Virus Porn.com removed

View previous topic View next topic Go down

Virus Porn.com removed

Post by d-sniper on 9th May 2010, 11:05 am

Hello I had a virus wich gave some alerts (security warning etc) which seemed to be anti-virus programs but they were actually fake. They also gave me pop ups from porn.com and similar websites. I removed them with Malwarebytes & Search + Destroy.

Now my computer works aagain but I am not sure if everything has been removed. Therefore I post a Hijack This log (I think that is what you need if I saw some similar topics?).

Thanks in advance for the help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:07:26, on 9-5-2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIAgent.exe
C:\Program Files (x86)\TechSmith\Jing\Jing.exe
C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
C:\Users\Rederij Vlaun\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\AirVideoServer\ffmpeg.exe
C:\Program Files (x86)\AirVideoServer\ffmpeg.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [GFI Backup 2009 - Home Edition] "C:\PROGRA~2\GFI\GFIBAC~1\GFIAgent.exe"
O4 - HKCU\..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe
O4 - HKCU\..\Run: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
O4 - HKCU\..\Run: [Canaveral] rundll32.exe C:\Users\REDERI~1\AppData\Local\Temp\sshnas21.dll,BackupReadW
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Rederij Vlaun\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GFI Backup 2009 - Home Edition Attendant Service (GFIBckHAtt) - GFI Software Ltd. - C:\PROGRA~2\GFI\GFIBAC~1\GFIHInst.exe
O23 - Service: GFI Backup 2009 - Home Edition Scheduler Service (GFIBckHSched) - GFI Software Ltd. - C:\PROGRA~2\GFI\GFIBAC~1\GFIHSC~1.EXE
O23 - Service: InterBase 7.5 Guardian gds_db (IBG_gds_db) - Borland Software Corporation - C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase 7.5 Server gds_db (IBS_gds_db) - Borland Software Corporation - C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11723 bytes

d-sniper
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-05-02
OS OS : Vista
Points Points : 24321
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Porn.com removed

Post by Belahzur on 9th May 2010, 2:46 pm

Hello.

  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [Canaveral] rundll32.exe C:\Users\REDERI~1\AppData\Local\Temp\sshnas21.dll,BackupReadW



  • Press "Fix Checked"
  • Close Hijack This.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus Porn.com removed

Post by d-sniper on 11th May 2010, 8:12 am

Thank you very much for your time and effort!
Below is the MBAM log as requested:

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Databaseversie: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

11-5-2010 10:09:00
mbam-log-2010-05-11 (10-09-00).txt

Scantype: Snelle scan
Objecten gescand: 116133
Verstreken tijd: 4 minuut/minuten, 57 seconde(n)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 0
Registerwaarden ge´nfecteerd: 0
Registerdata ge´nfecteerd: 0
Mappen ge´nfecteerd: 0
Bestanden ge´nfecteerd: 1

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden ge´nfecteerd:
C:\Users\[You must be registered and logged in to see this link.] (Malware.Trace) -> Quarantined and deleted successfully.

d-sniper
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-05-02
OS OS : Vista
Points Points : 24321
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Porn.com removed

Post by Belahzur on 11th May 2010, 7:25 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus Porn.com removed

Post by d-sniper on 11th May 2010, 8:44 pm

TL logfile created on: 11-5-2010 22:34:44 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Rederij Vlaun\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,07 Gb Total Space | 258,88 Gb Free Space | 57,39% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 7,46 Gb Free Space | 50,94% Space Free | Partition Type: NTFS
Drive E: | 2,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC_VAN_VLAUN
Current User Name: Rederij Vlaun
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-05-11 22:34:31 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Rederij Vlaun\Downloads\OTL.exe
PRC - [2010-05-10 00:20:06 | 000,390,952 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2010-05-07 11:35:09 | 001,238,352 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2010-03-30 16:26:40 | 003,036,424 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Jing\Jing.exe
PRC - [2010-03-19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010-03-05 17:32:28 | 001,135,912 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010-02-26 07:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Rederij Vlaun\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010-01-27 22:05:28 | 004,637,448 | ---- | M] () -- C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
PRC - [2010-01-19 20:53:19 | 004,058,808 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Pando Networks\Pando\Pando.exe
PRC - [2009-10-22 12:01:08 | 001,839,912 | ---- | M] (GFI Software Ltd.) -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIAgent.exe
PRC - [2009-10-22 12:01:06 | 000,440,616 | ---- | M] (GFI Software Ltd.) -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe
PRC - [2009-10-22 12:01:04 | 001,410,856 | ---- | M] (GFI Software Ltd.) -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe
PRC - [2009-08-17 23:59:28 | 000,408,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
PRC - [2009-07-21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009-07-18 05:12:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe
PRC - [2009-05-13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009-03-02 14:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008-10-20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2008-01-21 04:49:12 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2006-02-15 08:51:00 | 002,031,616 | ---- | M] (Borland Software Corporation) -- C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe
PRC - [2005-05-24 18:22:14 | 000,036,864 | ---- | M] (Borland Software Corporation) -- C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe


========== Modules (SafeList) ==========

MOD - [2010-05-11 22:34:31 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Rederij Vlaun\Downloads\OTL.exe
MOD - [2008-01-21 04:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008-01-21 04:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008-01-21 04:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009-04-23 01:56:34 | 000,211,968 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-03-16 20:59:20 | 000,268,288 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009-03-16 20:59:18 | 000,089,600 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008-01-21 04:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010-05-10 00:20:06 | 000,390,952 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010-03-19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009-10-22 12:01:06 | 000,440,616 | ---- | M] (GFI Software Ltd.) [Auto | Running] -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe -- (GFIBckHAtt)
SRV - [2009-10-22 12:01:04 | 001,410,856 | ---- | M] (GFI Software Ltd.) [Auto | Running] -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe -- (GFIBckHSched)
SRV - [2009-09-23 17:36:06 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009-07-21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009-05-13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008-10-20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008-07-27 20:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2006-11-02 15:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006-11-02 08:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006-11-02 08:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006-02-15 08:51:00 | 002,031,616 | ---- | M] (Borland Software Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe -- (IBS_gds_db)
SRV - [2005-05-24 18:22:14 | 000,036,864 | ---- | M] (Borland Software Corporation) [Auto | Running] -- C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe -- (IBG_gds_db)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009-12-11 10:02:14 | 000,074,880 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009-10-16 02:33:06 | 000,050,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009-05-18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-04-24 02:43:18 | 000,110,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009-04-23 04:57:44 | 005,209,600 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009-03-16 20:59:22 | 000,477,696 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008-12-27 02:05:00 | 000,318,656 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2008-11-26 15:02:18 | 000,158,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008-10-31 11:49:44 | 000,261,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008-06-26 07:40:20 | 004,735,488 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008-02-21 11:24:20 | 000,062,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008-01-21 04:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008-01-21 04:47:27 | 000,168,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo) USB-videoapparaat (WDM)
DRV:64bit: - [2008-01-21 04:47:04 | 000,098,816 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaudio.sys -- (usbaudio) Stuurprogramma voor USB-audio (WDM)
DRV:64bit: - [2008-01-21 04:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008-01-21 04:46:51 | 000,017,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2007-07-27 20:45:52 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007-07-26 21:33:54 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2006-11-02 07:28:10 | 000,273,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2006-09-18 23:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006-09-18 23:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =



O1 HOSTS File: ([2006-09-18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe ()
O4 - HKCU..\Run: [GFI Backup 2009 - Home Edition] C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIAgent.exe (GFI Software Ltd.)
O4 - HKCU..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Rederij Vlaun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rederij Vlaun\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} [You must be registered and logged in to see this link.] (WMI Class)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} [You must be registered and logged in to see this link.] (Image Uploader Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [You must be registered and logged in to see this link.] (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} [You must be registered and logged in to see this link.] (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rederij Vlaun\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rederij Vlaun\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004-05-01 00:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008-10-13 20:44:59 | 000,136,448 | R--- | M] (Sports Interactive) - E:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008-07-25 19:10:55 | 000,000,027 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{21db69a1-c24c-11de-8a25-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{21db69a1-c24c-11de-8a25-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2008-10-13 20:44:59 | 000,136,448 | R--- | M] (Sports Interactive)
O33 - MountPoints2\{2a4f47a0-c4fa-11de-a09a-d1f9368ca246}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{2a4f47a0-c4fa-11de-a09a-d1f9368ca246}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010-05-04 21:40:21 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010-05-02 22:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010-05-02 22:22:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010-05-02 22:17:56 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\spybotsd162.exe
[2010-05-02 21:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010-05-02 19:28:35 | 000,000,000 | ---D | C] -- C:\Users\Rederij Vlaun\AppData\Local\khkbjxoae
[2010-05-02 19:28:21 | 000,000,000 | ---D | C] -- C:\Users\Rederij Vlaun\AppData\Roaming\CD753D0DC0BA45744C451C39004F1BB4
[2010-04-27 23:04:45 | 000,000,000 | ---D | C] -- C:\Users\Rederij Vlaun\AppData\Roaming\skypePM
[2010-04-27 23:03:03 | 000,000,000 | ---D | C] -- C:\Users\Rederij Vlaun\AppData\Roaming\Skype
[2010-04-27 23:02:30 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010-04-27 23:02:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010-04-27 23:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010-04-23 15:50:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010-04-21 17:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010-04-21 17:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010-04-21 17:07:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010-04-21 17:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010-04-21 17:04:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010-04-21 17:03:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010-04-21 16:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010-04-21 16:59:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010-04-17 16:12:07 | 000,000,000 | ---D | C] -- C:\Users\Rederij Vlaun\AppData\Local\Microsoft Games
[2010-04-13 22:19:05 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010-04-13 22:18:59 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codeca.acm
[2010-04-13 20:59:32 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010-04-13 20:59:30 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll

========== Files - Modified Within 30 Days ==========

[2010-05-11 22:34:50 | 004,718,592 | -HS- | M] () -- C:\Users\Rederij Vlaun\NTUSER.DAT
[2010-05-11 20:43:58 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010-05-11 20:43:58 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010-05-11 19:25:48 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{70F481C1-8388-46F4-97CE-62A452A3C4E5}.job
[2010-05-11 18:51:36 | 001,471,570 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010-05-11 18:51:36 | 000,667,352 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2010-05-11 18:51:36 | 000,587,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010-05-11 18:51:36 | 000,126,854 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2010-05-11 18:51:36 | 000,101,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010-05-11 18:45:30 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010-05-11 18:43:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-05-11 18:43:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-05-11 10:12:58 | 000,524,288 | -HS- | M] () -- C:\Users\Rederij Vlaun\NTUSER.DAT{4560d5d6-c7dc-11de-9520-83b66e25bd70}.TMContainer00000000000000000001.regtrans-ms
[2010-05-11 10:12:58 | 000,065,536 | -HS- | M] () -- C:\Users\Rederij Vlaun\NTUSER.DAT{4560d5d6-c7dc-11de-9520-83b66e25bd70}.TM.blf
[2010-05-11 10:12:57 | 002,187,378 | -H-- | M] () -- C:\Users\Rederij Vlaun\AppData\Local\IconCache.db
[2010-05-11 09:47:17 | 000,002,575 | ---- | M] () -- C:\Users\Rederij Vlaun\Desktop\HiJackThis.lnk
[2010-05-06 11:45:09 | 000,072,704 | ---- | M] () -- C:\Users\Rederij Vlaun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-05-04 21:38:53 | 000,001,426 | ---- | M] () -- C:\Users\Rederij Vlaun\Desktop\DivX Movies.lnk
[2010-05-02 22:22:14 | 000,001,097 | ---- | M] () -- C:\Users\Rederij Vlaun\Desktop\Spybot - Search & Destroy.lnk
[2010-05-02 11:48:51 | 000,375,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010-04-29 15:39:28 | 000,024,664 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010-04-29 14:58:00 | 000,025,088 | ---- | M] () -- C:\Users\Rederij Vlaun\Documents\algemene voorwaarden Koninginnedag.doc
[2010-04-28 01:47:41 | 000,000,378 | ---- | M] () -- C:\Users\Rederij Vlaun\Documents\Afbeeldingen - Snelkoppeling.lnk
[2010-04-27 23:04:46 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010-04-27 23:02:30 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010-04-27 12:29:07 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010-04-23 15:50:21 | 500,138,096 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010-04-23 15:14:27 | 000,060,928 | ---- | M] () -- C:\Users\Rederij Vlaun\Documents\Test.doc

========== Files Created - No Company Name ==========

[2010-05-02 22:22:14 | 000,001,097 | ---- | C] () -- C:\Users\Rederij Vlaun\Desktop\Spybot - Search & Destroy.lnk
[2010-05-02 21:27:12 | 000,002,575 | ---- | C] () -- C:\Users\Rederij Vlaun\Desktop\HiJackThis.lnk
[2010-05-02 21:06:51 | 001,402,880 | ---- | C] () -- C:\HiJackThis.msi
[2010-04-29 14:58:00 | 000,025,088 | ---- | C] () -- C:\Users\Rederij Vlaun\Documents\algemene voorwaarden Koninginnedag.doc
[2010-04-28 01:47:41 | 000,000,378 | ---- | C] () -- C:\Users\Rederij Vlaun\Documents\Afbeeldingen - Snelkoppeling.lnk
[2010-04-27 23:04:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-04-27 23:02:30 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010-04-23 15:49:33 | 500,138,096 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010-04-23 15:14:27 | 000,060,928 | ---- | C] () -- C:\Users\Rederij Vlaun\Documents\Test.doc
[2010-04-13 22:19:36 | 001,420,688 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010-04-13 22:19:36 | 000,224,256 | ---- | C] () -- C:\Windows\SysNative\iphlpsvc.dll
[2010-04-13 22:19:36 | 000,029,696 | ---- | C] () -- C:\Windows\SysNative\drivers\tunnel.sys
[2010-04-13 22:19:14 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2010-04-13 22:19:14 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2010-04-13 22:19:14 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2010-04-13 22:19:10 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010-04-13 22:19:05 | 000,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2010-04-13 22:18:59 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm
[2010-04-13 20:59:32 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll
[2010-04-13 20:59:30 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll
[2010-01-25 12:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2009-12-02 15:06:54 | 000,327,168 | ---- | C] () -- C:\Windows\SysWow64\cutil32.dll
[2009-01-05 16:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008-09-16 02:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008-09-16 02:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest
[2008-01-21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008-01-21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >

d-sniper
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-05-02
OS OS : Vista
Points Points : 24321
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Porn.com removed

Post by d-sniper on 11th May 2010, 8:44 pm

OTL Extras logfile created on: 11-5-2010 22:34:44 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Rederij Vlaun\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,07 Gb Total Space | 258,88 Gb Free Space | 57,39% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 7,46 Gb Free Space | 50,94% Space Free | Partition Type: NTFS
Drive E: | 2,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC_VAN_VLAUN
Current User Name: Rederij Vlaun
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3EBFF5A0-EFD7-4D55-BDE7-9540019964FB}" = rport=445 | protocol=6 | dir=out | app=system |
"{6010D1D5-DB69-42C8-9C87-0F5D8A67400D}" = lport=138 | protocol=17 | dir=in | app=system |
"{64F8561F-5746-4F96-AAB7-6AA074FF584B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7C4E2471-4E2A-425F-A7EA-C346E91E366F}" = lport=137 | protocol=17 | dir=in | app=system |
"{890F72E7-336E-44BD-96DD-37CB402F853B}" = rport=139 | protocol=6 | dir=out | app=system |
"{9BA4A900-0DAD-4F0F-B803-634D5FD9E02B}" = rport=137 | protocol=17 | dir=out | app=system |
"{D9297D11-17C2-4FC6-88BB-D4C920D26BDA}" = lport=139 | protocol=6 | dir=in | app=system |
"{D940D68A-515C-40B1-84E7-312719FD5AA1}" = lport=445 | protocol=6 | dir=in | app=system |
"{D9FAD0E7-6EFB-40D1-A308-54D116652384}" = rport=138 | protocol=17 | dir=out | app=system |
"{EFAE5B1F-0D60-48E0-B07D-32175206E263}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FF046B19-6A22-4CC0-8115-65307A71E44F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0253F382-BC89-4B55-8805-B2975388C70E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{05C238E8-E15D-4511-B048-514B73152491}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\pando\pando.exe |
"{12FCC5AA-5736-45E9-ABB8-7BF06F8CD0DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{161AF4B7-0626-4450-BBB7-239B125E948B}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1846EDAD-D23A-4B13-864A-C033D85CD20E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{19C28641-17A6-4207-AA4D-F4552A25C780}" = dir=in | app=c:\program files (x86)\pando networks\pando\pando.exe |
"{1F139C53-1F49-40D6-96A6-08948FECD892}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{326867B0-06C3-4CB5-A474-E5D515142F18}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{34792F79-1DAF-4781-AEA3-D59C32C87048}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{38576ECB-E519-4A0D-8B62-56D04A9CA9E3}" = protocol=6 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2009\fm.exe |
"{3D0D0A64-02E2-4F04-846B-C070120239E3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{6115F9A4-6AE7-4141-A339-BA48CCE09E37}" = protocol=6 | dir=in | app=c:\program files (x86)\airvideoserver\airvideoserver.exe |
"{67899547-A440-432C-A8AC-9F838C8044E8}" = protocol=6 | dir=in | app=c:\program files (x86)\airvideoserver\airvideoserver.exe |
"{6A29F9E0-942A-4349-A7E0-993D2B4C57E2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7B903DB7-0097-4664-9DD0-5EB999723892}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{89998CD5-0BB3-4723-B89A-80CE1717ADA2}" = protocol=17 | dir=in | app=c:\users\rederij vlaun\appdata\roaming\dropbox\bin\dropbox.exe |
"{8F2457EC-92B1-4E15-B09B-76FB664A0640}" = protocol=6 | dir=out | app=c:\program files (x86)\airvideoserver\airvideoserver.exe |
"{90634D10-9C72-4AE5-A534-405943C104CA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2009\fm.exe |
"{9805B348-DC5A-4FEC-914D-15689A63DB65}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{9A64D90D-7EF3-4611-B830-EB66E5153895}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{A2AFD540-43A7-4C8C-83E8-93DDAC38344E}" = protocol=17 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2009\fm.exe |
"{AC21CE8A-13C4-49DE-BED5-169C1B4ABF4B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2009\fm.exe |
"{AF75D69E-61F7-4AF4-9F10-0306DFE8CF25}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BE85E9DF-A6CC-4760-8253-6B0BBF9FB7E5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BFE88936-09C8-4929-94FB-DE43FCAD75DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{C1CDB1FB-0160-4364-90A4-B9AA591D8CBA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{D293B54B-85B3-4AF7-AF42-E06C28E71BDE}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D5B6373F-F38D-4C1F-920E-6B9A34ACD166}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\pando\pando.exe |
"{DEA52836-A064-4E5C-BA70-C5ACE4D33850}" = protocol=17 | dir=in | app=c:\program files (x86)\airvideoserver\airvideoserver.exe |
"{E84DD236-AA97-44B7-AB4C-67BE8183D054}" = protocol=6 | dir=in | app=c:\users\rederij vlaun\appdata\roaming\dropbox\bin\dropbox.exe |
"{F3FAB5A3-BA41-40A5-AB44-F729A99AAE7B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{FD73C463-5DF5-4198-87FF-2F01C87284C4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{001054D3-D7CD-4667-BA9D-63A7D97B6478}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{0C9CC0D3-BCF8-4BB5-9BAE-8267019A47E1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{7766F6F8-D0CE-4209-B5A0-722F0A878CCE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{FAA87C5C-31D7-4B89-8C07-E9168E1F8682}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{5DCF7AEC-C6CD-4D65-9684-77CA8D2C22CB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{86171AC8-00E7-4248-AEA3-2DE624C41944}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{E975709A-972B-4E00-A4F9-F49C49573843}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{F944BC69-0289-4F10-9DA1-9CABD5AFCB4A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{1C89932F-1D9D-4776-AD7A-9156FF792539}" = Modem Diagnostics Tool
"{261F2A97-EF19-44F7-8040-78DC574CD22A}" = Software van Intel(R) PROSet/Wireless WiFi
"{3BF01555-70FC-426F-BA9E-F24758A987C9}" = Dell 5530 Wireless Broadband Package
"{4CE36E6A-300B-427C-BEC7-B261CC13814E}" = iTunes
"{538B8C10-1BA5-131D-4B4C-F07770926D06}" = ccc-utility64
"{877924AA-E044-4266-B37D-E974CD799934}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2007
"{949C04A7-B078-5738-4624-1C77E8CD409A}" = ATI Catalyst Install Manager
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CA4AF936-3312-4AF4-A191-527531490DCD}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Creative OA001" = Integrated Webcam Driver (1.05.02.1227)
"doPDF 6 printer_is1" = doPDF 6.3 printer
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Dell Touchpad
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06096D5E-09ED-9A82-6946-6568EBB7CB2C}" = Catalyst Control Center InstallProxy
"{0DF1DAD2-17FD-E64F-C6A2-A42D94474229}" = Skins
"{1C279CAE-F230-0255-0F19-634750A69747}" = CCC Help Portuguese
"{206936E5-73DF-07D8-29B6-34E802541EBB}" = CCC Help English
"{20D8E6B9-5E1A-4CE5-83D8-EF3626B6CEF9}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28D58BB6-06C3-49F3-3EF2-93F3158B6505}" = Catalyst Control Center Core Implementation
"{3180427D-DDE9-4704-A30F-B4C46CC29C41}" = Catalyst Control Center Graphics Full Existing
"{34E38BB7-98FD-03C2-13D1-B68789668CEE}" = CCC Help Italian
"{3BB37700-F05F-213F-FF1C-684698BAC17E}" = CCC Help Japanese
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 3.0.1.72
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46A869A1-3F59-44A4-64D7-120FE0057B2F}" = CCC Help German
"{49E5F021-4DA5-41A3-A893-0A9564D30264}" = Jing
"{4AF97226-2624-AD56-9003-E581DEB96E8C}" = CCC Help Korean
"{4DD386D7-8D6D-985B-418B-94BCA7CEDB8E}" = ccc-core-static
"{4EF8BE6A-899C-4196-94E7-297C5F7A203E}" = pdfforge Toolbar v1.1.1
"{4FC41915-5EFB-27A4-1C4B-B06DB9673CD7}" = CCC Help Spanish
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69535FEF-6533-8F4F-D96B-2C345D89617A}" = CCC Help Chinese Traditional
"{6CA2A34B-93EC-C934-8251-08960730AB69}" = CCC Help Danish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{739777CE-1678-65B2-B97E-C0E1545EECDF}" = Catalyst Control Center Graphics Light
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82E80931-6DFE-5E67-7C37-F66ABF135331}" = CCC Help Swedish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8ECD943A-0C75-CAD5-FC01-91CBFEDFBC9E}" = CCC Help Chinese Standard
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0413-1000-0000000FF1CE}_PROPLUS_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROPLUS_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{93F0A673-84B6-90E5-C701-457F796D1430}" = CCC Help Dutch
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DF04B9A-3B45-3D00-8A0F-9EB596626DA7}" = Catalyst Control Center Graphics Full New
"{A669EFEC-39AA-D25B-5F81-450FAABF1E3E}" = CCC Help Russian
"{A909E7C7-F541-4B53-EA99-4F531E5E242B}" = CCC Help French
"{AA0B63ED-2485-5E3B-DB58-F8962C32CDF9}" = Catalyst Control Center Localization All
"{AB480DA0-7EE9-465D-9C12-4CDE65BF18FB}" = Pando
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.02.10
"{AC76BA86-7AD7-1043-7B44-A92000000001}" = Adobe Reader 9.2 - Nederlands
"{B131BD51-21C7-FE1C-91A7-1B1361A9B283}" = Catalyst Control Center Graphics Previews Common
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CA1D5579-2901-06E0-A3B7-ACA65136FFB6}" = CCC Help Finnish
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = SkypeÖ 4.2
"{D23B5897-4D59-25D5-9478-BA1E5EC58552}" = CCC Help Norwegian
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5C04820-9EDB-BB72-647E-7DC9BCBCE983}" = Catalyst Control Center Graphics Previews Vista
"{E8A602BF-C276-4DB2-A9FF-B4C30EA1CB7C}_is1" = iDump (Freeware) Build:30
"{EF702442-B623-4B6A-B41D-412584301725}_is1" = Easy2Sync for Outlook 3.xx
"{FF203294-02C1-4632-832C-762CBD15CF2D}" = Ericsson Wireless Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Air Video Server" = Air Video Server 2.2.4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Setup.divx.com" = DivX Setup
"Football Manager 2009" = Football Manager 2009
"GFI Backup 2009 - Home Edition" = GFI Backup 2009 - Home Edition
"Glary Utilities_is1" = Glary Utilities 2.19.0.800
"Hema Album Software Advanced_is1" = Hema Album Software Advanced
"iMUIS Client_is1" = iMUIS client versie 3.6.5c
"iMUIS_is1" = iMUIS versie 3.6.5d voor Interbase
"InterBase 7.5 Server" = InterBase 7.5 Server
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MixPad" = MixPad Audio Mixer
"PC Wizard 2009_is1" = PC Wizard 2009.1.9111
"PhotoStage" = PhotoStage Slideshow Producer
"PokerStars" = PokerStars
"PROPLUS" = Microsoft Office Professional Plus 2007
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 10540" = Football Manager 2009
"ToolBox" = NCH Toolbox
"uTorrent" = ÁTorrent
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools-runtime voor het Office-systeem 3.0
"VLC media player" = VLC media player 1.0.3
"WavePad" = WavePad Sound Editor

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"A4FC0DD2C9D0008AA89FFBC8B9E86C6A57F620B5" = dropioOutlook
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

d-sniper
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-05-02
OS OS : Vista
Points Points : 24321
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Porn.com removed

Post by Belahzur on 12th May 2010, 10:25 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    [2010-05-02 19:28:35 | 000,000,000 | ---D | C] -- C:\Users\Rederij Vlaun\AppData\Local\khkbjxoae

    :commands
    [emptytemp]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus Porn.com removed

Post by d-sniper on 13th May 2010, 5:00 pm

All processes killed
========== OTL ==========
C:\Users\Rederij Vlaun\AppData\Local\khkbjxoae folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Rederij Vlaun
->Temp folder emptied: 19165012 bytes
->Temporary Internet Files folder emptied: 974027531 bytes
->Java cache emptied: 38034339 bytes
->Flash cache emptied: 55214 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2764270 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 986,00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05132010_171720

Files\Folders moved on Reboot...
File\Folder C:\Users\Rederij Vlaun\AppData\Local\Temp\~DF4C82.tmp not found!
File\Folder C:\Users\Rederij Vlaun\AppData\Local\Temp\~DFF119.tmp not found!
File\Folder C:\Users\Rederij Vlaun\AppData\Local\Temp\~DFF127.tmp not found!
File\Folder C:\Users\Rederij Vlaun\AppData\Local\Temp\~DFF17D.tmp not found!
File\Folder C:\Users\Rederij Vlaun\AppData\Local\Temp\~DFF18B.tmp not found!
File\Folder C:\Users\Rederij Vlaun\AppData\Local\Temp\~DFF1C9.tmp not found!
File\Folder C:\Users\Rederij Vlaun\AppData\Local\Temp\~DFF1DF.tmp not found!
C:\Users\Rederij Vlaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PMIK72RA\afr[3].htm moved successfully.
C:\Users\Rederij Vlaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PMIK72RA\afr[4].htm moved successfully.
C:\Users\Rederij Vlaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PMIK72RA\afr[5].htm moved successfully.
C:\Users\Rederij Vlaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PMIK72RA\afr[6].htm moved successfully.
C:\Users\Rederij Vlaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8VHCFEEO\Nas-And-Damian-Marley-Distant-Relatives-(Retail)-2010-NoFS[1].htm moved successfully.
C:\Users\Rederij Vlaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4T1QLLVO\virus-porncom-removed-t21419[1].htm moved successfully.
C:\Users\Rederij Vlaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Rederij Vlaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{999EF1C0-5B2E-4FA2-98CF-F5682E816EC7}.tmp moved successfully.
C:\Users\Rederij Vlaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4496A399-CD4D-4CE7-B571-DB720EEE0D56}.tmp moved successfully.
C:\Users\Rederij Vlaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{49741233-D36B-4083-9CE9-075EF2A984E6}.tmp moved successfully.
C:\Users\Rederij Vlaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B12BC2C4-F333-4560-804A-24979A64C35D}.tmp moved successfully.
File\Folder C:\Users\Rederij Vlaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E356571A-2FA0-4AE8-8558-BECF0A49EE0B}.tmp not found!
C:\Users\Rederij Vlaun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{EC91D26E-391A-47D9-9E35-76D735A33372}.tmp moved successfully.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GNZP8GOT\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GF833EOT\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GA8S1DCO\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQY8KCB0\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...

d-sniper
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-05-02
OS OS : Vista
Points Points : 24321
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Porn.com removed

Post by Belahzur on 13th May 2010, 10:01 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus Porn.com removed

Post by d-sniper on 14th May 2010, 6:40 am

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Databaseversie: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

14-5-2010 8:36:35
mbam-log-2010-05-14 (08-36-35).txt

Scantype: Snelle scan
Objecten gescand: 115773
Verstreken tijd: 4 minuut/minuten, 45 seconde(n)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 0
Registerwaarden ge´nfecteerd: 0
Registerdata ge´nfecteerd: 0
Mappen ge´nfecteerd: 0
Bestanden ge´nfecteerd: 0

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

d-sniper
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-05-02
OS OS : Vista
Points Points : 24321
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Porn.com removed

Post by Belahzur on 14th May 2010, 9:36 am

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus Porn.com removed

Post by d-sniper on 14th May 2010, 5:24 pm

It is already unchecked.....so the malware scan should have the same result as above the last post you made.....

d-sniper
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-05-02
OS OS : Vista
Points Points : 24321
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Porn.com removed

Post by Belahzur on 15th May 2010, 12:15 am

No, my instructions were to update MBAM, so new items may have been found.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus Porn.com removed

Post by d-sniper on 15th May 2010, 10:28 pm

You are totally right, I misread after your advise to uncheck to Proxy server.
I have updated and this is the mbam-Log:

alwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Databaseversie: 4104

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

16-5-2010 0:27:06
mbam-log-2010-05-16 (00-27-06).txt

Scantype: Snelle scan
Objecten gescand: 118437
Verstreken tijd: 4 minuut/minuten, 4 seconde(n)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 0
Registerwaarden ge´nfecteerd: 0
Registerdata ge´nfecteerd: 0
Mappen ge´nfecteerd: 0
Bestanden ge´nfecteerd: 0

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

d-sniper
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-05-02
OS OS : Vista
Points Points : 24321
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Porn.com removed

Post by Belahzur on 15th May 2010, 10:35 pm

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus Porn.com removed

Post by d-sniper on 19th May 2010, 9:19 am

This was the logfile text:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

d-sniper
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-05-02
OS OS : Vista
Points Points : 24321
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Porn.com removed

Post by Belahzur on 19th May 2010, 10:23 pm

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus Porn.com removed

Post by d-sniper on 23rd May 2010, 6:11 am

Hello Belahzur, it seems to be doing fine. Thank you very much for your time and advise! Enjoy your Sunday.

Greetings

d-sniper
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-05-02
OS OS : Vista
Points Points : 24321
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Porn.com removed

Post by Belahzur on 23rd May 2010, 2:12 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    ÁTorrent
    Adobe Reader 9.2 - Nederlands
    Java(TM) 6 Update 15

  • Click on the Uninstall/Change button at the top.

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe that you downloaded to install the newest version.

Then download and install [You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum