB free. E: is CDROM () F: is CDROM () G: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 1ClickDownloader Aangifte inkomstenbelasting 2010 Activation Assistant for the 2007 Microsoft Office suites Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 8.1.2 - Nederlands Agere Systems HDA Modem Akamai NetSession Interface Akamai NetSession Interface Service ASUS CopyProtect ASUS InstantFun ASUS LifeFrame3 ASUS Live Update ASUS Security Protect Manager ASUS SmartLogon ASUS Splendid Video Enhancement Technology Asus_Camera_ScreenSaver ATI Catalyst Install Manager ATK Generic Function Service ATK Hotkey ATK Media ATKOSD2 µTorrent AuthenTec Fingerprint Sensor Minimum Install AutoCAD 2008 - English Autodesk DWF Viewer 7 AVG Free 9.0 Call of Duty Call of Duty - United Offensive Canon Easy-WebPrint EX Canon iP4700 series Printer Driver Canon Utilities Easy-PhotoPrint EX Canon Utilities My Printer Canon Utilities Solution Menu Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization Chinese Traditional Catalyst Control Center Localization Czech Catalyst Control Center Localization Danish Catalyst Control Center Localization Dutch Catalyst Control Center Localization Finnish Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Greek Catalyst Control Center Localization Hungarian Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Korean Catalyst Control Center Localization Norwegian Catalyst Control Center Localization Polish Catalyst Control Center Localization Portuguese Catalyst Control Center Localization Russian Catalyst Control Center Localization Spanish Catalyst Control Center Localization Swedish Catalyst Control Center Localization Thai Catalyst Control Center Localization Turkish ccc-Branding ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner CD-LabelPrint Creeper World DEMO CyberLink LabelPrint DAEMON Tools Lite DAEMON Tools Toolbar Delft GeoSystems Common Files DWG TrueView 2010 Gebruikersregistratie voor Canon iP4700 series Google Chrome Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel® PROSet/Wireless Software Intel® Matrix Storage Manager ITRWoW 3.2.2a Java Auto Updater Java 6 Update 37 JMB36X Raid Configurer Junk Mail filter update LightScribe System Software 1.12.37.1 Malwarebytes' Anti-Malware mCore mDriver mHelp Microsoft .NET Framework 3.5 Language Pack SP1 - nld Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (Dutch) 2007 Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office Live Add-in 1.3 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Project 2007 Service Pack 3 (SP3) Microsoft Office Project MUI (English) 2007 Microsoft Office Project Professional 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual Basic Power Packs 3.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft WSE 3.0 Runtime mMHouse Mozilla Firefox (3.6.18) mPfMgr MSheet MSVCRT NB Probe OGA Notifier 2.0.0048.0 P4P Power2Go Power4Gear eXtreme RAIDar 4.1.3 Realtek High Definition Audio Driver RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 RocketDock 1.3.5 SecureW2 EAP Suite 1.1.2 for Windows Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Skins Skype web features Skype™ 5.10 Softonic_English Toolbar Spotify Stronghold Kingdoms Synaptics Pointing Device Driver Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL TeamSpeak 3 Client TeamViewer 4 TorrentMan Toolbar Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition USB 2.0 1.3M UVC WebCam VBA VLC media player 1.0.1 Winamp Windows Live - Hulpprogramma voor uploaden Windows Live aanmeldhulp Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sync WinFlash WinRAR WinZip 12.0 Wireless Console 2 Yontoo 1.10.02 . ==== End Of File =========================== dds.txt DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_37 Run by Koen at 16:02:40 on 2012-11-22 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3070.1515 [GMT 1:00] . AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\Ati2evxx.exe C:\Program Files\ATK Hotkey\ASLDRSrv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\WLANExt.exe C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\ASUS\SmartLogon\sensorsrv.exe C:\Program Files\ATK Hotkey\Hcontrol.exe C:\Program Files\ATKOSD2\ATKOSD2.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe C:\Program Files\P4G\BatteryLife.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Windows\System32\ACEngSvr.exe C:\Program Files\ATK Hotkey\ATKOSD.exe C:\Program Files\ATK Hotkey\KBFiltr.exe C:\Program Files\ATK Hotkey\WDC.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Program Files\P4P\P4P.exe C:\Windows\ASScrPro.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Windows\ehome\ehtray.exe C:\Program Files\RocketDock\RocketDock.exe C:\Users\Koen\AppData\Local\Akamai\netsession_win.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Windows\ehome\ehmsas.exe C:\Windows\system32\agrsmsvc.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Users\Koen\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\conime.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\System32\svchost.exe -k Cognizance C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k Akamai C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?affID=109217&tt=3612_6&babsrc=HP_ss&mntrId=226b3e1200000000000000221528e026 uDefault_Page_URL = hxxp://www.asus.com mDefault_Page_URL = hxxp://www.asus.com uProxyOverride = 127.0.0.1:9421;<local> uURLSearchHooks: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\tbTorr.dll uURLSearchHooks: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll mURLSearchHooks: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\tbTorr.dll mURLSearchHooks: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Reader Help bij koppelingen: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg9\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned> BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\tbTorr.dll BHO: Windows Live Aanmelden - Help: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: ASUS Security Protect Manager: {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\program files\asus security center\asus security protect manager\bin\ItIEAddIn.dll BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo\YontooIEClient.dll TB: TorrentMan Toolbar: {7C5C0F58-E061-457D-9033-77307F5ED00C} - c:\program files\torrentman\tbTorr.dll TB: Softonic English Toolbar: {930F1200-F5F1-4870-BAC6-E233EC8E7023} - c:\program files\softonic_english\tbSoft.dll TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll TB: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\tbTorr.dll TB: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe" uRun: [Akamai NetSession Interface] "c:\users\koen\appdata\local\akamai\netsession_win.exe" uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [badoo Desktop] c:\programdata\badoo\badoo desktop\1.6.55.1183\Badoo.Desktop.exe mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [skytel] Skytel.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE mRun: [PowerForPhone] "c:\program files\p4p\P4P.exe" mRun: [ASUS Camera ScreenSaver] c:\windows\ASScrProlog.exe mRun: [ASUS Screen Saver Protector] c:\windows\ASScrPro.exe mRun: [CognizanceTS] rundll32.exe c:\progra~1\asusse~1\asusse~1\bin\ASTSVCC.dll,RegisterModule mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/mjss/MJSS.cab109791.cab DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxp://secure.gopetslive.com/dev/GoPetsWeb.cab TCP: NameServer = 213.46.228.196 62.179.104.196 TCP: Interfaces\{F54F85D5-1994-4009-B495-A8277868EBCB} : DHCPNameServer = 213.46.228.196 62.179.104.196 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll AppInit_DLLs= APSHook.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Notification Packages = scecli ASWLNPkg LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ================= FIREFOX =================== . FF - ProfilePath - c:\users\koen\appdata\roaming\mozilla\firefox\profiles\9t0tliyt.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q= FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=109217&tt=3612_6&babsrc=HP_ss&mntrId=226b3e1200000000000000221528e026 FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109217&tt=3612_6&babsrc=KW_ss&mntrId=226b3e1200000000000000221528e026&q= FF - component: c:\users\koen\appdata\roaming\mozilla\firefox\profiles\9t0tliyt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\npjpi160_35.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com FF - Ext: Yontoo: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar.autoRvrt - false FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=226b3e1200000000000000221528e026&q= FF - user.js: extensions.BabylonToolbar.id - 226b3e1200000000000000221528e026 FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB} FF - user.js: extensions.BabylonToolbar.instlDay - 15586 FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12 FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1219:56:24 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - base FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109217&tt=3612_6 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extentions.y2layers.installId - 74be9997-943b-4ad6-9fd0-adba258ee303 FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,dropdowndeals,twittube,YontooNewOffers . FF - user.js: extensions.autoDisableScopes - 14 . ============= SERVICES / DRIVERS =============== . R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-30 216400] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-30 29712] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-30 243152] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504] R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504] R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-30 308136] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-10-7 185640] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2007-10-31 46592] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944] . =============== File Associations =============== . FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1" . =============== Created Last 30 ================ . 2012-11-18 16:59:44 75776 ----a-w- c:\windows\system32\synceng.dll 2012-11-18 16:58:33 2047488 ----a-w- c:\windows\system32\win32k.sys . ==================== Find3M ==================== . 2012-11-22 11:10:26 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-10-09 10:58:13 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-09 10:58:13 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-09-24 13:32:24 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-09-24 13:32:20 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll 2012-08-29 11:27:41 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-29 11:27:41 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-24 15:53:29 172544 ----a-w- c:\windows\system32\wintrust.dll 2011-04-08 14:28:29 3050664 ----a-w- c:\program files\ccsetup305.exe 2010-03-25 18:07:14 42281152 ----a-w- c:\program files\avira_antivir_personal_en.exe . ============= FINISH: 16:04:13,32 ===============

here you go=] attach.txt dds.txt

I dont think i got the whole croupondropdown. Because he isnt sending me to unwanted sites unless i click the banners... only a bit of spamming and those tags. Still it is pretty annoying and i would like to have it removed. Dont worry, i wont do any banking/important stuff on this computer just to be sure.

Hello, Thanks for your responce:D I will follow your steps. This is my latest log file of Malware(it is in dutch, sorry): ------------------------------------------------------------------------------------------ Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4434 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 15-8-2010 22:53:53 mbam-log-2010-08-15 (22-53-53).txt Scantype: Snelle scan Objecten gescand: 136388 Verstreken tijd: 7 minuut/minuten, 8 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 7 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: C:\Users\Koen\AppData\Local\Temp\C1F6.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Users\Koen\AppData\Local\Temp\7B2C.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Users\Koen\AppData\Roaming\usernt.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\syscron.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\Temp\_ex-68.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Koen\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully. ------------------------------------------------------------------ after this, i still had problems with Coupondropdown. I have read the following steps. But b4 i download anything i realy want to know what i am downloading xD. I hope you understand=]

Hello, First of all: i have already found a few topics about the Coupodropdown but none actually had the same problem as me. The problem i have with coupondropdown: Each time when i am viewing a picture/message on facebook he keeps spamming the line ''Ads by Coupondropdown'' just above the messages. Besides that i think he is also the cause of the none stop refreshing every sec. Another problem (i think it is the same) he is giving me is randomly change words into tags. When i click them they redirect me to sites that sell stuff ect ect. Besides the clicking part, when i hold my mouse above the tag i get a picture of the site it will bring me to. I have already done: -a Malwarebytes and AVG run but he didnt found any, -removed cookies/downloads with CCleaner, -checked my program list for unwanted programs for uninstal (suggested on mulitple forums like this), -Checked Google chrome adds to remove Coupondropdown, it wasnt there (also suggested on multiple forums) anything else i can do to remove it? I am a bit of a newbie with advance computer tricks. So i havent tried the save mode yet and remove some files, dont want to mess up any;) Thanks a lot for any usefull answers:D Greets Vrighty