Jump to content

No internet after running malwarebytes


Recommended Posts

I ran Malwarebytes and it found quite a few infections. After they had been quarantined, while there is nothing wrong with my actual internet connection, I can't access any websites in Firefox, Chrome or IE. Firefox reports that the proxy server is refusing connections, Chrome tells me 'this web page is not available', and IE says web pages cannot be displayed.

The reason I ran malwarebytes in the first place was that clicks on google search results were being redirected to other sites.

If someone could help, it would be very, very much appreciated!!!!

Here are the logs:

anti-malware log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5073

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

08/11/2010 14:49:16

mbam-log-2010-11-08 (14-49-16).txt

Scan type: Quick scan

Objects scanned: 140747

Time elapsed: 15 minute(s), 14 second(s)

Memory Processes Infected: 2

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 1

Folders Infected: 1

Files Infected: 15

Memory Processes Infected:

C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe (Backdoor.Gbot) -> Unloaded process successfully.

C:\Documents and Settings\Administrator\Application Data\Microsoft\svchost.exe (Backdoor.Gbot) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Gbot) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:

C:\WINDOWS\Temp\spoolsv (Backdoor.Bot) -> Quarantined and deleted successfully.

Files Infected:

C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe (Backdoor.Gbot) -> Delete on reboot.

C:\Documents and Settings\Administrator\Application Data\Microsoft\svchost.exe (Backdoor.Gbot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\spoolsv\spoolsv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\spoolsv\aliases.ini (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\spoolsv\com.mrc (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\spoolsv\control.ini (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\spoolsv\fullname.txt (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\spoolsv\ident.txt (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\spoolsv\mirc.ico (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\spoolsv\remote.ini (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\spoolsv\servers.ini (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\spoolsv\users.ini (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\spoolsv\xmas.jpg (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Application Data\Microsoft\stor.cfg (Malware.Trace) -> Delete on reboot.

C:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe (Trojan.Agent) -> Delete on reboot.

DDS log

DDS (Ver_10-11-08.01) - NTFSx86

Run by Administrator at 10:41:07.81 on 09/11/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1406.737 [GMT 1:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\SarcMark.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\Program Files\Mozilla Firefox\firefox.exe

J:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=127.0.0.1:50370

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [setRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe

mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"

mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\admini~1\menust~1\progra~1\opstar~1\openof~1.lnk - c:\program files\openoffice.org 2.2\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\documents and settings\all users\menu start\programma's\opstarten\SarcMark.exe

IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171363746421

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\d8pqqfk1.default\

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-8 165584]

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-8 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-8 40384]

R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-8 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-8 40384]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101031.002\naveng.sys [2010-11-1 86064]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101031.002\navex15.sys [2010-11-1 1371184]

S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-2-29 255096]

S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-2-29 87160]

S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-2-29 242808]

S4 gupdate1ca6d0efdeab98e;Google Update Service (gupdate1ca6d0efdeab98e);c:\program files\google\update\GoogleUpdate.exe [2009-11-24 133104]

S4 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-3-12 169192]

S4 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-3-12 1221864]

=============== Created Last 30 ================

2010-11-08 12:06:53 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes

2010-11-08 12:06:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-08 12:06:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-11-08 12:06:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-08 12:06:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-08 10:41:48 38848 ----a-w- c:\windows\avastSS.scr

2010-11-08 10:41:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

2010-11-08 10:04:02 -------- d-----w- c:\windows\pss

2010-11-08 10:03:09 -------- d-----w- c:\docume~1\admini~1\applic~1\TeamViewer

2010-11-04 13:20:04 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin

2010-11-04 13:20:04 22 --sha-w- c:\docume~1\admini~1\applic~1\Sys6925.Config Collection.sys

2010-11-04 13:19:22 -------- d-----w- c:\program files\jv16 PowerTools 2010

2010-10-13 08:35:23 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2010-10-13 08:35:23 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-13 08:35:22 974848 ------w- c:\windows\system32\dllcache\mfc42.dll

2010-10-13 08:35:08 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

==================== Find3M ====================

2010-09-18 10:23:46 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:44 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:44 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:44 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-10 05:52:39 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:52:35 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:52:35 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-08 09:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 09:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-09-01 11:52:57 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-09-01 07:57:48 1852928 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:03:56 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:55:04 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-27 01:43:50 5632 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:13:27 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45:25 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2007-03-22 01:07:11 4851200 ----a-w- c:\program files\openofficeorg22.msi

2007-03-06 10:34:50 319488 ----a-w- c:\program files\setup.exe

2002-03-11 09:06:30 1822520 ----a-w- c:\program files\instmsiw.exe

2002-03-11 08:45:04 1708856 ----a-w- c:\program files\instmsia.exe

============= FINISH: 10:41:34.03 ===============

Attach.zip

Link to post
Share on other sites

Hello ,

And :P My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

I see indeed some proxy settings. Lets see what else we can clean up.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Thanks Elise!

This is the combofix log, I'm afraid it automatically ran in Dutch, I hope that's okay:

ComboFix 10-11-07.A2 - Administrator 09/11/2010 13:43:22.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1406.719 [GMT 1:00]

Gestart vanuit: J:\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-10-09 to 2010-11-09 ))))))))))))))))))))))))))))))

.

2010-11-08 12:06 . 2010-11-08 12:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-11-08 12:06 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-08 12:06 . 2010-11-08 12:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-11-08 12:06 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-08 12:06 . 2010-11-08 12:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-08 10:42 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-11-08 10:42 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-11-08 10:42 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-11-08 10:42 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-11-08 10:42 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-11-08 10:42 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-11-08 10:42 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-11-08 10:41 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr

2010-11-08 10:41 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe

2010-11-08 10:41 . 2010-11-08 10:41 -------- d-----w- c:\program files\Alwil Software

2010-11-08 10:41 . 2010-11-08 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-11-08 10:03 . 2010-11-08 10:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\TeamViewer

2010-11-04 13:20 . 2010-11-04 13:20 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin

2010-11-04 13:20 . 2010-11-04 13:20 22 --sha-w- c:\documents and settings\Administrator\Application Data\Sys6925.Config Collection.sys

2010-11-04 13:19 . 2010-11-04 14:07 -------- d-----w- c:\program files\jv16 PowerTools 2010

2010-10-13 08:35 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2010-10-13 08:35 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-13 08:35 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll

2010-10-13 08:35 . 2010-08-23 16:13 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-18 10:23 . 2004-08-04 02:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2004-08-04 02:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2004-08-04 02:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2004-08-04 02:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-10 05:52 . 2004-08-04 02:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:52 . 2004-08-04 02:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:52 . 2004-08-04 02:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-09-01 11:52 . 2004-08-04 02:00 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-09-01 07:57 . 2004-08-04 02:00 1852928 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:03 . 2004-08-04 02:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:55 . 2004-08-04 02:00 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-26 13:39 . 2004-08-04 02:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-23 16:13 . 2004-08-04 02:00 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17 . 2004-08-04 02:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45 . 2004-08-04 02:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2007-03-22 01:07 . 2007-03-22 01:07 4851200 ----a-w- c:\program files\openofficeorg22.msi

2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe

2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-25 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-04 344064]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]

"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]

"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-25 68592]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Menu Start\Programma's\Opstarten\

OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

SarcMark.exe [2009-2-18 241497]

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programma's^Opstarten^Dropbox.lnk]

path=c:\documents and settings\Administrator\Menu Start\Programma's\Opstarten\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Acrobat Speed Launcher.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Acrobat Speed Launcher.lnk

backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Sonic CinePlayer Quick Launch.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Sonic CinePlayer Quick Launch.lnk

backup=c:\windows\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^VPN Client.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\VPN Client.lnk

backup=c:\windows\pss\VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

2004-02-29 15:44 66680 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-24 00:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ccSetMgr"=2 (0x2)

"ccPwdSvc"=3 (0x3)

"SNDSrvc"=3 (0x3)

"ccEvtMgr"=2 (0x2)

"DefWatch"=2 (0x2)

"Symantec AntiVirus"=3 (0x3)

"SavRoam"=3 (0x3)

"iPod Service"=3 (0x3)

"gusvc"=3 (0x3)

"gupdate1ca6d0efdeab98e"=2 (0x2)

"FlipShare Service"=2 (0x2)

"CVPND"=2 (0x2)

"Bonjour Service"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"Adobe Version Cue CS2"=2 (0x2)

"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=

"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [08/11/2010 11:42 165584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08/11/2010 11:42 17744]

S4 gupdate1ca6d0efdeab98e;Google Update Service (gupdate1ca6d0efdeab98e);c:\program files\Google\Update\GoogleUpdate.exe [24/11/2009 15:04 133104]

S4 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [12/03/2004 15:18 169192]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - PFLOQFOB

*Deregistered* - pfloqfob

.

Inhoud van de 'Gedeelde Taken' map

2010-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-24 14:04]

2010-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-24 14:04]

2010-11-08 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=127.0.0.1:50370

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d8pqqfk1.default\

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-09 13:49

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1078001901-3909484548-4121994653-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,3e,ab,ba,b0,58,db,44,80,68,31,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,3e,ab,ba,b0,58,db,44,80,68,31,\

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(992)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3632)

c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll

.

Voltooingstijd: 2010-11-09 13:51:55

ComboFix-quarantined-files.txt 2010-11-09 12:51

ComboFix2.txt 2010-11-09 11:50

Pre-Run: 116,067,614,720 bytes beschikbaar

Post-Run: 116,048,424,960 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - AD970D49713754DC214C13B974CD67E9

Link to post
Share on other sites

I'm afraid it automatically ran in Dutch, I hope that's okay:
I happen to be a native Dutch speaker, so no problem. :P

Looks like we might also have a rootkit on our hands here. Please let me know how things are running after the following script.

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

Driver::
pfloqfob

Rootkit::
c:\windows\system32\drivers\pfloqfob.sys

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:50370

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Da's toevallig :lol: Ontzettend bedankt voor al je hulp!

Right, I ran the script, and I can now browse the web again, woohoo!!!! However, my antivirus software (Avast free edition, 5.0.677) won't work right now (it warns me that it is disabled but doesn't respond when I tell it to start), and my comp doesn't seem to be recognising my USB-stick, which I've been using to shuttle scripts, logs etc. back and forth between the two computers as I had no internet access on the infected one.

This is the log:

ComboFix 10-11-07.A2 - Administrator 09/11/2010 14:55:21.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1406.740 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\fixin stuff\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\fixin stuff\CFScript.txt

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_PFLOQFOB

-------\Service_pfloqfob

(((((((((((((((((((( Bestanden Gemaakt van 2010-10-09 to 2010-11-09 ))))))))))))))))))))))))))))))

.

2010-11-08 12:06 . 2010-11-08 12:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-11-08 12:06 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-08 12:06 . 2010-11-08 12:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-11-08 12:06 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-08 12:06 . 2010-11-08 12:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-08 10:42 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-11-08 10:42 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-11-08 10:42 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-11-08 10:42 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-11-08 10:42 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-11-08 10:42 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-11-08 10:42 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-11-08 10:41 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr

2010-11-08 10:41 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe

2010-11-08 10:41 . 2010-11-08 10:41 -------- d-----w- c:\program files\Alwil Software

2010-11-08 10:41 . 2010-11-08 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-11-08 10:03 . 2010-11-08 10:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\TeamViewer

2010-11-04 13:20 . 2010-11-04 13:20 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin

2010-11-04 13:20 . 2010-11-04 13:20 22 --sha-w- c:\documents and settings\Administrator\Application Data\Sys6925.Config Collection.sys

2010-11-04 13:19 . 2010-11-04 14:07 -------- d-----w- c:\program files\jv16 PowerTools 2010

2010-10-13 08:35 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2010-10-13 08:35 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-13 08:35 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll

2010-10-13 08:35 . 2010-08-23 16:13 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-18 10:23 . 2004-08-04 02:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2004-08-04 02:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2004-08-04 02:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2004-08-04 02:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-10 05:52 . 2004-08-04 02:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:52 . 2004-08-04 02:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:52 . 2004-08-04 02:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-09-01 11:52 . 2004-08-04 02:00 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-09-01 07:57 . 2004-08-04 02:00 1852928 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:03 . 2004-08-04 02:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:55 . 2004-08-04 02:00 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-26 13:39 . 2004-08-04 02:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-23 16:13 . 2004-08-04 02:00 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17 . 2004-08-04 02:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45 . 2004-08-04 02:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2007-03-22 01:07 . 2007-03-22 01:07 4851200 ----a-w- c:\program files\openofficeorg22.msi

2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe

2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-25 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-04 344064]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]

"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]

"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-25 68592]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Menu Start\Programma's\Opstarten\

OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

SarcMark.exe [2009-2-18 241497]

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programma's^Opstarten^Dropbox.lnk]

path=c:\documents and settings\Administrator\Menu Start\Programma's\Opstarten\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Acrobat Speed Launcher.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Acrobat Speed Launcher.lnk

backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Sonic CinePlayer Quick Launch.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Sonic CinePlayer Quick Launch.lnk

backup=c:\windows\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^VPN Client.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\VPN Client.lnk

backup=c:\windows\pss\VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

2004-02-29 15:44 66680 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-24 00:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ccSetMgr"=2 (0x2)

"ccPwdSvc"=3 (0x3)

"SNDSrvc"=3 (0x3)

"ccEvtMgr"=2 (0x2)

"DefWatch"=2 (0x2)

"Symantec AntiVirus"=3 (0x3)

"SavRoam"=3 (0x3)

"iPod Service"=3 (0x3)

"gusvc"=3 (0x3)

"gupdate1ca6d0efdeab98e"=2 (0x2)

"FlipShare Service"=2 (0x2)

"CVPND"=2 (0x2)

"Bonjour Service"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"Adobe Version Cue CS2"=2 (0x2)

"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=

"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [08/11/2010 11:42 165584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08/11/2010 11:42 17744]

S4 gupdate1ca6d0efdeab98e;Google Update Service (gupdate1ca6d0efdeab98e);c:\program files\Google\Update\GoogleUpdate.exe [24/11/2009 15:04 133104]

S4 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [12/03/2004 15:18 169192]

.

Inhoud van de 'Gedeelde Taken' map

2010-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-24 14:04]

2010-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-24 14:04]

2010-11-08 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d8pqqfk1.default\

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-09 15:04

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1078001901-3909484548-4121994653-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,3e,ab,ba,b0,58,db,44,80,68,31,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,3e,ab,ba,b0,58,db,44,80,68,31,\

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(992)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2312)

c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\system32\Ati2evxx.exe

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\SarcMark.exe

c:\program files\OpenOffice.org 2.2\program\soffice.exe

c:\program files\OpenOffice.org 2.2\program\soffice.BIN

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\RealVNC\VNC4\WinVNC4.exe

.

**************************************************************************

.

Voltooingstijd: 2010-11-09 15:07:26 - machine werd herstart

ComboFix-quarantined-files.txt 2010-11-09 14:07

ComboFix2.txt 2010-11-09 12:51

ComboFix3.txt 2010-11-09 11:50

Pre-Run: 116,056,363,008 bytes beschikbaar

Post-Run: 115,898,998,784 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - D142946D5D0B0EFB5BC1C3AA538C033B

Link to post
Share on other sites

Da's toevallig Ontzettend bedankt voor al je hulp!
Graag gedaan! :lol:

Did you try to uninstall and reinstall Avast? Sometimes malware messes with security software and leaves it corrupted.

UPDATE JAVA

------------------

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 22 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Please launch MBAM, update it and run a full scan. Post me the resulting log.

Link to post
Share on other sites

Thanks, Elise :lol:

I'd already uninstalled and reinstalled Avast, it hasn't made a difference....

Java now fully up-to-date, and this is the new MBAM log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5073

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

09/11/2010 18:10:42

mbam-log-2010-11-09 (18-10-42).txt

Scan type: Full scan (C:\|)

Objects scanned: 226586

Time elapsed: 46 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\System Volume Information\_restore{3D9499DE-D2DC-487D-9E50-CB8B7DE0C954}\RP631\A0148213.exe (Backdoor.Gbot) -> No action taken.

C:\System Volume Information\_restore{3D9499DE-D2DC-487D-9E50-CB8B7DE0C954}\RP631\A0148217.exe (Backdoor.Gbot) -> No action taken.

Link to post
Share on other sites

Lets have a closer look here.

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the Quick Scan button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites

voila:

OTL logfile created on: 09/11/2010 19:09:19 - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Bureaublad

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: Verenigd Koninkrijk | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 107.91 Gb Free Space | 72.40% Space Free | Partition Type: NTFS

Computer Name: HP14620180481 | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/09 19:08:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Bureaublad\OTL.exe

PRC - [2010/11/01 12:36:44 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2009/06/25 13:46:43 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2009/06/25 13:46:41 | 000,068,592 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

PRC - [2009/02/18 19:33:24 | 000,241,497 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\SarcMark.exe

PRC - [2008/04/23 01:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe

PRC - [2008/04/14 18:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/03/22 01:04:48 | 002,359,296 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.2\program\soffice.exe

PRC - [2007/03/22 00:28:52 | 002,510,848 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.2\program\soffice.bin

PRC - [2006/05/12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe

PRC - [2005/04/04 17:58:30 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

========== Modules (SafeList) ==========

MOD - [2010/11/09 19:08:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Bureaublad\OTL.exe

MOD - [2010/08/23 17:13:25 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)

SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Start_Pending] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2009/05/05 12:12:00 | 000,451,840 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)

SRV - [2006/05/12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)

SRV - [2006/04/20 08:34:26 | 001,520,688 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2005/04/04 17:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)

SRV - [2004/03/11 14:58:32 | 000,193,760 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)

SRV - [2004/02/29 16:44:54 | 000,242,808 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)

SRV - [2004/02/29 16:44:52 | 000,087,160 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)

SRV - [2004/02/29 16:44:48 | 000,255,096 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)

DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2010/10/31 09:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101031.002\navex15.sys -- (NAVEX15)

DRV - [2010/10/31 09:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101031.002\naveng.sys -- (NAVENG)

DRV - [2010/09/07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010/09/07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2010/09/07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010/09/07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2010/09/07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/09/07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2006/08/01 20:07:02 | 004,356,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/04/20 08:33:40 | 000,303,740 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2006/01/05 12:46:42 | 001,420,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005/09/30 12:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2005/08/18 19:22:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)

DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-stuurprogramma voor Realtek RTL8139(A/B/C)

DRV - [2004/08/03 18:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)

DRV - [2004/08/03 18:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)

DRV - [2004/08/03 18:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)

DRV - [2004/08/03 18:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)

DRV - [2004/08/03 18:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)

DRV - [2004/08/03 18:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)

DRV - [2004/08/03 18:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)

DRV - [2004/08/03 18:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)

DRV - [2004/08/03 18:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)

DRV - [2004/08/03 18:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)

DRV - [2004/08/03 18:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)

DRV - [2004/08/03 18:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)

DRV - [2004/08/03 18:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)

DRV - [2004/08/03 18:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)

DRV - [2004/08/03 18:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)

DRV - [2004/03/11 14:58:10 | 000,263,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)

DRV - [2004/03/11 14:58:08 | 000,016,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)

DRV - [2002/05/08 19:44:42 | 000,105,472 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu320.sys -- (adpu320)

DRV - [2002/04/04 07:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)

DRV - [2001/08/17 16:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)

DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)

DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)

DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)

DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-21-1078001901-3909484548-4121994653-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-1078001901-3909484548-4121994653-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1078001901-3909484548-4121994653-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4

FF - prefs.js..extensions.enabledItems: toolbar@heystaks.extensions:0.9.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1

FF - prefs.js..extensions.enabledItems: nl-NL@dictionaries.addons.mozilla.org:3.0.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/05 14:21:31 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/01 12:36:53 | 000,000,000 | ---D | M]

[2008/09/01 10:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2010/11/09 17:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d8pqqfk1.default\extensions

[2010/05/06 09:17:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d8pqqfk1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/10/16 09:22:33 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d8pqqfk1.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}

[2010/05/10 09:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d8pqqfk1.default\extensions\firebug@software.joehewitt.com

[2010/10/06 09:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d8pqqfk1.default\extensions\nl-NL@dictionaries.addons.mozilla.org

[2009/01/22 10:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d8pqqfk1.default\extensions\speedtest@gotomyhelp.com

[2010/09/30 09:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d8pqqfk1.default\extensions\toolbar@heystaks.extensions

[2010/09/30 09:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d8pqqfk1.default\extensions\toolbar@heystaks.extensions\chrome

[2010/09/30 09:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d8pqqfk1.default\extensions\toolbar@heystaks.extensions\components

[2010/09/30 09:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d8pqqfk1.default\extensions\toolbar@heystaks.extensions\META-INF

[2010/11/09 17:16:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/11/09 17:15:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/11/09 17:14:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/07/29 09:16:48 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/07/29 09:16:48 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/07/29 09:16:48 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/07/29 09:16:48 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/11/09 15:02:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-1078001901-3909484548-4121994653-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-1078001901-3909484548-4121994653-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)

O4 - HKLM..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)

O4 - HKU\S-1-5-21-1078001901-3909484548-4121994653-500..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\SarcMark.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1078001901-3909484548-4121994653-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1078001901-3909484548-4121994653-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1078001901-3909484548-4121994653-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1078001901-3909484548-4121994653-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1171363746421 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} http://www.cyclomedia.nl/download/componen...loScopeLite.cab (CycloScopeLite Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.10.3 10.0.10.1 213.136.12.52

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/09 19:08:45 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Bureaublad\OTL.exe

[2010/11/09 17:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/11/09 17:15:04 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/11/09 17:15:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/11/09 17:15:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/11/09 17:15:04 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010/11/09 16:57:14 | 016,074,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Bureaublad\jre-6u22-windows-i586.exe

[2010/11/09 16:06:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/11/09 15:30:05 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2010/11/09 15:30:05 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2010/11/09 15:30:04 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2010/11/09 15:30:03 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2010/11/09 15:30:02 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2010/11/09 15:30:02 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2010/11/09 15:30:02 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2010/11/09 15:29:46 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2010/11/09 15:29:46 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2010/11/09 15:07:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010/11/09 14:53:55 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/11/09 14:47:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Bureaublad\fixin stuff

[2010/11/09 12:37:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/11/09 12:37:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/11/09 12:37:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/11/09 12:37:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/11/09 12:37:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/11/09 12:37:29 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/11/08 13:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2010/11/08 13:06:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/08 13:06:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/11/08 13:06:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/11/08 13:06:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/08 13:04:50 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Bureaublad\mbam-setup-1.46.exe

[2010/11/08 11:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software

[2010/11/08 11:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2010/11/08 11:04:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010/11/08 11:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer

[2010/11/08 11:01:19 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2010/11/04 14:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools 2010

[2010/10/13 09:35:23 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll

[2010/10/13 09:35:23 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll

[2010/10/13 09:35:22 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll

[2010/10/13 09:35:08 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll

[2002/03/11 10:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe

[2002/03/11 09:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/09 19:08:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Bureaublad\OTL.exe

[2010/11/09 18:43:00 | 000,001,042 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/11/09 18:28:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/09 18:26:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/09 18:26:45 | 1474,875,392 | -HS- | M] () -- C:\hiberfil.sys

[2010/11/09 17:14:52 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/11/09 17:14:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/11/09 17:14:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/11/09 17:14:52 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010/11/09 17:14:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010/11/09 16:58:37 | 016,074,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Bureaublad\jre-6u22-windows-i586.exe

[2010/11/09 15:54:18 | 000,002,900 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010/11/09 15:54:18 | 000,001,706 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\avast! Free Antivirus.lnk

[2010/11/09 15:40:08 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/11/09 15:22:16 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job

[2010/11/09 15:02:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/11/09 14:54:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2010/11/09 13:42:26 | 000,000,327 | ---- | M] () -- C:\Boot.bak

[2010/11/08 16:14:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable

[2010/11/08 15:44:32 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Google Chrome.lnk

[2010/11/08 13:06:18 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk

[2010/11/08 13:05:24 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Bureaublad\mbam-setup-1.46.exe

[2010/11/08 12:15:32 | 000,211,577 | ---- | M] () -- C:\Documents and Settings\Administrator\Bureaublad\photo(3).jpg

[2010/11/08 11:40:18 | 051,515,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Bureaublad\setup_av_free.exe

[2010/11/08 11:12:27 | 002,075,272 | ---- | M] () -- C:\Documents and Settings\Administrator\Bureaublad\TeamViewerQS_nl(2).exe

[2010/11/08 11:03:03 | 002,075,272 | ---- | M] () -- C:\Documents and Settings\Administrator\Bureaublad\TeamViewerQS_nl.exe

[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe

[2010/11/05 14:22:50 | 000,924,816 | ---- | M] () -- C:\Documents and Settings\Administrator\Bureaublad\Norton_Removal_Tool.exe

[2010/11/05 12:54:42 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/11/04 14:20:04 | 000,000,022 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Sys6925.Config Collection.sys

[2010/11/04 14:20:04 | 000,000,022 | -HS- | M] () -- C:\WINDOWS\Sys3390 SettingsCollection.bin

[2010/11/04 14:19:28 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\jv16 PowerTools 2010.lnk

[2010/11/04 14:19:28 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\Administrator\Bureaublad\jv16 PowerTools 2010.lnk

[2010/11/03 15:31:05 | 000,545,290 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat

[2010/11/03 15:31:05 | 000,472,216 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/11/03 15:31:05 | 000,107,678 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat

[2010/11/03 15:31:05 | 000,084,088 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/10/27 12:13:01 | 001,178,138 | ---- | M] () -- C:\Documents and Settings\Administrator\Bureaublad\NO IMPACT WEEK HOW TO MANUAL.pdf

[2010/10/27 11:55:51 | 000,966,427 | ---- | M] () -- C:\Documents and Settings\Administrator\Bureaublad\No Impact Week Netherlands.pdf

[2010/10/26 11:27:46 | 000,061,134 | ---- | M] () -- C:\Documents and Settings\Administrator\Bureaublad\factuur_30092010.pdf

[2010/10/26 10:30:09 | 000,779,516 | ---- | M] () -- C:\Documents and Settings\Administrator\Bureaublad\annual report 2009 webversie.pdf

[2010/10/21 11:17:43 | 000,276,992 | ---- | M] () -- C:\Documents and Settings\Administrator\Bureaublad\Newhigh11.doc

[2010/10/15 17:33:37 | 000,079,755 | ---- | M] () -- C:\Documents and Settings\Administrator\Bureaublad\report back.rtf

[2010/10/14 09:11:33 | 000,172,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/10/13 15:51:39 | 000,195,457 | ---- | M] () -- C:\Documents and Settings\Administrator\Bureaublad\rubypassport.pdf

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/09 16:07:42 | 1474,875,392 | -HS- | C] () -- C:\hiberfil.sys

[2010/11/09 15:30:05 | 000,001,706 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\avast! Free Antivirus.lnk

[2010/11/09 12:39:45 | 000,000,327 | ---- | C] () -- C:\Boot.bak

[2010/11/09 12:39:42 | 000,261,936 | RHS- | C] () -- C:\cmldr

[2010/11/09 12:37:53 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/11/09 12:37:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/11/09 12:37:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/11/09 12:37:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/11/09 12:37:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/11/08 16:14:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable

[2010/11/08 13:06:18 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk

[2010/11/08 12:15:29 | 000,211,577 | ---- | C] () -- C:\Documents and Settings\Administrator\Bureaublad\photo(3).jpg

[2010/11/08 11:35:40 | 051,515,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Bureaublad\setup_av_free.exe

[2010/11/08 11:12:19 | 002,075,272 | ---- | C] () -- C:\Documents and Settings\Administrator\Bureaublad\TeamViewerQS_nl(2).exe

[2010/11/08 11:02:58 | 002,075,272 | ---- | C] () -- C:\Documents and Settings\Administrator\Bureaublad\TeamViewerQS_nl.exe

[2010/11/05 14:22:44 | 000,924,816 | ---- | C] () -- C:\Documents and Settings\Administrator\Bureaublad\Norton_Removal_Tool.exe

[2010/11/05 12:54:29 | 000,001,917 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2010/11/04 14:20:04 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\Sys6925.Config Collection.sys

[2010/11/04 14:20:04 | 000,000,022 | -HS- | C] () -- C:\WINDOWS\Sys3390 SettingsCollection.bin

[2010/11/04 14:19:28 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\jv16 PowerTools 2010.lnk

[2010/11/04 14:19:28 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\Administrator\Bureaublad\jv16 PowerTools 2010.lnk

[2010/10/27 12:13:01 | 001,178,138 | ---- | C] () -- C:\Documents and Settings\Administrator\Bureaublad\NO IMPACT WEEK HOW TO MANUAL.pdf

[2010/10/27 11:55:49 | 000,966,427 | ---- | C] () -- C:\Documents and Settings\Administrator\Bureaublad\No Impact Week Netherlands.pdf

[2010/10/26 11:27:46 | 000,061,134 | ---- | C] () -- C:\Documents and Settings\Administrator\Bureaublad\factuur_30092010.pdf

[2010/10/26 10:30:08 | 000,779,516 | ---- | C] () -- C:\Documents and Settings\Administrator\Bureaublad\annual report 2009 webversie.pdf

[2010/10/21 11:17:43 | 000,276,992 | ---- | C] () -- C:\Documents and Settings\Administrator\Bureaublad\Newhigh11.doc

[2010/10/15 17:33:36 | 000,079,755 | ---- | C] () -- C:\Documents and Settings\Administrator\Bureaublad\report back.rtf

[2010/10/13 15:51:38 | 000,195,457 | ---- | C] () -- C:\Documents and Settings\Administrator\Bureaublad\rubypassport.pdf

[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2008/02/19 07:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll

[2007/08/09 12:16:21 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/03/22 02:13:41 | 003,254,170 | ---- | C] () -- C:\Program Files\openofficeorg4.cab

[2007/03/22 02:13:20 | 060,242,968 | ---- | C] () -- C:\Program Files\openofficeorg3.cab

[2007/03/22 02:08:45 | 015,289,981 | ---- | C] () -- C:\Program Files\openofficeorg2.cab

[2007/03/22 02:08:07 | 017,913,540 | ---- | C] () -- C:\Program Files\openofficeorg1.cab

[2007/03/22 02:07:11 | 004,851,200 | ---- | C] () -- C:\Program Files\openofficeorg22.msi

[2007/03/22 02:07:11 | 000,000,217 | ---- | C] () -- C:\Program Files\setup.ini

[2007/02/16 09:19:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI

[2007/01/11 16:53:55 | 000,000,963 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2007/01/11 08:13:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2007/01/11 08:09:34 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2007/01/11 08:07:39 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2007/01/11 08:03:15 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat

[2006/04/20 08:34:38 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll

[2006/04/20 08:34:24 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll

[2005/10/18 15:54:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/09/03 06:55:12 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

< End of report >

et voila:

OTL Extras logfile created on: 09/11/2010 19:09:19 - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Bureaublad

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: Verenigd Koninkrijk | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 107.91 Gb Free Space | 72.40% Space Free | Partition Type: NTFS

Computer Name: HP14620180481 | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1078001901-3909484548-4121994653-500\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Adobe\Adobe GoLive CS2\GoLive.exe" "%1" (Adobe Systems Incorporated)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\RealVNC\VNC4\winvnc4.exe" = C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:winvnc4 -- (RealVNC Ltd.)

"C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2 -- (Adobe Systems Incorporated)

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe:*:Enabled:Java Platform SE binary -- File not found

"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Documents and Settings\Administrator\Local Settings\Temp\7zS4.tmp\SymNRT.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\7zS4.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI-configuratiescherm

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}" = Microsoft .NET Framework 1.1 Dutch Language Pack

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"{26792CA7-D87A-4DBE-896B-C2F66B344511}" = Roxio CinePlayer

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 22

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes

"{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager

"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.2.2.1

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2

"{838DC5B4-2614-A98F-346B-B3BE3BE07CE7}" = FlipShare

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{9D284495-5E9D-4664-B20E-37162C5D728B}" = SarcMark

"{A1C8D94A-4303-4489-B585-4B6E6CD408CB}" = OpenOffice.org 2.2

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1

"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player

"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0

"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D25122BC-A60E-4663-B602-B01718F12044}" = Cisco Systems VPN Client 4.8.01.0300

"{D3621EAA-00D6-4791-97BF-7E8EE3437BF2}" = Visualizer Photo Resize

"{D610D81C-36EE-4E1B-8346-1F515A5AF032}" = Microsoft .NET Framework 2.0 Language Pack - NLD

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime

"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0

"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour

"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"All ATI Software" = ATI - Software-verwijderprogramma

"A-PDF Password Security_is1" = A-PDF Password Security 1.3

"ATI Display Driver" = ATI Display Driver

"avast5" = avast! Free Antivirus

"Bricks '2000" = Bricks '2000

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"ExpressBurn" = Express Burn

"FileZilla Client" = FileZilla Client 3.3.4.1

"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.1

"Google Chrome" = Google Chrome

"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"IrfanView" = IrfanView (remove only)

"jv16 PowerTools 2010" = jv16 PowerTools 2010

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 Language Pack - NLD" = Microsoft .NET Framework 2.0 Language Pack - NLD

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"RealPlayer 6.0" = RealPlayer

"RealVNC_is1" = VNC Free Edition 4.1.2

"Security Task Manager" = Security Task Manager 1.7h

"Skype_is1" = Skype 3.1

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VideoLAN VLC media player 0.8.6c

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR archiver

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1078001901-3909484548-4121994653-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 05/11/2010 08:01:20 | Computer Name = HP14620180481 | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Received from 192.168.12.122:5353 23 122.12.168.192.in-addr.arpa.

PTR HP14620180481-2.local.

Error - 05/11/2010 08:01:20 | Computer Name = HP14620180481 | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 21 122.12.168.192.in-addr.arpa.

PTR HP14620180481.local.

Error - 05/11/2010 08:44:13 | Computer Name = HP14620180481 | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Received from 192.168.12.122:5353 23 122.12.168.192.in-addr.arpa.

PTR HP14620180481-2.local.

Error - 05/11/2010 08:44:13 | Computer Name = HP14620180481 | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 21 122.12.168.192.in-addr.arpa.

PTR HP14620180481.local.

Error - 08/11/2010 05:30:52 | Computer Name = HP14620180481 | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Received from 192.168.12.122:5353 23 122.12.168.192.in-addr.arpa.

PTR HP14620180481-2.local.

Error - 08/11/2010 05:30:52 | Computer Name = HP14620180481 | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 21 122.12.168.192.in-addr.arpa.

PTR HP14620180481.local.

Error - 08/11/2010 06:09:55 | Computer Name = HP14620180481 | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Received from 192.168.12.122:5353 23 122.12.168.192.in-addr.arpa.

PTR HP14620180481-2.local.

Error - 08/11/2010 06:09:55 | Computer Name = HP14620180481 | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 21 122.12.168.192.in-addr.arpa.

PTR HP14620180481.local.

Error - 08/11/2010 06:40:22 | Computer Name = HP14620180481 | Source = crypt32 | ID = 131083

Description = Het uitpakken van een basislijst uit de cab voor automatische updates

is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

met de fout: Een vereist certificaat valt niet binnen de geldigheidsperiode als

gekeken wordt naar de huidige systeemklok of de tijdstempel in het ondertekende

bestand.

Error - 08/11/2010 06:40:22 | Computer Name = HP14620180481 | Source = crypt32 | ID = 131083

Description = Het uitpakken van een basislijst uit de cab voor automatische updates

is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

met de fout: Een vereist certificaat valt niet binnen de geldigheidsperiode als

gekeken wordt naar de huidige systeemklok of de tijdstempel in het ondertekende

bestand.

[ OSession Events ]

Error - 09/04/2009 10:43:50 | Computer Name = HP14620180481 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 26

seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 09/11/2010 13:31:51 | Computer Name = HP14620180481 | Source = DCOM | ID = 10005

Description = DCOM kreeg foutmelding '%1058' bij het starten van de gusvc-service

met de argumenten '' om de server {89DAE4CD-9F17-4980-902A-99BA84A8F5C8} te starten

Error - 09/11/2010 13:32:51 | Computer Name = HP14620180481 | Source = DCOM | ID = 10005

Description = DCOM kreeg foutmelding '%1058' bij het starten van de gusvc-service

met de argumenten '' om de server {89DAE4CD-9F17-4980-902A-99BA84A8F5C8} te starten

Error - 09/11/2010 13:34:51 | Computer Name = HP14620180481 | Source = DCOM | ID = 10005

Description = DCOM kreeg foutmelding '%1058' bij het starten van de gusvc-service

met de argumenten '' om de server {89DAE4CD-9F17-4980-902A-99BA84A8F5C8} te starten

Error - 09/11/2010 13:38:51 | Computer Name = HP14620180481 | Source = DCOM | ID = 10005

Description = DCOM kreeg foutmelding '%1058' bij het starten van de gusvc-service

met de argumenten '' om de server {89DAE4CD-9F17-4980-902A-99BA84A8F5C8} te starten

Error - 09/11/2010 13:46:51 | Computer Name = HP14620180481 | Source = DCOM | ID = 10005

Description = DCOM kreeg foutmelding '%1058' bij het starten van de gusvc-service

met de argumenten '' om de server {89DAE4CD-9F17-4980-902A-99BA84A8F5C8} te starten

Error - 09/11/2010 14:02:51 | Computer Name = HP14620180481 | Source = DCOM | ID = 10005

Description = DCOM kreeg foutmelding '%1058' bij het starten van de gusvc-service

met de argumenten '' om de server {89DAE4CD-9F17-4980-902A-99BA84A8F5C8} te starten

Error - 09/11/2010 14:08:46 | Computer Name = HP14620180481 | Source = Service Control Manager | ID = 7003

Description = Telephony-service is afhankelijk van de niet bestaande PlugPlay-service.

Error - 09/11/2010 14:08:46 | Computer Name = HP14620180481 | Source = Service Control Manager | ID = 7001

Description = De Verbindingsbeheer voor RAS-service is afhankelijk van de Telephony-service,

die vanwege de volgende fout niet kan worden gestart: %%1075

Error - 09/11/2010 14:08:46 | Computer Name = HP14620180481 | Source = Service Control Manager | ID = 7003

Description = Telephony-service is afhankelijk van de niet bestaande PlugPlay-service.

Error - 09/11/2010 14:08:46 | Computer Name = HP14620180481 | Source = Service Control Manager | ID = 7001

Description = De Verbindingsbeheer voor RAS-service is afhankelijk van de Telephony-service,

die vanwege de volgende fout niet kan worden gestart: %%1075

< End of report >

Link to post
Share on other sites

Please verify your systems date and time settings (this can be done in Control Panel) and adjust them if necessary.

I recommend you to update your Adobe reader software. Older versions are known to have security vulnerabilities that can be exploited. You can download the latest version at Adobes website.

I see nothing that could block Avast, however, I see some Norton leftovers. Lets get rid of those first and then see how things are running.

Please click HERE and follow the instructions in STEP 2 to download and run the norton removal tool.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.