Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browsers don't work properly

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browsers don't work properly

Unread postby Arno » August 4th, 2009, 10:57 am

Hi there!

For a few weeks I've had trouble with my browsers. Every twenty minutes or so, Firefox can't connect to the internet. At first, I had to wait like 15 minutes before it worked, but then I made a .bat that automatically refreshes my IP 9 times and for some reason, that works. I just figured it had something to do with my provider. But now I just found out downloads, like usenet/rapidshare, continue.. So there is something wrong with my browser. I checked out Google Chrome and that's the same as Firefox, when Firefox is down, so is Chrome. Internet Explorer on the other hand, works sometimes and sometimes it just doesn't work. It's kinda random. And the homepage of Internet Explorer is hxxp://google.mini20.com/, I don't know however that has something to do with it.

I scanned with AVG, he found 4 infections which are removed/in the vault, but still the problem. Malwarebytes' Anti-Malware found 1 infection on the full scan, removed that also. But I'm still having the problem, so that's why I need your help. Anyway, here is the HijackThis log;
Code: Select all
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:27, on 4/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\RSSoft\RedSwoosh.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Xfire\Xfire.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\MessengerDiscovery 2\MessengerDiscovery 2.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini20.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.18.93.109:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [pp] C:\windows\pp1.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ArnoVL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updateservice (gupdate1c99a8e877ae50a) (gupdate1c99a8e877ae50a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7082 bytes
Arno
Active Member
 
Posts: 11
Joined: July 14th, 2009, 9:47 am
Advertisement
Register to Remove

Re: Browsers don't work properly

Unread postby MWR 3 day Mod » August 8th, 2009, 5:02 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Browsers don't work properly

Unread postby Bob4 » August 8th, 2009, 10:55 am

_________________________________
Welcome to the Forums.

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.
The process is not instant.
Please continue to review my answers until I tell you your machine is clear.
Absence of symptoms does not mean that everything is clear.
So lets do this to the end!



  • Save and quit any work your doing before beginning the fix.
  • All hijackthis logs I ask for should be done in normal mode ( not safe mode)
  • These logs should be done last after you have followed my instructions in the previous post.
  • DO NOT be installing new programs while we are fixing this machine.
  • Be sure to use the subscribe button to receive notification by Email that you have been replied to.
    If I do not hear from you in 3 days from my last post this topic will be closed. You will need to start another.


Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!


______________________________
Open HJT

this time click on
Misc tools section

then:
Open uninstall Manager
click on save list.
Post that for me.





______________________________
RUN HJT

HJT
Run hijackthis and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini20.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.18.93.109:80
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [pp] C:\windows\pp1.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present


Close that.


_________________________________________________
Open Malwarebytes >>click on the LOG tab
Open and copy the first report you had done.
It will be in a dated values such as:
mbam-log-2009-01-02 (21-39-41).txt
I want the oldest log. That will be the earliest dated.

A new scan will not be of any help.



___________________________________________
    Open Malware bytes

  • Click on More tools
  • Click on
    File assasin
    Run tool
  • At the prompt copy and past this in exactly

    C:\WINDOWS\pp1.exe
  • Click OPEN.
    If the file still exsists

    You will be asked if you want to continue are you sure
  • Click yes..

    Do the same for the following files.

Download and install CCleaner from here


If you use either the Firefox/ Mozilla browsers, the box to uncheck for Cookies (using ccleaner) is on the Applications tab, under Firefox/Mozilla.
Image

  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Reset Temp File Removal for Regular Use.
    Click on the Options block on the left. Select the Advanced button.
    Check "Only delete files in Windows Temp folders older than 48 hours".

    Now run the program by clicking on Run Cleaner

    ( Do not use the Registry function to clean anything with this program. Having anything auto clean your regisrty is risky).



    ____________________________________
    Please download DDS and save it to your desktop.
    • Disable any script blocking protection
    • Double click dds.scr to run the tool.
    • When done, DDS.txt will open.
    • Click Yes at the next prompt for Optional Scan.
    • Save both reports to your desktop.
    ---------------------------------------------------

    Please include the contents of the following in your next reply:

    DDS.txt

    Please attach the second file; Attach.txt. To attach a file, do the following:
    • Under the reply panel is the Attachments Panel
    • Browse for the attachment file you want to upload, then click the green Upload button
    • Once it has uploaded, click the Manage Current Attachments drop down box
    • Click on Image to insert the attachment into your post
    _________________________



    In your next reply I would like to see:
    • A new HJT log
    • The uninstall list from HJT
    • The report from DDS
    • The report from Malwarebytes
    • Were you able to remove that file? pp1.exe
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Browsers don't work properly

Unread postby Arno » August 8th, 2009, 1:47 pm

Thanks for your help :)

-Uninstall list:
Code: Select all
36-image converter
7-Zip 4.65
Abbey Roadv3 Screen Saver
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
Advanced Batch Converter
AIM 6
Alex Buturuga - Muti ID3 Tag Editor 1.3b1
Alldj DVD To AVI Converter 3.0
Apple Software Update
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
ATI Problem Report Wizard
Audacity 1.2.6
AudioShell 1.3.5
Audiosurf
AutoUnpack 4.5.2
AVG Free 8.5
AVI DVD Burner 2008 v5.1.0.22
Battlefield 2(TM)
Beveiligingsupdate for Windows XP (KB923689)
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127-v2)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB961260)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB963027)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB969897)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB972260)
Beveiligingsupdate voor Windows Media Player (KB952069)
Beveiligingsupdate voor Windows XP (KB923561)
Beveiligingsupdate voor Windows XP (KB923789)
Beveiligingsupdate voor Windows XP (KB938464)
Beveiligingsupdate voor Windows XP (KB944338-v2)
Beveiligingsupdate voor Windows XP (KB946648)
Beveiligingsupdate voor Windows XP (KB950762)
Beveiligingsupdate voor Windows XP (KB950974)
Beveiligingsupdate voor Windows XP (KB951066)
Beveiligingsupdate voor Windows XP (KB951376-v2)
Beveiligingsupdate voor Windows XP (KB951698)
Beveiligingsupdate voor Windows XP (KB951748)
Beveiligingsupdate voor Windows XP (KB952004)
Beveiligingsupdate voor Windows XP (KB952954)
Beveiligingsupdate voor Windows XP (KB954211)
Beveiligingsupdate voor Windows XP (KB954600)
Beveiligingsupdate voor Windows XP (KB955069)
Beveiligingsupdate voor Windows XP (KB956391)
Beveiligingsupdate voor Windows XP (KB956572)
Beveiligingsupdate voor Windows XP (KB956802)
Beveiligingsupdate voor Windows XP (KB956803)
Beveiligingsupdate voor Windows XP (KB956841)
Beveiligingsupdate voor Windows XP (KB957097)
Beveiligingsupdate voor Windows XP (KB958215)
Beveiligingsupdate voor Windows XP (KB958644)
Beveiligingsupdate voor Windows XP (KB958687)
Beveiligingsupdate voor Windows XP (KB958690)
Beveiligingsupdate voor Windows XP (KB959426)
Beveiligingsupdate voor Windows XP (KB960225)
Beveiligingsupdate voor Windows XP (KB960714)
Beveiligingsupdate voor Windows XP (KB960715)
Beveiligingsupdate voor Windows XP (KB960803)
Beveiligingsupdate voor Windows XP (KB961371)
Beveiligingsupdate voor Windows XP (KB961373)
Beveiligingsupdate voor Windows XP (KB961501)
Beveiligingsupdate voor Windows XP (KB968537)
Beveiligingsupdate voor Windows XP (KB969898)
Beveiligingsupdate voor Windows XP (KB970238)
Beveiligingsupdate voor Windows XP (KB971633)
Beveiligingsupdate voor Windows XP (KB973346)
BF2 Editor
Camtasia Studio 6
Canon i560
Catalyst Control Center - Branding
Cheat Engine 5.4
Choice Guard
dBpoweramp Music Converter
DD Poker 3 
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
DriveImage XML (Private Edition)
DVD Region+CSS Free 5.9.8.5
DyynoPlayer 0.8.6f.2
FairStars Audio Converter Pro 1.02
FileZilla Client 3.2.2.1
FormatFactory 1.70
Foxit Reader
Free Word/Doc Txt to Image Jpg/Jpeg Bmp Tiff Png Converter 5.6
FreeCall
Futuremark SystemInfo
GOM Player
Google Earth
Google Update Helper
Google Updater
GrabIt 1.7.2 Beta 3 (build 996)
GTA San Andreas
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Hotfix voor Windows XP (KB935448)
Hotfix voor Windows XP (KB952287)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
Image Resizer Powertoy for Windows XP
ImgBurn
IrfanView (remove only)
Java(TM) 6 Update 12
K-Lite Mega Codec Pack 4.2.5
Last.fm 1.5.4.24567
Magic FLAC to MP3 Converter 3.71
Malwarebytes' Anti-Malware
Messenger Plus! Live
MessengerDiscovery 1.5.0800
MessengerDiscovery 2.0.44
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mIRC
Mirror's Edge™
MKV TO AVI CONVERTER version 3.2
MKV To AVI With Subtitle version 1.0
Mozilla Firefox (3.0.13)
MP3 Repair Tool v1.5.2
Mp3tag v2.42
MSVCRT
MSXML 4.0 SP2 (KB954430)
MTA: Race for San Andreas 1.1.1
NewsLeecher v3.9 Final
NVIDIA PhysX v8.10.17
PFConfig 1.0.163
PFPortChecker 1.0.28
PhotoScape
PokerStars
PunkBuster Services
Quake Live Mozilla Plugin
QuickPar 0.9
QuickTime
ReaConverter 5.5 Pro
Real Alternative 1.9.0
RealDice Multiplayer Championship Poker
Realtek High Definition Audio Driver
River Past Crazi Video Pro
SABnzbd (remove only)
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Satellite TV for PC
Segoe UI
Spotify
Spybot - Search & Destroy
Steam
Subtitle Workshop 2.51
SUPER © Version 2009.bld.36 (June 10, 2009)
SyncBack
TI Connect 1.6
Tweak UI
Update voor Windows XP (KB898461)
Update voor Windows XP (KB955839)
Update voor Windows XP (KB961503)
Update voor Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player
VLC media player 0.9.8a
Winamp
Windows Audio Recorder Professional 4.53
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live - Hulpprogramma voor uploaden
Windows Live aanmeldhulp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Media Format Runtime
Windows-stuurprogrammapakket - MobileTop (sshpmdm) Modem  (02/23/2007 2.5.0.0)
Windows-stuurprogrammapakket - MobileTop (sshpusb) USB  (02/23/2007 2.5.0.0)
WinRAR archiver
Wondershare DVD Ripper Platinum(Build 4.0.2.17)
World of Warcraft FREE Trial
Xfire (remove only)
Xvid 1.1.3 final uninstall


-HijackThis Scan;
All lines you gave, were found.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini20.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.18.93.109:80
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [pp] C:\windows\pp1.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present


-The oldest log I could find, although it is from a quick scan. It's in Dutch, though.
Code: Select all
Malwarebytes' Anti-Malware 1.33
Database versie: 1712
Windows 5.1.2600 Service Pack 2

1/02/2009 14:07:11
mbam-log-2009-02-01 (14-07-11).txt

Scan type: Snelle Scan
Objecten gescand: 47049
Verstreken tijd: 1 minute(s), 44 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)


-The removal of pp1.exe was impossible: The file did not exist.

-CCleaner did it's job.

-The DDS log:
Code: Select all
DDS (Ver_09-07-30.01) - NTFSx86  
Run by ArnoVL at 19:41:51,62 on za 08/08/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition  5.1.2600.2.1252.32.1043.18.3071.2398 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)   {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\RSSoft\RedSwoosh.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ArnoVL\Mijn documenten\GrabIt Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.mini20.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 195.18.93.109:80
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Red Swoosh] c:\program files\rssoft\RedSwoosh.exe /S
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Vidalia] "c:\program files\vidalia bundle\vidalia\vidalia.exe"
uRun: [Google Update] "c:\documents and settings\arnovl\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Aim6] 
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [scheduler_monitor] c:\program files\reaconverter 5.5 pro\init_scheduler.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [pp] c:\windows\pp1.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\arnovl\menust~1\progra~1\opstar~1\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\progra~1\dvdreg~1\DVDShell.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\arnovl\applic~1\mozilla\firefox\profiles\geqxpy07.default\
FF - component: c:\documents and settings\arnovl\application data\mozilla\firefox\profiles\geqxpy07.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\arnovl\application data\mozilla\firefox\profiles\geqxpy07.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\arnovl\application data\mozilla\firefox\profiles\geqxpy07.default\extensions\npdyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\documents and settings\arnovl\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\dyyno\dyyno player\npvlc.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-31 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-31 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-31 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-31 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-31 298776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-6 24652]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-1-30 93696]
S2 gupdate1c99a8e877ae50a;Google Updateservice (gupdate1c99a8e877ae50a);c:\program files\google\update\GoogleUpdate.exe [2009-3-1 133104]
S3 cpuz130;cpuz130;\??\c:\docume~1\arnovl\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\arnovl\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;\??\c:\docume~1\arnovl\locals~1\temp\rar$ex00.703\ilvmoney1196.sys --> c:\docume~1\arnovl\locals~1\temp\rar$ex00.703\IlvMoney1196.sys [?]
S3 rcp_service;ReaConverter scheduler service;c:\program files\reaconverter 5.5 pro\rcp_scheduler.exe [2007-11-30 558592]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2009-08-08 19:39	<DIR>	--d-hr--	c:\documents and settings\arnovl\Onlangs geopend
2009-08-08 19:34	<DIR>	--d-----	c:\program files\CCleaner
2009-08-07 22:56	<DIR>	--d-----	c:\docume~1\arnovl\applic~1\fltk.org
2009-08-07 00:51	<DIR>	--d-----	c:\program files\IrfanView
2009-08-04 02:24	719,872	a-------	c:\windows\system32\devil.dll
2009-08-04 02:24	318,976	a-------	c:\windows\system32\avisynth.dll
2009-08-04 02:24	70,656	a-------	c:\windows\system32\i420vfw.dll
2009-08-04 02:24	27,648	a-------	c:\windows\system32\AVSredirect.dll
2009-08-04 02:24	<DIR>	--d-----	c:\program files\AviSynth 2.5
2009-08-04 02:23	<DIR>	--d-----	c:\program files\eRightSoft
2009-08-04 02:07	1,386	a-------	c:\docume~1\arnovl\applic~1\filterclsid.dat
2009-08-01 12:57	<DIR>	--d-----	c:\program files\NewsLeecher
2009-08-01 00:27	<DIR>	--d-----	c:\docume~1\arnovl\applic~1\VitySoft
2009-07-31 19:46	<DIR>	--d-----	C:\ConvertTemp
2009-07-31 19:46	<DIR>	--d-----	c:\docume~1\arnovl\applic~1\Samsung
2009-07-31 19:38	174,592	a-------	c:\windows\system32\framedyn.dll
2009-07-31 19:38	109,704	a-------	c:\windows\system32\drivers\ss_mdm.sys
2009-07-31 19:38	83,592	a-------	c:\windows\system32\drivers\ss_bus.sys
2009-07-31 19:38	15,112	a-------	c:\windows\system32\drivers\ss_mdfl.sys
2009-07-31 19:38	12,424	a-------	c:\windows\system32\drivers\ss_whnt.sys
2009-07-31 19:38	12,424	a-------	c:\windows\system32\drivers\ss_wh.sys
2009-07-31 19:38	12,424	a-------	c:\windows\system32\drivers\ss_cmnt.sys
2009-07-31 19:38	12,424	a-------	c:\windows\system32\drivers\ss_cm.sys
2009-07-31 19:38	<DIR>	--d-----	c:\windows\system32\Samsung_USB_Drivers
2009-07-31 19:38	766	a-------	c:\windows\system32\Uninstall.ico
2009-07-31 19:38	5,632	a-------	c:\windows\system32\drivers\StarOpen.sys
2009-07-31 19:38	<DIR>	--d-----	c:\program files\Samsung
2009-07-24 03:57	41,872	a-------	c:\windows\system32\xfcodec.dll
2009-07-15 00:28	<DIR>	--d-----	c:\docume~1\arnovl\applic~1\AccurateRip
2009-07-15 00:28	5,433,520	a-------	c:\windows\system32\SpoonUninstall.exe
2009-07-15 00:28	33,846	a-------	c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2009-07-15 00:28	14,373	a-------	c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-07-15 00:27	<DIR>	--d-----	c:\program files\Illustrate
2009-07-14 23:56	<DIR>	--d-----	C:\mp3backup
2009-07-14 23:37	<DIR>	--d-----	c:\docume~1\arnovl\applic~1\FairStars Audio Converter Pro
2009-07-14 23:36	<DIR>	--d-----	c:\program files\FairStars Audio Converter Pro
2009-07-14 23:22	<DIR>	--d-----	c:\program files\FLAC to MP3 Converter
2009-07-14 15:45	<DIR>	--d-----	c:\program files\Trend Micro
2009-07-14 13:59	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-07-10 13:03	<DIR>	--d-----	c:\program files\PC Satellite TV
2009-07-09 19:43	961	a-------	c:\windows\ST4UNST.002

==================== Find3M  ====================

2009-07-10 11:51	335,752	a-------	c:\windows\system32\drivers\avgldx86.sys
2009-07-07 03:23	40	a-------	C:\shutdown.bat
2009-06-29 18:01	827,392	a-------	c:\windows\system32\wininet.dll
2009-06-29 18:01	78,336	a-------	c:\windows\system32\ieencode.dll
2009-06-29 18:01	17,408	a-------	c:\windows\system32\corpol.dll
2009-06-26 11:31	11,952	a-------	c:\windows\system32\avgrsstx.dll
2009-06-21 18:03	120,509	a-------	c:\windows\hpoins11.dat
2009-06-16 16:55	119,808	a-------	c:\windows\system32\t2embed.dll
2009-06-16 16:55	82,432	a-------	c:\windows\system32\fontsub.dll
2009-06-14 15:52	455,614	a-------	c:\windows\system32\perfh013.dat
2009-06-14 15:52	76,582	a-------	c:\windows\system32\perfc013.dat
2009-06-03 21:27	1,294,848	a-------	c:\windows\system32\quartz.dll
2009-05-24 14:36	75,064	a-------	c:\windows\system32\PnkBstrA.exe
2009-05-24 14:31	189,472	a-------	c:\windows\system32\PnkBstrB.exe
2009-02-27 16:54	22,328	a-------	c:\docume~1\arnovl\applic~1\PnkBstrK.sys
2006-05-03 11:06	163,328	---shr--	c:\windows\system32\flvDX.dll
2007-02-21 12:47	31,232	---shr--	c:\windows\system32\msfDX.dll
2008-03-16 14:30	216,064	---shr--	c:\windows\system32\nbDX.dll

============= FINISH: 19:42:02,17 ===============


-The Attachment;
Attach.txt


Hope I did the right things, thanks for your effords!
You do not have the required permissions to view the files attached to this post.
Arno
Active Member
 
Posts: 11
Joined: July 14th, 2009, 9:47 am

Re: Browsers don't work properly

Unread postby Bob4 » August 8th, 2009, 4:20 pm

Need a new HJT log.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Browsers don't work properly

Unread postby Arno » August 8th, 2009, 5:10 pm

Bob4 wrote:Need a new HJT log.

Here you go;
Code: Select all
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:09:58, on 8/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\RSSoft\RedSwoosh.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ArnoVL\Mijn documenten\PSX\ePSXe.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini20.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.18.93.109:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [pp] C:\windows\pp1.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ArnoVL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updateservice (gupdate1c99a8e877ae50a) (gupdate1c99a8e877ae50a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6762 bytes
Arno
Active Member
 
Posts: 11
Joined: July 14th, 2009, 9:47 am

Re: Browsers don't work properly

Unread postby Bob4 » August 8th, 2009, 5:13 pm

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Browsers don't work properly

Unread postby Arno » August 8th, 2009, 7:40 pm

Okay, here is the ComboFix log:
Code: Select all
ComboFix 09-08-07.09 - ArnoVL 09/08/2009  1:30.1.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.32.1043.18.3071.2491 [GMT 2:00]
Gestart vanuit: c:\documents and settings\ArnoVL\Mijn documenten\GrabIt Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
[i] ADS - WINDOWS: deleted 24 bytes in 1 streams. [/i]

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\system\smss.exe.assembly
c:\recycler\S-1-5-21-1409082233-789336058-839522115-1004
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\AVSredirect.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\NSIS.Library.RegTool.v2.{DD25E76B-9D39-4222-B5D8-A07A42E4CAC5}.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ILVMONEYDRIVER53
-------\Service_IlvMoneyDRIVER53


((((((((((((((((((((   Bestanden Gemaakt van 2009-07-08 to 2009-08-08  ))))))))))))))))))))))))))))))
.

2009-08-08 17:39 . 2009-08-08 21:10	--------	d--h--r-	c:\documents and settings\ArnoVL\Onlangs geopend
2009-08-08 17:34 . 2009-08-08 17:34	--------	d-----w-	c:\program files\CCleaner
2009-08-07 20:56 . 2009-08-07 20:56	--------	d-----w-	c:\documents and settings\ArnoVL\Application Data\fltk.org
2009-08-06 22:51 . 2009-08-06 22:51	--------	d-----w-	c:\program files\IrfanView
2009-08-04 13:17 . 2009-08-04 13:19	--------	d-----w-	c:\documents and settings\ArnoVL\Local Settings\Application Data\Temp
2009-08-04 00:24 . 2007-05-17 15:30	318976	----a-w-	c:\windows\system32\avisynth.dll
2009-08-04 00:24 . 2004-02-22 08:11	719872	----a-w-	c:\windows\system32\devil.dll
2009-08-04 00:24 . 2009-08-04 00:24	--------	d-----w-	c:\program files\AviSynth 2.5
2009-08-04 00:24 . 2004-01-24 22:00	70656	----a-w-	c:\windows\system32\i420vfw.dll
2009-08-04 00:23 . 2008-03-16 12:30	216064	--sh--r-	c:\windows\system32\nbDX.dll
2009-08-04 00:23 . 2007-02-21 10:47	31232	--sh--r-	c:\windows\system32\msfDX.dll
2009-08-04 00:23 . 2006-05-03 09:06	163328	--sh--r-	c:\windows\system32\flvDX.dll
2009-08-04 00:23 . 2009-08-04 00:23	--------	d-----w-	c:\program files\eRightSoft
2009-08-01 10:57 . 2009-08-01 10:57	--------	d-----w-	c:\program files\NewsLeecher
2009-07-31 22:27 . 2009-07-31 22:27	--------	d-----w-	c:\documents and settings\ArnoVL\Application Data\VitySoft
2009-07-31 17:46 . 2009-07-31 17:46	--------	d-----w-	C:\ConvertTemp
2009-07-31 17:46 . 2009-07-31 17:46	--------	d-----w-	c:\documents and settings\ArnoVL\Application Data\Samsung
2009-07-31 17:38 . 2006-05-03 20:53	174592	----a-w-	c:\windows\system32\framedyn.dll
2009-07-31 17:38 . 2009-07-31 17:38	--------	d-----w-	c:\program files\DIFX
2009-07-31 17:38 . 2009-07-31 17:38	--------	d-----w-	c:\windows\system32\Samsung_USB_Drivers
2009-07-31 17:38 . 2007-05-02 09:11	15112	----a-w-	c:\windows\system32\drivers\ss_mdfl.sys
2009-07-31 17:38 . 2007-05-02 09:11	12424	----a-w-	c:\windows\system32\drivers\ss_whnt.sys
2009-07-31 17:38 . 2007-05-02 09:11	12424	----a-w-	c:\windows\system32\drivers\ss_wh.sys
2009-07-31 17:38 . 2007-05-02 09:11	109704	----a-w-	c:\windows\system32\drivers\ss_mdm.sys
2009-07-31 17:38 . 2007-05-02 09:11	83592	----a-w-	c:\windows\system32\drivers\ss_bus.sys
2009-07-31 17:38 . 2007-05-02 09:11	12424	----a-w-	c:\windows\system32\drivers\ss_cmnt.sys
2009-07-31 17:38 . 2007-05-02 09:11	12424	----a-w-	c:\windows\system32\drivers\ss_cm.sys
2009-07-31 17:38 . 2009-07-31 17:43	5632	----a-w-	c:\windows\system32\drivers\StarOpen.sys
2009-07-31 17:38 . 2009-07-31 17:38	--------	d-----w-	c:\program files\Samsung
2009-07-24 01:57 . 2009-07-24 01:57	41872	----a-w-	c:\windows\system32\xfcodec.dll
2009-07-14 22:28 . 2009-07-14 22:28	--------	d-----w-	c:\documents and settings\ArnoVL\Application Data\AccurateRip
2009-07-14 22:28 . 2009-07-14 22:28	14373	----a-w-	c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-07-14 22:28 . 2009-07-14 22:27	5433520	----a-w-	c:\windows\system32\SpoonUninstall.exe
2009-07-14 22:27 . 2009-07-14 22:27	--------	d-----w-	c:\program files\Illustrate
2009-07-14 21:56 . 2009-07-14 21:56	--------	d-----w-	C:\mp3backup
2009-07-14 21:37 . 2009-07-14 22:24	--------	d-----w-	c:\documents and settings\ArnoVL\Application Data\FairStars Audio Converter Pro
2009-07-14 21:36 . 2009-07-14 21:37	--------	d-----w-	c:\program files\FairStars Audio Converter Pro
2009-07-14 21:22 . 2009-07-14 21:23	--------	d-----w-	c:\program files\FLAC to MP3 Converter
2009-07-14 13:45 . 2009-07-14 13:45	--------	d-----w-	c:\program files\Trend Micro
2009-07-14 11:59 . 2009-07-14 11:59	--------	d-----w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-12 19:49 . 2009-06-08 12:00	110592	----a-w-	c:\documents and settings\ArnoVL\Application Data\Mozilla\Firefox\Profiles\geqxpy07.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
2009-07-10 16:30 . 2009-07-14 22:35	--------	d-----w-	c:\documents and settings\ArnoVL\Application Data\DivX
2009-07-10 11:03 . 2009-07-10 11:08	--------	d-----w-	c:\program files\PC Satellite TV

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-08 23:35 . 2009-02-08 00:23	--------	d-----w-	c:\program files\RSSoft
2009-08-08 23:34 . 2009-02-18 13:04	--------	d-----w-	c:\documents and settings\ArnoVL\Application Data\Xfire
2009-08-08 23:34 . 2009-01-30 16:12	1324	----a-w-	c:\windows\system32\d3d9caps.dat
2009-08-08 23:32 . 2009-01-31 14:55	--------	d-----w-	c:\program files\System
2009-08-08 17:40 . 2009-02-03 16:20	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-08 10:33 . 2009-01-30 16:25	18408	----a-w-	c:\documents and settings\ArnoVL\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-07 23:26 . 2009-03-01 16:54	--------	d-----w-	c:\documents and settings\All Users\Application Data\Google Updater
2009-08-07 10:57 . 2009-02-18 13:04	--------	d-----w-	c:\program files\Xfire
2009-08-06 20:31 . 2009-08-04 00:07	1386	----a-w-	c:\documents and settings\ArnoVL\Application Data\filterclsid.dat
2009-08-01 15:11 . 2009-02-04 14:27	--------	d-----w-	c:\documents and settings\ArnoVL\Application Data\Nero
2009-08-01 15:11 . 2009-02-04 14:27	--------	d-----w-	c:\program files\NeroPortable
2009-08-01 11:03 . 2009-02-05 15:49	--------	d-----w-	c:\documents and settings\ArnoVL\Application Data\GrabIt
2009-08-01 01:07 . 2009-02-28 01:14	--------	d-----w-	c:\program files\Microsoft Silverlight
2009-07-31 17:38 . 2009-01-30 15:08	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-07-15 18:26 . 2009-06-09 15:40	--------	d---a-w-	c:\program files\Portable Microsoft Office 2003 - Word und Excel
2009-07-13 22:03 . 2009-03-29 17:56	--------	d-----w-	c:\program files\Cheat Engine
2009-07-12 15:57 . 2009-02-24 11:39	--------	d-----w-	c:\documents and settings\ArnoVL\Application Data\FileZilla
2009-07-10 09:51 . 2009-01-31 15:20	335752	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2009-07-09 17:43 . 2009-03-06 22:00	--------	d-----w-	c:\program files\Maanrag
2009-07-08 22:00 . 2009-02-02 15:23	--------	d-----w-	c:\program files\PokerStars
2009-07-07 22:48 . 2009-07-07 22:48	--------	d-----w-	c:\program files\DivX
2009-07-07 22:48 . 2009-07-07 22:48	--------	d-----w-	c:\program files\Common Files\DivX Shared
2009-07-07 01:23 . 2009-07-07 01:23	40	----a-w-	C:\shutdown.bat
2009-07-01 20:56 . 2009-07-01 20:54	--------	d-----w-	c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-01 20:54 . 2009-07-01 20:54	--------	d-----w-	c:\program files\QuickTime
2009-07-01 14:28 . 2009-07-01 14:26	--------	d-----w-	c:\documents and settings\ArnoVL\Application Data\BonkEnc
2009-07-01 14:25 . 2009-07-01 14:25	--------	d-----w-	c:\program files\BonkEnc
2009-06-30 10:58 . 2009-06-21 16:04	--------	d-----w-	c:\documents and settings\ArnoVL\Application Data\Image Zone Express
2009-06-29 16:01 . 2004-08-04 12:00	827392	----a-w-	c:\windows\system32\wininet.dll
2009-06-29 16:01 . 2004-08-04 12:00	78336	----a-w-	c:\windows\system32\ieencode.dll
2009-06-29 16:01 . 2004-08-04 12:00	17408	----a-w-	c:\windows\system32\corpol.dll
2009-06-28 16:39 . 2009-03-03 18:35	--------	d-----w-	c:\program files\PhotoScape
2009-06-26 23:13 . 2009-04-24 20:36	--------	d-----w-	c:\program files\JDownloader
2009-06-26 09:31 . 2009-01-31 15:20	11952	----a-w-	c:\windows\system32\avgrsstx.dll
2009-06-26 09:31 . 2009-01-31 15:20	27784	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2009-06-25 21:50 . 2009-06-25 21:50	488960	----a-w-	c:\documents and settings\ArnoVL\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv302-0811070-0-main.dll
2009-06-25 21:50 . 2009-06-25 21:50	319488	----a-w-	c:\documents and settings\ArnoVL\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
2009-06-23 10:01 . 2009-06-23 10:01	--------	d-----w-	c:\program files\MSXML 4.0
2009-06-21 19:45 . 2009-06-21 19:45	--------	d-----w-	c:\documents and settings\ArnoVL\Application Data\HP
2009-06-21 16:03 . 2009-06-21 16:03	18016	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-21 16:03 . 2009-06-21 16:03	--------	d-----w-	c:\documents and settings\LocalService\Application Data\HP
2009-06-21 16:03 . 2009-06-21 15:56	120509	----a-w-	c:\windows\hpoins11.dat
2009-06-21 16:02 . 2009-06-21 16:02	--------	d-----w-	c:\documents and settings\All Users\Application Data\HP
2009-06-21 16:02 . 2009-06-21 16:02	--------	d-----w-	c:\program files\Common Files\HP
2009-06-21 16:02 . 2009-06-21 15:58	--------	d-----w-	c:\program files\HP
2009-06-21 16:00 . 2009-06-21 16:00	--------	d-----w-	c:\program files\Hewlett-Packard
2009-06-21 16:00 . 2009-06-21 16:00	--------	d-----w-	c:\program files\Common Files\Hewlett-Packard
2009-06-20 20:57 . 2009-06-20 19:31	--------	d-----w-	c:\documents and settings\ArnoVL\Application Data\mIRC
2009-06-20 19:31 . 2009-06-20 19:31	--------	d-----w-	c:\program files\mIRC
2009-06-18 19:51 . 2009-06-18 19:37	--------	d-----w-	c:\program files\eMule
2009-06-18 08:56 . 2009-06-18 08:56	1878984	----a-w-	c:\documents and settings\ArnoVL\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-16 14:55 . 2004-08-04 12:00	82432	----a-w-	c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 12:00	119808	----a-w-	c:\windows\system32\t2embed.dll
2009-06-16 12:56 . 2009-06-16 12:53	--------	d-----w-	c:\program files\Windows Audio Recorder Professional
2009-06-15 23:52 . 2009-02-20 19:14	8	---ha-w-	c:\windows\system32\adb.dat
2009-06-15 22:41 . 2009-02-20 18:53	--------	d-----w-	c:\documents and settings\ArnoVL\Application Data\AviDvdBurner
2009-06-15 10:00 . 2009-06-15 10:00	552	----a-w-	c:\windows\system32\d3d8caps.dat
2009-06-14 13:52 . 2004-08-04 12:00	76582	----a-w-	c:\windows\system32\perfc013.dat
2009-06-14 13:52 . 2004-08-04 12:00	455614	----a-w-	c:\windows\system32\perfh013.dat
2009-06-14 13:50 . 2009-06-14 13:50	--------	d-----w-	c:\program files\TI Education
2009-06-14 13:50 . 2009-06-14 13:50	--------	d-----w-	c:\program files\Common Files\TI Shared
2009-06-14 13:49 . 2009-02-25 10:46	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2009-06-12 21:27 . 2009-06-12 21:27	91	----a-w-	c:\documents and settings\All Users\Application Data\Last.fm\Client\uninst2.bat
2009-06-12 21:27 . 2009-06-12 21:27	683801	----a-w-	c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstWA\unins000.exe
2009-06-12 21:27 . 2009-06-12 21:27	--------	d-----w-	c:\documents and settings\All Users\Application Data\Last.fm
2009-06-12 21:26 . 2009-06-12 21:15	--------	d-----w-	c:\documents and settings\ArnoVL\Application Data\Winamp
2009-06-12 21:18 . 2009-06-12 21:15	--------	d-----w-	c:\program files\Winamp
2009-06-11 21:16 . 2009-06-11 21:16	--------	d-----w-	c:\program files\Last.fm
2009-06-10 19:14 . 2009-06-10 19:14	--------	d-----w-	c:\program files\URUSoft
2009-06-10 16:03 . 2009-06-10 16:03	--------	d-----w-	c:\program files\Advanced Batch Converter
2009-06-10 16:00 . 2009-06-10 15:51	--------	d-----w-	c:\documents and settings\ArnoVL\Application Data\RCP 5
2009-06-10 15:59 . 2009-06-10 15:59	--------	d-----w-	c:\program files\UIC Phoenxsoftware
2009-06-10 15:51 . 2009-06-10 15:51	--------	d-----w-	c:\program files\ReaConverter 5.5 Pro
2009-06-10 10:40 . 2009-06-10 10:40	--------	d-----w-	c:\program files\Foxit Software
2009-06-10 10:40 . 2009-06-10 10:40	--------	d-----w-	c:\documents and settings\ArnoVL\Application Data\Foxit
2009-06-04 16:00 . 2009-06-04 16:00	59992	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.459\English\setup.exe
2009-06-03 19:27 . 2004-08-04 12:00	1294848	----a-w-	c:\windows\system32\quartz.dll
2009-05-24 12:36 . 2009-02-27 14:25	138168	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2009-05-24 12:36 . 2009-02-27 14:25	75064	----a-w-	c:\windows\system32\PnkBstrA.exe
2009-05-24 12:31 . 2009-02-27 14:25	189472	----a-w-	c:\windows\system32\PnkBstrB.exe
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 09:06 . 2009-08-04 00:23	163328	--sh--r-	c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-08-04 00:23	31232	--sh--r-	c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-08-04 00:23	216064	--sh--r-	c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Red Swoosh"="c:\program files\RSSoft\RedSwoosh.exe" [2007-02-27 62436]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"Google Update"="c:\documents and settings\ArnoVL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-18 133104]
"scheduler_monitor"="c:\program files\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 27136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-26 1948440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-24 148888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-17 61440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-22 37888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-13 16857600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\ArnoVL\Menu Start\Programma's\Opstarten\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-7-24 3191696]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-26 09:31	11952	----a-w-	c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ddpoker3\\ddpoker.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\ArnoVL\\Mijn documenten\\samp server\\samp-server.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\ArnoVL\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\EA Games\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Documents and Settings\\ArnoVL\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Documents and Settings\\ArnoVL\\Mijn documenten\\senc_02\\steam\\steamapps\\virtualuser\\sourcesdk\\bin\\orangebox\\bin\\vvis.exe"=
"c:\\Program Files\\EA Games\\Battlefield 2\\Bf2_w32ded.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [31/01/2009 17:20 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31/01/2009 17:20 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [31/01/2009 17:19 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [31/01/2009 17:19 298776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/04/2009 1:13 24652]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [30/01/2009 18:19 93696]
S2 gupdate1c99a8e877ae50a;Google Updateservice (gupdate1c99a8e877ae50a);c:\program files\Google\Update\GoogleUpdate.exe [1/03/2009 18:55 133104]
S3 cpuz130;cpuz130;\??\c:\docume~1\ArnoVL\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ArnoVL\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [30/11/2007 11:27 558592]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
Inhoud van de 'Gedeelde Taken' map

2009-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-08-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-01 22:03]

2009-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 16:55]

2009-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 16:55]

2009-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-261903793-725345543-1004Core.job
- c:\documents and settings\ArnoVL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-18 14:31]

2009-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-261903793-725345543-1004UA.job
- c:\documents and settings\ArnoVL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-18 14:31]
.
- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
HKCU-Run-Aim6 - (no file)


.
------- Bijkomende Scan -------
.
uStart Page = hxxp://google.mini20.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 195.18.93.109:80
FF - ProfilePath - c:\documents and settings\ArnoVL\Application Data\Mozilla\Firefox\Profiles\geqxpy07.default\
FF - component: c:\documents and settings\ArnoVL\Application Data\Mozilla\Firefox\Profiles\geqxpy07.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\ArnoVL\Application Data\Mozilla\Firefox\Profiles\geqxpy07.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\ArnoVL\Application Data\Mozilla\Firefox\Profiles\geqxpy07.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\documents and settings\ArnoVL\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-09 01:34
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-299502267-261903793-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{754FF845-1AB3-ED00-C8CA-2704F2FD5BBB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eakhgganlm"=hex:66,61,65,69,66,6a,65,6c,67,70,63,6f,00,31
"dabinpan"=hex:64,62,6f,66,6a,69,6f,6e,6c,6e,62,6f,61,61,61,6b,62,6d,6f,6f,6a,
   65,65,6e,6e,68,6c,6e,69,61,66,61,66,6f,68,6e,64,68,70,6d,00,00

[HKEY_USERS\S-1-5-21-299502267-261903793-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0DFB2F3-B3E7-BE75-DEC4-90EF334E27D0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ablnaoogkdjgmomkabjbimkhegcggmgple"=hex:61,61,00,00
"bblnaoogkdjgmomkabkphnnmnmddegpopnch"=hex:61,61,00,00
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1364)
c:\windows\system32\msls31.dll
c:\windows\system32\msi.dll
c:\windows\system32\browselc.dll
c:\progra~1\AUDIOS~1\AUDIOS~1.DLL
c:\program files\Illustrate\dBpoweramp\dBShell.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Voltooingstijd: 2009-08-08  1:37 - machine werd herstart
ComboFix-quarantined-files.txt  2009-08-08 23:37

Pre-Run: 89.207.463.936 bytes beschikbaar
Post-Run: 89.127.788.544 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

349	--- E O F ---	2009-08-01 01:01
Arno
Active Member
 
Posts: 11
Joined: July 14th, 2009, 9:47 am

Re: Browsers don't work properly

Unread postby Bob4 » August 8th, 2009, 8:10 pm

I'll have a look this eve. May take a bit to translate some of it.
Please...In the future do not wrap logs in BB code tags. Makes it harder to read. Just post logs as is.
Back to you as soon as I can ;) tonight or tomorrow
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Browsers don't work properly

Unread postby Bob4 » August 9th, 2009, 9:19 am

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

EMule and any other file sharing programs.
If I notice any others I may have to close this thread.

We have noticed that most people seeking help from us are coming with infections contracted from the use of P2P programmes.

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).





___________________________________________________
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

If you need help on disabling your anitvirus visit this link.
http://www.bleepingcomputer.com/forums/topic114351.html

3. Open notepad and copy/paste the text in the quotebox below into it:


Reglock::
[HKEY_USERS\S-1-5-21-299502267-261903793-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{754FF845-1AB3-ED00-C8CA-2704F2FD5BBB}*]
[HKEY_USERS\S-1-5-21-299502267-261903793-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0DFB2F3-B3E7-BE75-DEC4-90EF334E27D0}*]
Files::
C:\windows\pp1.exe




Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

NOTE: This script was done for this user specifically.
DO NOT ATTEMPT TO USE IT IF YOU ARE NOT THIS USER
YOU WILL HURT THE WORKINGS OF YOUR COMPUTER !!
.


When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



______________________________
RUN HJT

HJT
Run hijackthis and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini20.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.18.93.109:80
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [pp] C:\windows\pp1.exe


Close that.



______________________________
I see you have Malwarebytes anti Malware installed.
Let's update it and run a full scan.

  • Open Malwarebytes program
  • Click on updates.
  • If an update is found, it will download and install the latest version.
  • If it has trouble updating try clicking on update Mirror ( under the check for updates box) and try updating again.
  • Once the program has updated, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the contents of that log.

    If you accidentally close it you may find it here.
    Start -> All Programs -> Malwarebytes' Anti-Malware -> Logs





    _________________________
    In your next reply I would like to see:
    • A new HJT log
    • The report from ComboFix
    • The report from Malwarebytes
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Browsers don't work properly

Unread postby Arno » August 9th, 2009, 11:34 am

I had already read the P2P topic, and I had removed eMule/utorrent. But the folder itself with config stuff was still there.. So don't worry, the program is gone ;)

-Combofix log;
ComboFix 09-08-08.04 - ArnoVL 09/08/2009 16:26.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.32.1043.18.3071.2316 [GMT 2:00]
Gestart vanuit: c:\documents and settings\ArnoVL\Mijn documenten\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\ArnoVL\Mijn documenten\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((( Bestanden Gemaakt van 2009-07-09 to 2009-08-09 ))))))))))))))))))))))))))))))
.

2009-08-08 17:39 . 2009-08-09 14:23 -------- d--h--r- c:\documents and settings\ArnoVL\Onlangs geopend
2009-08-08 17:34 . 2009-08-08 17:34 -------- d-----w- c:\program files\CCleaner
2009-08-07 20:56 . 2009-08-07 20:56 -------- d-----w- c:\documents and settings\ArnoVL\Application Data\fltk.org
2009-08-06 22:51 . 2009-08-06 22:51 -------- d-----w- c:\program files\IrfanView
2009-08-04 13:17 . 2009-08-04 13:19 -------- d-----w- c:\documents and settings\ArnoVL\Local Settings\Application Data\Temp
2009-08-04 00:24 . 2007-05-17 15:30 318976 ----a-w- c:\windows\system32\avisynth.dll
2009-08-04 00:24 . 2004-02-22 08:11 719872 ----a-w- c:\windows\system32\devil.dll
2009-08-04 00:24 . 2009-08-04 00:24 -------- d-----w- c:\program files\AviSynth 2.5
2009-08-04 00:24 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2009-08-04 00:23 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-08-04 00:23 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2009-08-04 00:23 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-08-04 00:23 . 2009-08-04 00:23 -------- d-----w- c:\program files\eRightSoft
2009-08-01 10:57 . 2009-08-01 10:57 -------- d-----w- c:\program files\NewsLeecher
2009-07-31 22:27 . 2009-07-31 22:27 -------- d-----w- c:\documents and settings\ArnoVL\Application Data\VitySoft
2009-07-31 17:46 . 2009-07-31 17:46 -------- d-----w- C:\ConvertTemp
2009-07-31 17:46 . 2009-07-31 17:46 -------- d-----w- c:\documents and settings\ArnoVL\Application Data\Samsung
2009-07-31 17:38 . 2006-05-03 20:53 174592 ----a-w- c:\windows\system32\framedyn.dll
2009-07-31 17:38 . 2009-07-31 17:38 -------- d-----w- c:\program files\DIFX
2009-07-31 17:38 . 2009-07-31 17:38 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2009-07-31 17:38 . 2007-05-02 09:11 15112 ----a-w- c:\windows\system32\drivers\ss_mdfl.sys
2009-07-31 17:38 . 2007-05-02 09:11 12424 ----a-w- c:\windows\system32\drivers\ss_whnt.sys
2009-07-31 17:38 . 2007-05-02 09:11 12424 ----a-w- c:\windows\system32\drivers\ss_wh.sys
2009-07-31 17:38 . 2007-05-02 09:11 109704 ----a-w- c:\windows\system32\drivers\ss_mdm.sys
2009-07-31 17:38 . 2007-05-02 09:11 83592 ----a-w- c:\windows\system32\drivers\ss_bus.sys
2009-07-31 17:38 . 2007-05-02 09:11 12424 ----a-w- c:\windows\system32\drivers\ss_cmnt.sys
2009-07-31 17:38 . 2007-05-02 09:11 12424 ----a-w- c:\windows\system32\drivers\ss_cm.sys
2009-07-31 17:38 . 2009-07-31 17:43 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-07-31 17:38 . 2009-07-31 17:38 -------- d-----w- c:\program files\Samsung
2009-07-24 01:57 . 2009-07-24 01:57 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-07-14 22:28 . 2009-07-14 22:28 -------- d-----w- c:\documents and settings\ArnoVL\Application Data\AccurateRip
2009-07-14 22:28 . 2009-07-14 22:28 14373 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-07-14 22:28 . 2009-07-14 22:27 5433520 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-07-14 22:27 . 2009-07-14 22:27 -------- d-----w- c:\program files\Illustrate
2009-07-14 21:56 . 2009-07-14 21:56 -------- d-----w- C:\mp3backup
2009-07-14 21:37 . 2009-07-14 22:24 -------- d-----w- c:\documents and settings\ArnoVL\Application Data\FairStars Audio Converter Pro
2009-07-14 21:36 . 2009-07-14 21:37 -------- d-----w- c:\program files\FairStars Audio Converter Pro
2009-07-14 21:22 . 2009-07-14 21:23 -------- d-----w- c:\program files\FLAC to MP3 Converter
2009-07-14 13:45 . 2009-07-14 13:45 -------- d-----w- c:\program files\Trend Micro
2009-07-14 11:59 . 2009-07-14 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-12 19:49 . 2009-06-08 12:00 110592 ----a-w- c:\documents and settings\ArnoVL\Application Data\Mozilla\Firefox\Profiles\geqxpy07.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
2009-07-10 16:30 . 2009-07-14 22:35 -------- d-----w- c:\documents and settings\ArnoVL\Application Data\DivX

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 12:53 . 2009-02-08 00:23 -------- d-----w- c:\program files\RSSoft
2009-08-09 10:36 . 2009-03-01 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-08 23:34 . 2009-02-18 13:04 -------- d-----w- c:\documents and settings\ArnoVL\Application Data\Xfire
2009-08-08 23:34 . 2009-01-30 16:12 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-08 23:32 . 2009-01-31 14:55 -------- d-----w- c:\program files\System
2009-08-08 17:40 . 2009-02-03 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-08 10:33 . 2009-01-30 16:25 18408 ----a-w- c:\documents and settings\ArnoVL\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-07 10:57 . 2009-02-18 13:04 -------- d-----w- c:\program files\Xfire
2009-08-06 20:31 . 2009-08-04 00:07 1386 ----a-w- c:\documents and settings\ArnoVL\Application Data\filterclsid.dat
2009-08-01 15:11 . 2009-02-04 14:27 -------- d-----w- c:\documents and settings\ArnoVL\Application Data\Nero
2009-08-01 15:11 . 2009-02-04 14:27 -------- d-----w- c:\program files\NeroPortable
2009-08-01 11:03 . 2009-02-05 15:49 -------- d-----w- c:\documents and settings\ArnoVL\Application Data\GrabIt
2009-08-01 01:07 . 2009-02-28 01:14 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 17:38 . 2009-01-30 15:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-15 18:26 . 2009-06-09 15:40 -------- d---a-w- c:\program files\Portable Microsoft Office 2003 - Word und Excel
2009-07-13 22:03 . 2009-03-29 17:56 -------- d-----w- c:\program files\Cheat Engine
2009-07-12 15:57 . 2009-02-24 11:39 -------- d-----w- c:\documents and settings\ArnoVL\Application Data\FileZilla
2009-07-10 11:08 . 2009-07-10 11:03 -------- d-----w- c:\program files\PC Satellite TV
2009-07-10 09:51 . 2009-01-31 15:20 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-09 17:43 . 2009-03-06 22:00 -------- d-----w- c:\program files\Maanrag
2009-07-08 22:00 . 2009-02-02 15:23 -------- d-----w- c:\program files\PokerStars
2009-07-07 22:48 . 2009-07-07 22:48 -------- d-----w- c:\program files\DivX
2009-07-07 22:48 . 2009-07-07 22:48 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-07 01:23 . 2009-07-07 01:23 40 ----a-w- C:\shutdown.bat
2009-07-01 20:56 . 2009-07-01 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-01 20:54 . 2009-07-01 20:54 -------- d-----w- c:\program files\QuickTime
2009-07-01 14:28 . 2009-07-01 14:26 -------- d-----w- c:\documents and settings\ArnoVL\Application Data\BonkEnc
2009-07-01 14:25 . 2009-07-01 14:25 -------- d-----w- c:\program files\BonkEnc
2009-06-30 10:58 . 2009-06-21 16:04 -------- d-----w- c:\documents and settings\ArnoVL\Application Data\Image Zone Express
2009-06-29 16:01 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:01 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:01 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-28 16:39 . 2009-03-03 18:35 -------- d-----w- c:\program files\PhotoScape
2009-06-26 23:13 . 2009-04-24 20:36 -------- d-----w- c:\program files\JDownloader
2009-06-26 09:31 . 2009-01-31 15:20 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-26 09:31 . 2009-01-31 15:20 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-25 21:50 . 2009-06-25 21:50 488960 ----a-w- c:\documents and settings\ArnoVL\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv302-0811070-0-main.dll
2009-06-25 21:50 . 2009-06-25 21:50 319488 ----a-w- c:\documents and settings\ArnoVL\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
2009-06-23 10:01 . 2009-06-23 10:01 -------- d-----w- c:\program files\MSXML 4.0
2009-06-21 19:45 . 2009-06-21 19:45 -------- d-----w- c:\documents and settings\ArnoVL\Application Data\HP
2009-06-21 16:03 . 2009-06-21 16:03 18016 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-21 16:03 . 2009-06-21 16:03 -------- d-----w- c:\documents and settings\LocalService\Application Data\HP
2009-06-21 16:03 . 2009-06-21 15:56 120509 ----a-w- c:\windows\hpoins11.dat
2009-06-21 16:02 . 2009-06-21 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-06-21 16:02 . 2009-06-21 16:02 -------- d-----w- c:\program files\Common Files\HP
2009-06-21 16:02 . 2009-06-21 15:58 -------- d-----w- c:\program files\HP
2009-06-21 16:00 . 2009-06-21 16:00 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-21 16:00 . 2009-06-21 16:00 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-06-20 20:57 . 2009-06-20 19:31 -------- d-----w- c:\documents and settings\ArnoVL\Application Data\mIRC
2009-06-20 19:31 . 2009-06-20 19:31 -------- d-----w- c:\program files\mIRC
2009-06-18 08:56 . 2009-06-18 08:56 1878984 ----a-w- c:\documents and settings\ArnoVL\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 12:56 . 2009-06-16 12:53 -------- d-----w- c:\program files\Windows Audio Recorder Professional
2009-06-15 23:52 . 2009-02-20 19:14 8 ---ha-w- c:\windows\system32\adb.dat
2009-06-15 22:41 . 2009-02-20 18:53 -------- d-----w- c:\documents and settings\ArnoVL\Application Data\AviDvdBurner
2009-06-15 10:00 . 2009-06-15 10:00 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-14 13:52 . 2004-08-04 12:00 76582 ----a-w- c:\windows\system32\perfc013.dat
2009-06-14 13:52 . 2004-08-04 12:00 455614 ----a-w- c:\windows\system32\perfh013.dat
2009-06-14 13:50 . 2009-06-14 13:50 -------- d-----w- c:\program files\TI Education
2009-06-14 13:50 . 2009-06-14 13:50 -------- d-----w- c:\program files\Common Files\TI Shared
2009-06-14 13:49 . 2009-02-25 10:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-12 21:27 . 2009-06-12 21:27 91 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\uninst2.bat
2009-06-12 21:27 . 2009-06-12 21:27 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstWA\unins000.exe
2009-06-12 21:27 . 2009-06-12 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Last.fm
2009-06-12 21:26 . 2009-06-12 21:15 -------- d-----w- c:\documents and settings\ArnoVL\Application Data\Winamp
2009-06-12 21:18 . 2009-06-12 21:15 -------- d-----w- c:\program files\Winamp
2009-06-11 21:16 . 2009-06-11 21:16 -------- d-----w- c:\program files\Last.fm
2009-06-10 19:14 . 2009-06-10 19:14 -------- d-----w- c:\program files\URUSoft
2009-06-10 16:03 . 2009-06-10 16:03 -------- d-----w- c:\program files\Advanced Batch Converter
2009-06-10 16:00 . 2009-06-10 15:51 -------- d-----w- c:\documents and settings\ArnoVL\Application Data\RCP 5
2009-06-10 15:59 . 2009-06-10 15:59 -------- d-----w- c:\program files\UIC Phoenxsoftware
2009-06-10 15:51 . 2009-06-10 15:51 -------- d-----w- c:\program files\ReaConverter 5.5 Pro
2009-06-04 16:00 . 2009-06-04 16:00 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.459\English\setup.exe
2009-06-03 19:27 . 2004-08-04 12:00 1294848 ----a-w- c:\windows\system32\quartz.dll
2009-05-24 12:36 . 2009-02-27 14:25 138168 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-24 12:36 . 2009-02-27 14:25 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-24 12:31 . 2009-02-27 14:25 189472 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 09:06 . 2009-08-04 00:23 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-08-04 00:23 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-08-04 00:23 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-08_23.34.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-09 10:35 . 2009-08-09 10:35 16384 c:\windows\Temp\Perflib_Perfdata_614.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Red Swoosh"="c:\program files\RSSoft\RedSwoosh.exe" [2007-02-27 62436]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"Google Update"="c:\documents and settings\ArnoVL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-18 133104]
"scheduler_monitor"="c:\program files\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 27136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-26 1948440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-24 148888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-17 61440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-22 37888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-13 16857600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\ArnoVL\Menu Start\Programma's\Opstarten\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-7-24 3191696]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-26 09:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ddpoker3\\ddpoker.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\ArnoVL\\Mijn documenten\\samp server\\samp-server.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\ArnoVL\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\EA Games\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Documents and Settings\\ArnoVL\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Documents and Settings\\ArnoVL\\Mijn documenten\\senc_02\\steam\\steamapps\\virtualuser\\sourcesdk\\bin\\orangebox\\bin\\vvis.exe"=
"c:\\Program Files\\EA Games\\Battlefield 2\\Bf2_w32ded.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [31/01/2009 17:20 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31/01/2009 17:20 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [31/01/2009 17:19 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [31/01/2009 17:19 298776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/04/2009 1:13 24652]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [30/01/2009 18:19 93696]
S2 gupdate1c99a8e877ae50a;Google Updateservice (gupdate1c99a8e877ae50a);c:\program files\Google\Update\GoogleUpdate.exe [1/03/2009 18:55 133104]
S3 cpuz130;cpuz130;\??\c:\docume~1\ArnoVL\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ArnoVL\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [30/11/2007 11:27 558592]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
Inhoud van de 'Gedeelde Taken' map

2009-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-08-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-01 22:03]

2009-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 16:55]

2009-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 16:55]

2009-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-261903793-725345543-1004Core.job
- c:\documents and settings\ArnoVL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-18 14:31]

2009-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-261903793-725345543-1004UA.job
- c:\documents and settings\ArnoVL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-18 14:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://google.mini20.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 195.18.93.109:80
FF - ProfilePath - c:\documents and settings\ArnoVL\Application Data\Mozilla\Firefox\Profiles\geqxpy07.default\
FF - component: c:\documents and settings\ArnoVL\Application Data\Mozilla\Firefox\Profiles\geqxpy07.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\ArnoVL\Application Data\Mozilla\Firefox\Profiles\geqxpy07.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\ArnoVL\Application Data\Mozilla\Firefox\Profiles\geqxpy07.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\documents and settings\ArnoVL\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-09 16:30
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-299502267-261903793-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{754FF845-1AB3-ED00-C8CA-2704F2FD5BBB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eakhgganlm"=hex:66,61,65,69,66,6a,65,6c,67,70,63,6f,00,31
"dabinpan"=hex:64,62,6f,66,6a,69,6f,6e,6c,6e,62,6f,61,61,61,6b,62,6d,6f,6f,6a,
65,65,6e,6e,68,6c,6e,69,61,66,61,66,6f,68,6e,64,68,70,6d,00,00

[HKEY_USERS\S-1-5-21-299502267-261903793-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0DFB2F3-B3E7-BE75-DEC4-90EF334E27D0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ablnaoogkdjgmomkabjbimkhegcggmgple"=hex:61,61,00,00
"bblnaoogkdjgmomkabkphnnmnmddegpopnch"=hex:61,61,00,00
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2792)
c:\program files\Xfire\xfire_toucan_38312.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msi.dll
.
Voltooingstijd: 2009-08-09 16:30
ComboFix-quarantined-files.txt 2009-08-09 14:30
ComboFix2.txt 2009-08-08 23:37

Pre-Run: 89.034.350.592 bytes beschikbaar
Post-Run: 88.994.332.672 bytes beschikbaar

297 --- E O F --- 2009-08-01 01:01

-Hijackthis fix selected;
I only found the first 3 lines, and they are fixed. New Hijackthis log;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06:58, on 9/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\RSSoft\RedSwoosh.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Xfire\Xfire.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Last.fm\LastFM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ArnoVL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updateservice (gupdate1c99a8e877ae50a) (gupdate1c99a8e877ae50a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6455 bytes


Malwarebytes log;

Malwarebytes' Anti-Malware 1.40
Database versie: 2586
Windows 5.1.2600 Service Pack 2

9/08/2009 17:33:51
mbam-log-2009-08-09 (17-33-51).txt

Scan type: Volledige Scan (C:\|)
Objecten gescand: 192001
Verstreken tijd: 24 minute(s), 21 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Arno
Active Member
 
Posts: 11
Joined: July 14th, 2009, 9:47 am

Re: Browsers don't work properly

Unread postby Bob4 » August 9th, 2009, 1:01 pm

I see that Viewpoint is installed.

Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". In 2006, this may change, read Viewpoint to Plunge Into Adware.

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
If AOL is present, to prevent it from being recreated every time you run the AOL software:
  • Open AOL
  • Go to Help on the toolbar
  • Select About AOL
  • Hit Ctrl D and a secret panel can be accessed which will allow you to disable all desktop and IM features associated with Viewpoint.
Another way to prevent Viewpoint from being recreated every time you run the AOL software is:
  • Click C:\Program Files\AOL 9.0\Jiti (a hidden folder).
  • Rename viewpoint.exe to viewpoint.old.
This is the item to fix in HijackThis.


_______________________________________

How do things seem now ?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Browsers don't work properly

Unread postby Arno » August 9th, 2009, 2:40 pm

Removed Viewpoint Media Player (that's the only viewpoint software there was) , but the browser problem is still there. :(

Edit: Also removed Redswoosh, apparently another P2P program
Arno
Active Member
 
Posts: 11
Joined: July 14th, 2009, 9:47 am

Re: Browsers don't work properly

Unread postby Bob4 » August 10th, 2009, 3:01 pm

I assume it's your internet connection that;s still acting up ?

OK we'll look a bit further. If I can't find any malware causing this issue I may just recommend you to a forum more appropriate for this type of issue. But the first thing they will ask is have you been checked for malware. So let's get that done.

_____________________________________________
  • Download Random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

This log will also produce a Hijackthis log so NO reason to post one of those.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Browsers don't work properly

Unread postby Arno » August 10th, 2009, 7:59 pm

Yes, still my internet connection.

Info.txt:
info.txt logfile of random's system information tool 1.06 2009-08-11 01:55:08

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
36-image converter-->C:\Program Files\UIC Phoenxsoftware\36-image converter\Uninstal.exe
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Abbey Roadv3 Screen Saver-->C:\Documents and Settings\All Users\Application Data\Softdisk LLC\Screen Saver Studio\Abbey Roadv3\UNINSTAL.EXE
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Advanced Batch Converter-->C:\Program Files\Advanced Batch Converter\uninstall.exe
AIM 6-->C:\Program Files\AIM6\uninst.exe
Alex Buturuga - Muti ID3 Tag Editor 1.3b1-->"C:\Program Files\Alex Buturuga\Muti ID3 Tag Editor\uninstall.exe"
Alldj DVD To AVI Converter 3.0-->"C:\Program Files\Alldj_DVD_To_AVI\unins000.exe"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
ATI Problem Report Wizard-->MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AudioShell 1.3.5-->"C:\Program Files\AudioShell\unins000.exe"
Audiosurf-->"C:\Program Files\Steam\steam.exe" steam://uninstall/12900
AutoUnpack 4.5.2-->"C:\Program Files\AutoUnpack\unins000.exe"
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AVI DVD Burner 2008 v5.1.0.22-->"C:\Program Files\AviDvdBurner\unins000.exe"
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x13 -removeonly
Beveiligingsupdate for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Beveiligingsupdate for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Beveiligingsupdate voor Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
BF2 Editor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24E85B9C-6E60-4723-89CC-71B66881A020}\setup.exe" -l0x9 -removeonly
Camtasia Studio 6-->MsiExec.exe /I{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Cheat Engine 5.4-->"C:\Program Files\Cheat Engine\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
dBpoweramp Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
DD Poker 3 -->C:\Program Files\ddpoker3\uninstall.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DriveImage XML (Private Edition)-->"C:\Program Files\Runtime Software\DriveImage XML\Uninstall.exe" "C:\Program Files\Runtime Software\DriveImage XML\install.log" -u
DVD Region+CSS Free 5.9.8.5-->"C:\Program Files\DVD Region+CSS Free\unins000.exe"
DyynoPlayer 0.8.6f.2-->C:\Program Files\Dyyno\Dyyno Player\uninstall.exe
FairStars Audio Converter Pro 1.02-->"C:\Program Files\FairStars Audio Converter Pro\unins000.exe"
FileZilla Client 3.2.2.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FormatFactory 1.70-->C:\Program Files\FormatFactory\uninst.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Free Word/Doc Txt to Image Jpg/Jpeg Bmp Tiff Png Converter 5.6-->"C:\Program Files\Free Word-Doc Txt to Image Jpg-Jpeg Bmp Tiff Png Converter\unins000.exe"
FreeCall-->"C:\Program Files\FreeCall.com\FreeCall\unins000.exe"
Futuremark SystemInfo-->"C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GrabIt 1.7.2 Beta 3 (build 996)-->"C:\Program Files\GrabIt\unins000.exe"
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
K-Lite Mega Codec Pack 4.2.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Last.fm 1.5.4.24567-->"C:\Program Files\Last.fm\unins000.exe"
Magic FLAC to MP3 Converter 3.71-->"C:\Program Files\FLAC to MP3 Converter\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
MessengerDiscovery 1.5.0800-->"C:\Program Files\MessengerDiscovery\unins000.exe"
MessengerDiscovery 2.0.44-->"C:\Program Files\MessengerDiscovery 2\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0413-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988}
MKV TO AVI CONVERTER version 3.2-->"C:\Program Files\MKVTOAVI\unins000.exe"
MKV To AVI With Subtitle version 1.0-->"C:\Program Files\mkvtoavis\unins000.exe"
Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Repair Tool v1.5.2-->"C:\Program Files\Aspect one\MP3 Repair Tool\unins000.exe"
Mp3tag v2.42-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MTA: Race for San Andreas 1.1.1-->C:\Program Files\MTA San Andreas\Uninstall.exe
NewsLeecher v3.9 Final-->"C:\Program Files\NewsLeecher\unins000.exe"
NVIDIA PhysX v8.10.17-->MsiExec.exe /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
PFConfig 1.0.163-->C:\Program Files\PFConfig\uninst.exe
PFPortChecker 1.0.28-->C:\Program Files\PFPortChecker\uninst.exe
PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Quake Live Mozilla Plugin-->MsiExec.exe /I{0B533F34-22BA-4301-BAF8-EA1CEDB06F9E}
QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
ReaConverter 5.5 Pro-->"C:\Program Files\ReaConverter 5.5 Pro\unins000.exe"
Real Alternative 1.9.0-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x13 -removeonly
River Past Crazi Video Pro-->C:\WINDOWS\Crazi Video Pro Uninstaller.exe
SABnzbd (remove only)-->"C:\Program Files\SABnzbd\uninstall.exe"
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0013 -removeonly
Satellite TV for PC-->"C:\Program Files\PC Satellite TV\unins000.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Spotify-->"C:\Program Files\Spotify\uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Subtitle Workshop 2.51-->"C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
SUPER © Version 2009.bld.36 (June 10, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SyncBack-->"C:\Program Files\2BrightSparks\SyncBack\unins000.exe"
TI Connect 1.6-->MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Update voor Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update voor Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update voor Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update voor Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Audio Recorder Professional 4.53-->"C:\Program Files\Windows Audio Recorder Professional\unins000.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live - Hulpprogramma voor uploaden-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live aanmeldhulp-->MsiExec.exe /I{1BD6AE96-4742-4498-9D03-9451C7E5A214}
Windows Live Call-->MsiExec.exe /I{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{3CDAFDF9-A993-4B64-8D9B-36253D9C0DC9}
Windows Live Messenger-->MsiExec.exe /X{1A38EBE5-08BD-4E0D-AAB9-0DFECACE108B}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows-stuurprogrammapakket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\shpacm.inf
Windows-stuurprogrammapakket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpusb_558D416BCEB984F35885804D3E1A9C3773F1B17C\shpusb.inf
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wondershare DVD Ripper Platinum(Build 4.0.2.17)-->"C:\Program Files\Wondershare\DVD Ripper Platinum\unins000.exe"
World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

=====HijackThis Backups=====

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2009-08-09]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.18.93.109:80 [2009-08-09]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini20.com [2009-08-09]

======Security center information======

AV: AVG Anti-Virus Free (disabled)

======System event log======

Computer Name: ARNO
Event Code: 1005
Message: De computer heeft ontdekt dat het IP-adres 192.168.1.2 voor de netwerkkaart met het netwerkadres
002185189570 reeds in gebruik is op het netwerk. De computer zal automatisch proberen
om een ander adres te krijgen.

Record Number: 8363
Source Name: Dhcp
Time Written: 20090622131651.000000+120
Event Type: warning
User:

Computer Name: ARNO
Event Code: 2504
Message: De server kan geen verbinding maken met transport \Device\NetBT_Tcpip_{2777F4C0-82DD-41EB-A519-2DD02A240C01}.

Record Number: 8362
Source Name: Server
Time Written: 20090622123608.000000+120
Event Type: warning
User:

Computer Name: ARNO
Event Code: 2504
Message: De server kan geen verbinding maken met transport \Device\NetBT_Tcpip_{2777F4C0-82DD-41EB-A519-2DD02A240C01}.

Record Number: 8361
Source Name: Server
Time Written: 20090622123558.000000+120
Event Type: warning
User:

Computer Name: ARNO
Event Code: 2505
Message: De server kan geen binding tot stand brengen met transport \Device\NetbiosSmb omdat een andere computer op het netwerk dezelfde naam heeft. De server kan niet worden gestart.

Record Number: 8360
Source Name: Server
Time Written: 20090622123549.000000+120
Event Type: error
User:

Computer Name: ARNO
Event Code: 2504
Message: De server kan geen verbinding maken met transport \Device\NetBT_Tcpip_{2777F4C0-82DD-41EB-A519-2DD02A240C01}.

Record Number: 8359
Source Name: Server
Time Written: 20090622123549.000000+120
Event Type: warning
User:

=====Application event log=====

Computer Name: ARNO
Event Code: 7
Message:
Record Number: 1931
Source Name: WindowsLiveMessenger
Time Written: 20090525165108.000000+120
Event Type: error
User:

Computer Name: ARNO
Event Code: 7
Message:
Record Number: 1930
Source Name: WindowsLiveMessenger
Time Written: 20090525165108.000000+120
Event Type: error
User:

Computer Name: ARNO
Event Code: 1517
Message: Windows heeft het register van gebruiker ARNO\ArnoVL opgeslagen hoewel een toepassing of service tijdens de afmelding van het register gebruikmaakte. Het geheugen voor het register is niet volledig beschikbaar. Het register wordt uit het register verwijderd wanneer het niet langer in gebruik is.


Dit wordt mogelijk veroorzaakt door services die als een gebruikersaccount actief zijn. Probeer om de services zodanig te configureren dat deze als LocalService- of NetworkService-account worden gestart.

Record Number: 1919
Source Name: Userenv
Time Written: 20090525003923.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ARNO
Event Code: 1517
Message: Windows heeft het register van gebruiker ARNO\ArnoVL opgeslagen hoewel een toepassing of service tijdens de afmelding van het register gebruikmaakte. Het geheugen voor het register is niet volledig beschikbaar. Het register wordt uit het register verwijderd wanneer het niet langer in gebruik is.


Dit wordt mogelijk veroorzaakt door services die als een gebruikersaccount actief zijn. Probeer om de services zodanig te configureren dat deze als LocalService- of NetworkService-account worden gestart.

Record Number: 1908
Source Name: Userenv
Time Written: 20090524155948.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ARNO
Event Code: 1000
Message: Vastgelopen toepassing: bf2editor.exe, versie: 1.0.0.1, vastgelopen module: editorengine.dll, versie: 0.0.0.0, vastgelopen op: 0x004db4fc.

Record Number: 1907
Source Name: Application Error
Time Written: 20090524151842.000000+120
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\DivX Shared;C:\Program Files\Samsung\Samsung PC Studio 3
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

log.txt:
Logfile of random's system information tool 1.06 (written by random/random)
Run by ArnoVL at 2009-08-11 01:56:14
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 84 GB (18%) free of 477 GB
Total RAM: 3071 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:56:25, on 11/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\MessengerDiscovery 2\MessengerDiscovery 2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ArnoVL\Mijn documenten\GrabIt Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\ArnoVL.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ArnoVL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updateservice (gupdate1c99a8e877ae50a) (gupdate1c99a8e877ae50a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe

--
End of file - 6544 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-261903793-725345543-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-261903793-725345543-1004UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-02 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Aanmelden - Help - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-26 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-24 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-24 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-26 1948440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-24 148888]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-03-17 61440]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-04-22 37888]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
"Google Update"=C:\Documents and Settings\ArnoVL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-18 133104]
"scheduler_monitor"=C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe [2007-06-15 27136]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\ArnoVL\Menu Start\Programma's\Opstarten
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-03-16 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-06-26 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"AllowLegacyWebView"=
"AllowUnhashedWebView"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe"="C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe"="C:\Program Files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\ddpoker3\ddpoker.exe"="C:\Program Files\ddpoker3\ddpoker.exe:*:Enabled:http://www.ddpoker.com/"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\ArnoVL\Mijn documenten\samp server\samp-server.exe"="C:\Documents and Settings\ArnoVL\Mijn documenten\samp server\samp-server.exe:*:Enabled:samp-server"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Documents and Settings\ArnoVL\Local Settings\Application Data\Dyyno Receiver\DPPM.exe"="C:\Documents and Settings\ArnoVL\Local Settings\Application Data\Dyyno Receiver\DPPM.exe:*:Enabled:Dyyno Plugin Receiver"
"C:\Program Files\Spotify\spotify.exe"="C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall"
"C:\Program Files\EA Games\Battlefield 2\BF2.exe"="C:\Program Files\EA Games\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\PFPortChecker\PFPortChecker.exe"="C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded."
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Documents and Settings\ArnoVL\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\ArnoVL\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\ArnoVL\Mijn documenten\senc_02\steam\steamapps\virtualuser\sourcesdk\bin\orangebox\bin\vvis.exe"="C:\Documents and Settings\ArnoVL\Mijn documenten\senc_02\steam\steamapps\virtualuser\sourcesdk\bin\orangebox\bin\vvis.exe:*:Enabled:vvis"
"C:\Program Files\EA Games\Battlefield 2\Bf2_w32ded.exe"="C:\Program Files\EA Games\Battlefield 2\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded"
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-08-11 01:55:06 ----D---- C:\rsit
2009-08-09 22:27:32 ----SHD---- C:\RECYCLER
2009-08-09 16:30:50 ----A---- C:\ComboFix.txt
2009-08-09 16:25:46 ----A---- C:\WINDOWS\zip.exe
2009-08-09 16:25:46 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-08-09 16:25:46 ----A---- C:\WINDOWS\SWSC.exe
2009-08-09 16:25:46 ----A---- C:\WINDOWS\SWREG.exe
2009-08-09 16:25:46 ----A---- C:\WINDOWS\sed.exe
2009-08-09 16:25:46 ----A---- C:\WINDOWS\PEV.exe
2009-08-09 16:25:46 ----A---- C:\WINDOWS\grep.exe
2009-08-09 01:30:02 ----A---- C:\Boot.bak
2009-08-09 01:29:58 ----RASHD---- C:\cmdcons
2009-08-09 01:28:44 ----A---- C:\WINDOWS\NIRCMD.exe
2009-08-09 01:19:01 ----D---- C:\WINDOWS\ERDNT
2009-08-09 01:18:39 ----D---- C:\Qoobox
2009-08-08 19:34:38 ----D---- C:\Program Files\CCleaner
2009-08-07 22:56:00 ----D---- C:\Documents and Settings\ArnoVL\Application Data\fltk.org
2009-08-07 00:51:56 ----D---- C:\Program Files\IrfanView
2009-08-04 02:24:08 ----A---- C:\WINDOWS\system32\devil.dll
2009-08-04 02:24:08 ----A---- C:\WINDOWS\system32\avisynth.dll
2009-08-04 02:24:07 ----D---- C:\Program Files\AviSynth 2.5
2009-08-04 02:24:07 ----A---- C:\WINDOWS\system32\i420vfw.dll
2009-08-04 02:23:45 ----RSH---- C:\WINDOWS\system32\nbDX.dll
2009-08-04 02:23:45 ----RSH---- C:\WINDOWS\system32\msfDX.dll
2009-08-04 02:23:45 ----RSH---- C:\WINDOWS\system32\flvDX.dll
2009-08-04 02:23:44 ----D---- C:\Program Files\eRightSoft
2009-08-01 12:57:33 ----D---- C:\Program Files\NewsLeecher
2009-08-01 00:27:38 ----D---- C:\Documents and Settings\ArnoVL\Application Data\VitySoft
2009-07-31 19:46:36 ----D---- C:\ConvertTemp
2009-07-31 19:46:16 ----D---- C:\Documents and Settings\ArnoVL\Application Data\Samsung
2009-07-31 19:38:52 ----A---- C:\WINDOWS\system32\framedyn.dll
2009-07-31 19:38:40 ----D---- C:\Program Files\DIFX
2009-07-31 19:38:36 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2009-07-31 19:38:13 ----D---- C:\Program Files\Samsung
2009-07-24 03:57:06 ----A---- C:\WINDOWS\system32\xfcodec.dll
2009-07-15 21:11:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 21:11:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 21:11:38 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-15 00:28:01 ----D---- C:\Documents and Settings\ArnoVL\Application Data\AccurateRip
2009-07-15 00:28:00 ----A---- C:\WINDOWS\system32\SpoonUninstall.exe
2009-07-15 00:27:58 ----D---- C:\Program Files\Illustrate
2009-07-14 23:56:24 ----D---- C:\mp3backup
2009-07-14 23:37:29 ----D---- C:\Documents and Settings\ArnoVL\Application Data\FairStars Audio Converter Pro
2009-07-14 23:36:56 ----D---- C:\Program Files\FairStars Audio Converter Pro
2009-07-14 23:22:43 ----D---- C:\Program Files\FLAC to MP3 Converter
2009-07-14 15:45:38 ----D---- C:\Program Files\Trend Micro
2009-07-14 13:59:07 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

======List of files/folders modified in the last 1 months======

2009-08-11 01:55:20 ----D---- C:\WINDOWS\Prefetch
2009-08-11 00:42:43 ----D---- C:\Documents and Settings\ArnoVL\Application Data\FileZilla
2009-08-10 23:22:54 ----D---- C:\Program Files\Mozilla Firefox
2009-08-10 17:02:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-10 14:32:03 ----D---- C:\Documents and Settings\ArnoVL\Application Data\Thinstall
2009-08-10 13:48:10 ----SD---- C:\WINDOWS\Tasks
2009-08-10 13:37:11 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-08-10 13:35:57 ----D---- C:\WINDOWS\Temp
2009-08-10 13:34:04 ----D---- C:\WINDOWS\system32
2009-08-09 23:53:14 ----RD---- C:\Program Files
2009-08-09 17:42:37 ----D---- C:\Muziek
2009-08-09 17:08:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-09 17:08:09 ----D---- C:\WINDOWS\system32\drivers
2009-08-09 16:30:05 ----AD---- C:\WINDOWS
2009-08-09 16:30:05 ----A---- C:\WINDOWS\system.ini
2009-08-09 16:29:21 ----D---- C:\WINDOWS\AppPatch
2009-08-09 16:29:13 ----D---- C:\Program Files\Common Files
2009-08-09 16:26:05 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-09 01:36:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-09 01:34:57 ----D---- C:\Documents and Settings\ArnoVL\Application Data\Xfire
2009-08-09 01:32:32 ----D---- C:\WINDOWS\system32\config
2009-08-09 01:32:19 ----D---- C:\Program Files\System
2009-08-09 01:30:02 ----RASH---- C:\boot.ini
2009-08-08 19:40:26 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-08 19:40:07 ----D---- C:\WINDOWS\Debug
2009-08-08 03:48:37 ----A---- C:\WINDOWS\wininit.ini
2009-08-08 03:36:06 ----RSD---- C:\WINDOWS\Fonts
2009-08-07 12:57:59 ----D---- C:\Program Files\Xfire
2009-08-05 12:38:52 ----HD---- C:\$AVG8.VAULT$
2009-08-01 17:11:15 ----D---- C:\Program Files\NeroPortable
2009-08-01 17:11:15 ----D---- C:\Documents and Settings\ArnoVL\Application Data\Nero
2009-08-01 13:03:38 ----D---- C:\Documents and Settings\ArnoVL\Application Data\GrabIt
2009-08-01 03:07:30 ----D---- C:\Program Files\Microsoft Silverlight
2009-08-01 03:01:14 ----HD---- C:\WINDOWS\inf
2009-08-01 03:01:08 ----D---- C:\WINDOWS\system32\nl-nl
2009-08-01 03:01:08 ----D---- C:\Program Files\Internet Explorer
2009-08-01 03:00:39 ----HD---- C:\Config.Msi
2009-08-01 03:00:38 ----SHD---- C:\WINDOWS\Installer
2009-08-01 03:00:32 ----D---- C:\WINDOWS\WinSxS
2009-07-31 19:40:36 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-31 19:38:40 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-31 19:38:13 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-31 18:22:40 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-19 15:33:06 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 15:33:04 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-15 20:26:24 ----AD---- C:\Program Files\Portable Microsoft Office 2003 - Word und Excel
2009-07-15 00:35:59 ----D---- C:\Documents and Settings\ArnoVL\Application Data\DivX
2009-07-14 00:03:55 ----D---- C:\Program Files\Cheat Engine

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-10 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-26 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-06 108552]
R1 intelppm;Intel GV3-processorstuurprogramma; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40192]
R1 kbdhid;Stuurprogramma voor toetsenbord-HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-07-31 5632]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-03-16 3597312]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-08-06 93696]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class-stuurprogramma; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
R3 mouhid;Stuurprogramma voor muis-HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12288]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 a02dc3vy;a02dc3vy; C:\WINDOWS\system32\drivers\a02dc3vy.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ArnoVL\LOCALS~1\Temp\catchme.sys []
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\ArnoVL\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 TIEHDUSB;TIEHDUSB; C:\WINDOWS\system32\drivers\tiehdusb.sys [2004-02-04 49536]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Stuurprogramma voor USB-scanner; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Stuurprogramma voor USB-massaopslag; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-03-16 602112]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-10 907032]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-26 298776]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-24 152984]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-24 75064]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-03-17 593920]
S2 gupdate1c99a8e877ae50a;Google Updateservice (gupdate1c99a8e877ae50a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-01 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 183280]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 rcp_service;ReaConverter scheduler service; C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe [2007-11-30 558592]

-----------------EOF-----------------
Arno
Active Member
 
Posts: 11
Joined: July 14th, 2009, 9:47 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 293 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware