AV Security suite problem

View previous topic View next topic Go down

AV Security suite problem

Post by d-sniper on 8th June 2010, 9:50 am

I have a problem with AV security suite. I have run malwarybytes a number of times and also search and destroy but it comes back right away. Even if malwarybytes does not detect anything anymore.

This is the Hijack log that i made in safe mode:

of Trend Micro HijackThis v2.0.4
Scan saved at 11:48:36, on 8-6-2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Safe mode with network support

Running processes:
C:Program Files (x86)Internet Exploreriexplore.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:Program Files (x86)Trend MicroHiJackThisHiJackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=127.0.0.1:49216
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:Program Files (x86)pdfforge ToolbarpdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:Program Files (x86)pdfforge ToolbarpdfforgeToolbarIE.dll
O4 - HKLM..Run: [StartCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
O4 - HKLM..Run: [avgnt] "C:Program Files (x86)AviraAntiVir Desktopavgnt.exe" /min
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program Files (x86)Javajre6binjusched.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"
O4 - HKLM..Run: [DivXUpdate] "C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe" /CHECKNOW
O4 - HKLM..Run: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe"
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 - HKCU..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU..Run: [Steam] "c:program files (x86)steamsteam.exe" -silent
O4 - HKCU..Run: [GFI Backup 2009 - Home Edition] "C:PROGRA~2GFIGFIBAC~1GFIAgent.exe"
O4 - HKCU..Run: [Jing] C:Program Files (x86)TechSmithJingJing.exe
O4 - HKCU..Run: [AirVideoServer] C:Program Files (x86)AirVideoServerAirVideoServer.exe
O4 - HKCU..Run: [uTorrent] "C:Program Files (x86)uTorrentuTorrent.exe"
O4 - HKCU..Run: [fhklwidvjl] c:usersrederij vlaunappdatalocalyqwfyfdejodkjq.exe
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:UsersRederij VlaunAppDataRoamingDropboxbinDropbox.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:Program Files (x86)PokerStarsPokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:Windowsbdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:Windowsbdoscandel.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~2MICROS~1Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:Windowssystem32browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:WindowsSystem32DriverStoreFileRepositorystwrt64.inf_15f4e438AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:Windowssystem32atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:Program Files (x86)AviraAntiVir Desktopsched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:Program Files (x86)AviraAntiVir Desktopavguard.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:Program Files (x86)BonjourmDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:Windowssystem32DFSR.exe (file missing)
O23 - Service: GFI Backup 2009 - Home Edition Attendant Service (GFIBckHAtt) - GFI Software Ltd. - C:PROGRA~2GFIGFIBAC~1GFIHInst.exe
O23 - Service: GFI Backup 2009 - Home Edition Scheduler Service (GFIBckHSched) - GFI Software Ltd. - C:PROGRA~2GFIGFIBAC~1GFIHSC~1.EXE
O23 - Service: InterBase 7.5 Guardian gds_db (IBG_gds_db) - Borland Software Corporation - C:Program Files (x86)BorlandInterBasebinibguard.exe
O23 - Service: InterBase 7.5 Server gds_db (IBS_gds_db) - Borland Software Corporation - C:Program Files (x86)BorlandInterBasebinibserver.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)
O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:Program Files (x86)CDBurnerXPNMSAccessU.exe
O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)
O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe
O23 - Service: @%SystemRoot%system32SLsvc.exe,-101 (slsvc) - Unknown owner - C:Windowssystem32SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)
O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:WindowsSystem32DriverStoreFileRepositorystwrt64.inf_15f4e438STacSV64.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:Program Files (x86)Common FilesSteamSteamService.exe
O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)
O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)
O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)

--
End of file - 10900 bytes

I have the latest update of malwarebytes. Thanks in advance for the help.


Another Question, is it worth in your opinion to buy the realtime (paid) version of Malwarebytes?

d-sniper
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-05-02
OS OS : Vista
Points Points : 24351
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV Security suite problem

Post by Belahzur on 8th June 2010, 5:30 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AV Security suite problem

Post by d-sniper on 8th June 2010, 9:45 pm

This is the mbam-log:

ytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Databaseversie: 4177

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.18904

8-6-2010 23:34:30
mbam-log-2010-06-08 (23-34-30).txt

Scantype: Snelle scan
Objecten gescand: 120106
Verstreken tijd: 4 minuut/minuten, 7 seconde(n)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 2
Registerwaarden ge´nfecteerd: 0
Registerdata ge´nfecteerd: 0
Mappen ge´nfecteerd: 0
Bestanden ge´nfecteerd: 0

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels ge´nfecteerd:
HKEY_CURRENT_USERSoftwareavsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSoftwareavsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registerwaarden ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

However after rebooting the virus iss still there.

d-sniper
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-05-02
OS OS : Vista
Points Points : 24351
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV Security suite problem

Post by Belahzur on 9th June 2010, 12:00 am

Hello.
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AV Security suite problem

Post by d-sniper on 14th June 2010, 9:31 am

Hello Belahzur,

I have tried numerous times but the download of the link you gave gets stuck after 19%. On my desktop (not infected) it downloads perfectly. I have turned off my AV en tried in both save mode as wel as normal (real Quick before the pop ups set in)

d-sniper
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-05-02
OS OS : Vista
Points Points : 24351
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV Security suite problem

Post by Belahzur on 14th June 2010, 11:47 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AV Security suite problem

Post by d-sniper on 15th June 2010, 10:19 pm

OTL logfile created on: 16-6-2010 0:01:07 - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Rederij Vlaun\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,07 Gb Total Space | 202,52 Gb Free Space | 44,90% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 7,46 Gb Free Space | 50,94% Space Free | Partition Type: NTFS
Drive E: | 2,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 465,76 Gb Total Space | 463,89 Gb Free Space | 99,60% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC_VAN_VLAUN
Current User Name: Rederij Vlaun
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-06-16 00:00:58 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Rederij Vlaun\Downloads\OTL.exe
PRC - [2010-06-08 06:55:14 | 000,395,048 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2010-05-17 10:37:32 | 000,322,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010-05-07 11:35:09 | 001,238,352 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2010-03-30 16:26:40 | 003,036,424 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Jing\Jing.exe
PRC - [2010-03-19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010-03-05 17:32:28 | 001,135,912 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010-02-26 07:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Rederij Vlaun\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010-01-27 22:05:28 | 004,637,448 | ---- | M] () -- C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
PRC - [2009-10-22 12:01:08 | 001,839,912 | ---- | M] (GFI Software Ltd.) -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIAgent.exe
PRC - [2009-10-22 12:01:06 | 000,440,616 | ---- | M] (GFI Software Ltd.) -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe
PRC - [2009-10-22 12:01:04 | 001,410,856 | ---- | M] (GFI Software Ltd.) -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe
PRC - [2009-07-21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009-07-18 05:12:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe
PRC - [2009-05-13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009-03-02 14:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008-10-20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2008-01-21 04:49:12 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2006-02-15 08:51:00 | 002,031,616 | ---- | M] (Borland Software Corporation) -- C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe
PRC - [2005-05-24 18:22:14 | 000,036,864 | ---- | M] (Borland Software Corporation) -- C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe


========== Modules (SafeList) ==========

MOD - [2010-06-16 00:00:58 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Rederij Vlaun\Downloads\OTL.exe
MOD - [2008-01-21 04:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008-01-21 04:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008-01-21 04:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010-04-28 17:23:07 | 000,120,832 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (SASCORE)
SRV:64bit: - [2009-04-23 01:56:34 | 000,211,968 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-03-16 20:59:20 | 000,268,288 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009-03-16 20:59:18 | 000,089,600 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008-01-21 04:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010-06-08 06:55:14 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010-03-19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009-10-22 12:01:06 | 000,440,616 | ---- | M] (GFI Software Ltd.) [Auto | Running] -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe -- (GFIBckHAtt)
SRV - [2009-10-22 12:01:04 | 001,410,856 | ---- | M] (GFI Software Ltd.) [Auto | Running] -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe -- (GFIBckHSched)
SRV - [2009-09-23 17:36:06 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009-07-21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009-05-13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008-10-20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008-07-27 20:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2006-11-02 15:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006-11-02 08:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006-11-02 08:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006-02-15 08:51:00 | 002,031,616 | ---- | M] (Borland Software Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe -- (IBS_gds_db)
SRV - [2005-05-24 18:22:14 | 000,036,864 | ---- | M] (Borland Software Corporation) [Auto | Running] -- C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe -- (IBG_gds_db)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010-02-17 20:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010-02-17 20:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009-12-11 10:02:14 | 000,074,880 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009-10-16 02:33:06 | 000,050,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009-05-18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-04-24 02:43:18 | 000,110,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009-04-23 04:57:44 | 005,209,600 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009-03-16 20:59:22 | 000,477,696 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008-12-27 02:05:00 | 000,318,656 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2008-11-26 15:02:18 | 000,158,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008-10-31 11:49:44 | 000,261,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008-06-26 07:40:20 | 004,735,488 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008-02-21 11:24:20 | 000,062,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008-01-21 04:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008-01-21 04:47:27 | 000,168,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo) USB-videoapparaat (WDM)
DRV:64bit: - [2008-01-21 04:47:04 | 000,098,816 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaudio.sys -- (usbaudio) Stuurprogramma voor USB-audio (WDM)
DRV:64bit: - [2008-01-21 04:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008-01-21 04:46:51 | 000,017,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2007-07-27 20:45:52 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007-07-26 21:33:54 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2006-11-02 07:28:10 | 000,273,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2006-09-18 23:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006-09-18 23:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49252



O1 HOSTS File: ([2006-09-18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe ()
O4 - HKCU..\Run: [fhklwidvjl] c:\users\rederij vlaun\appdata\local\yqwfyfd\ejodkjq.exe ()
O4 - HKCU..\Run: [GFI Backup 2009 - Home Edition] C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIAgent.exe (GFI Software Ltd.)
O4 - HKCU..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Rederij Vlaun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rederij Vlaun\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} [You must be registered and logged in to see this link.] (WMI Class)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} [You must be registered and logged in to see this link.] (Image Uploader Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [You must be registered and logged in to see this link.] (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} [You must be registered and logged in to see this link.] (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rederij Vlaun\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rederij Vlaun\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004-05-01 00:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008-10-13 20:44:59 | 000,136,448 | R--- | M] (Sports Interactive) - E:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008-07-25 19:10:55 | 000,000,027 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{21db69a1-c24c-11de-8a25-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{21db69a1-c24c-11de-8a25-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2008-10-13 20:44:59 | 000,136,448 | R--- | M] (Sports Interactive)
O33 - MountPoints2\{2a4f47a0-c4fa-11de-a09a-d1f9368ca246}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{2a4f47a0-c4fa-11de-a09a-d1f9368ca246}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{d72f4715-629c-11df-8222-d8cb602d4295}\Shell\AutoRun\command - "" = F:\Menu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010-06-15 23:35:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010-06-14 10:30:53 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010-06-08 13:16:42 | 000,000,000 | ---D | C] -- C:\Users\Rederij Vlaun\AppData\Roaming\SUPERAntiSpyware.com
[2010-06-08 13:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010-06-08 13:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SASCORE
[2010-06-08 13:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010-06-08 11:28:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010-06-07 23:42:52 | 000,000,000 | ---D | C] -- C:\Users\Rederij Vlaun\AppData\Local\yqwfyfd
[2010-05-24 22:31:33 | 000,000,000 | ---D | C] -- C:\Users\Rederij Vlaun\AppData\Local\nhytejdkq
[2010-05-23 09:41:09 | 000,000,000 | ---D | C] -- C:\Users\Rederij Vlaun\AppData\Roaming\TeraCopy
[2010-05-23 09:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\TeraCopy
[2010-05-23 09:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2BrightSparks
[2010-05-19 09:08:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

========== Files - Modified Within 30 Days ==========

[2010-06-16 00:14:37 | 004,980,736 | -HS- | M] () -- C:\Users\Rederij Vlaun\NTUSER.DAT
[2010-06-16 00:01:53 | 001,471,570 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010-06-16 00:01:53 | 000,667,352 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2010-06-16 00:01:53 | 000,587,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010-06-16 00:01:53 | 000,126,854 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2010-06-16 00:01:53 | 000,101,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010-06-15 23:31:25 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{70F481C1-8388-46F4-97CE-62A452A3C4E5}.job
[2010-06-15 23:27:25 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010-06-15 23:27:15 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010-06-15 23:27:15 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010-06-15 23:27:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-06-15 23:27:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-06-14 15:48:05 | 000,524,288 | -HS- | M] () -- C:\Users\Rederij Vlaun\NTUSER.DAT{4560d5d6-c7dc-11de-9520-83b66e25bd70}.TMContainer00000000000000000001.regtrans-ms
[2010-06-14 15:48:05 | 000,065,536 | -HS- | M] () -- C:\Users\Rederij Vlaun\NTUSER.DAT{4560d5d6-c7dc-11de-9520-83b66e25bd70}.TM.blf
[2010-06-14 15:47:52 | 001,523,287 | -H-- | M] () -- C:\Users\Rederij Vlaun\AppData\Local\IconCache.db
[2010-06-08 13:16:38 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010-06-08 11:48:02 | 000,002,575 | ---- | M] () -- C:\Users\Rederij Vlaun\Desktop\HiJackThis.lnk
[2010-06-08 11:35:09 | 000,009,550 | ---- | M] () -- C:\Users\Rederij Vlaun\Documents\cc_20100608_113504.reg
[2010-06-08 11:34:40 | 000,107,342 | ---- | M] () -- C:\Users\Rederij Vlaun\Documents\cc_20100608_113401.reg
[2010-06-08 11:28:16 | 000,001,724 | ---- | M] () -- C:\Users\Rederij Vlaun\Desktop\CCleaner.lnk
[2010-06-07 23:45:17 | 000,052,736 | ---- | M] () -- C:\Users\Rederij Vlaun\AppData\Local\syssvc.exe
[2010-06-07 16:01:11 | 000,409,600 | ---- | M] () -- C:\Users\Rederij Vlaun\Documents\WK Zehra Abdoelaziz.xlsx
[2010-05-29 22:46:29 | 000,079,872 | ---- | M] () -- C:\Users\Rederij Vlaun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-05-24 22:31:12 | 000,000,032 | --S- | M] () -- C:\Users\Rederij Vlaun\AppData\Local\2879274566.dat
[2010-05-23 09:33:18 | 000,000,916 | ---- | M] () -- C:\Users\Rederij Vlaun\Desktop\SyncBack.lnk

========== Files Created - No Company Name ==========

[2010-06-14 10:30:53 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010-06-08 13:16:38 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010-06-08 11:35:05 | 000,009,550 | ---- | C] () -- C:\Users\Rederij Vlaun\Documents\cc_20100608_113504.reg
[2010-06-08 11:34:07 | 000,107,342 | ---- | C] () -- C:\Users\Rederij Vlaun\Documents\cc_20100608_113401.reg
[2010-06-08 11:28:16 | 000,001,724 | ---- | C] () -- C:\Users\Rederij Vlaun\Desktop\CCleaner.lnk
[2010-06-07 23:45:16 | 000,052,736 | ---- | C] () -- C:\Users\Rederij Vlaun\AppData\Local\syssvc.exe
[2010-06-07 15:59:49 | 000,409,600 | ---- | C] () -- C:\Users\Rederij Vlaun\Documents\WK Zehra Abdoelaziz.xlsx
[2010-05-26 15:32:45 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010-05-24 22:31:12 | 000,000,032 | --S- | C] () -- C:\Users\Rederij Vlaun\AppData\Local\2879274566.dat
[2010-05-23 09:33:18 | 000,000,916 | ---- | C] () -- C:\Users\Rederij Vlaun\Desktop\SyncBack.lnk
[2010-01-25 12:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2009-12-02 15:06:54 | 000,327,168 | ---- | C] () -- C:\Windows\SysWow64\cutil32.dll
[2009-01-05 16:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008-09-16 02:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008-09-16 02:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest
[2008-01-21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008-01-21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >

d-sniper
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-05-02
OS OS : Vista
Points Points : 24351
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV Security suite problem

Post by d-sniper on 15th June 2010, 10:21 pm

OTL Extras logfile created on: 11-5-2010 22:34:44 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Rederij Vlaun\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,07 Gb Total Space | 258,88 Gb Free Space | 57,39% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 7,46 Gb Free Space | 50,94% Space Free | Partition Type: NTFS
Drive E: | 2,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC_VAN_VLAUN
Current User Name: Rederij Vlaun
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3EBFF5A0-EFD7-4D55-BDE7-9540019964FB}" = rport=445 | protocol=6 | dir=out | app=system |
"{6010D1D5-DB69-42C8-9C87-0F5D8A67400D}" = lport=138 | protocol=17 | dir=in | app=system |
"{64F8561F-5746-4F96-AAB7-6AA074FF584B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7C4E2471-4E2A-425F-A7EA-C346E91E366F}" = lport=137 | protocol=17 | dir=in | app=system |
"{890F72E7-336E-44BD-96DD-37CB402F853B}" = rport=139 | protocol=6 | dir=out | app=system |
"{9BA4A900-0DAD-4F0F-B803-634D5FD9E02B}" = rport=137 | protocol=17 | dir=out | app=system |
"{D9297D11-17C2-4FC6-88BB-D4C920D26BDA}" = lport=139 | protocol=6 | dir=in | app=system |
"{D940D68A-515C-40B1-84E7-312719FD5AA1}" = lport=445 | protocol=6 | dir=in | app=system |
"{D9FAD0E7-6EFB-40D1-A308-54D116652384}" = rport=138 | protocol=17 | dir=out | app=system |
"{EFAE5B1F-0D60-48E0-B07D-32175206E263}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FF046B19-6A22-4CC0-8115-65307A71E44F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0253F382-BC89-4B55-8805-B2975388C70E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{05C238E8-E15D-4511-B048-514B73152491}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\pando\pando.exe |
"{12FCC5AA-5736-45E9-ABB8-7BF06F8CD0DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{161AF4B7-0626-4450-BBB7-239B125E948B}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1846EDAD-D23A-4B13-864A-C033D85CD20E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{19C28641-17A6-4207-AA4D-F4552A25C780}" = dir=in | app=c:\program files (x86)\pando networks\pando\pando.exe |
"{1F139C53-1F49-40D6-96A6-08948FECD892}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{326867B0-06C3-4CB5-A474-E5D515142F18}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{34792F79-1DAF-4781-AEA3-D59C32C87048}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{38576ECB-E519-4A0D-8B62-56D04A9CA9E3}" = protocol=6 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2009\fm.exe |
"{3D0D0A64-02E2-4F04-846B-C070120239E3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{6115F9A4-6AE7-4141-A339-BA48CCE09E37}" = protocol=6 | dir=in | app=c:\program files (x86)\airvideoserver\airvideoserver.exe |
"{67899547-A440-432C-A8AC-9F838C8044E8}" = protocol=6 | dir=in | app=c:\program files (x86)\airvideoserver\airvideoserver.exe |
"{6A29F9E0-942A-4349-A7E0-993D2B4C57E2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7B903DB7-0097-4664-9DD0-5EB999723892}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{89998CD5-0BB3-4723-B89A-80CE1717ADA2}" = protocol=17 | dir=in | app=c:\users\rederij vlaun\appdata\roaming\dropbox\bin\dropbox.exe |
"{8F2457EC-92B1-4E15-B09B-76FB664A0640}" = protocol=6 | dir=out | app=c:\program files (x86)\airvideoserver\airvideoserver.exe |
"{90634D10-9C72-4AE5-A534-405943C104CA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2009\fm.exe |
"{9805B348-DC5A-4FEC-914D-15689A63DB65}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{9A64D90D-7EF3-4611-B830-EB66E5153895}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{A2AFD540-43A7-4C8C-83E8-93DDAC38344E}" = protocol=17 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2009\fm.exe |
"{AC21CE8A-13C4-49DE-BED5-169C1B4ABF4B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2009\fm.exe |
"{AF75D69E-61F7-4AF4-9F10-0306DFE8CF25}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BE85E9DF-A6CC-4760-8253-6B0BBF9FB7E5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BFE88936-09C8-4929-94FB-DE43FCAD75DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{C1CDB1FB-0160-4364-90A4-B9AA591D8CBA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{D293B54B-85B3-4AF7-AF42-E06C28E71BDE}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D5B6373F-F38D-4C1F-920E-6B9A34ACD166}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\pando\pando.exe |
"{DEA52836-A064-4E5C-BA70-C5ACE4D33850}" = protocol=17 | dir=in | app=c:\program files (x86)\airvideoserver\airvideoserver.exe |
"{E84DD236-AA97-44B7-AB4C-67BE8183D054}" = protocol=6 | dir=in | app=c:\users\rederij vlaun\appdata\roaming\dropbox\bin\dropbox.exe |
"{F3FAB5A3-BA41-40A5-AB44-F729A99AAE7B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{FD73C463-5DF5-4198-87FF-2F01C87284C4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{001054D3-D7CD-4667-BA9D-63A7D97B6478}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{0C9CC0D3-BCF8-4BB5-9BAE-8267019A47E1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{7766F6F8-D0CE-4209-B5A0-722F0A878CCE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{FAA87C5C-31D7-4B89-8C07-E9168E1F8682}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{5DCF7AEC-C6CD-4D65-9684-77CA8D2C22CB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{86171AC8-00E7-4248-AEA3-2DE624C41944}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{E975709A-972B-4E00-A4F9-F49C49573843}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{F944BC69-0289-4F10-9DA1-9CABD5AFCB4A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{1C89932F-1D9D-4776-AD7A-9156FF792539}" = Modem Diagnostics Tool
"{261F2A97-EF19-44F7-8040-78DC574CD22A}" = Software van Intel(R) PROSet/Wireless WiFi
"{3BF01555-70FC-426F-BA9E-F24758A987C9}" = Dell 5530 Wireless Broadband Package
"{4CE36E6A-300B-427C-BEC7-B261CC13814E}" = iTunes
"{538B8C10-1BA5-131D-4B4C-F07770926D06}" = ccc-utility64
"{877924AA-E044-4266-B37D-E974CD799934}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2007
"{949C04A7-B078-5738-4624-1C77E8CD409A}" = ATI Catalyst Install Manager
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CA4AF936-3312-4AF4-A191-527531490DCD}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Creative OA001" = Integrated Webcam Driver (1.05.02.1227)
"doPDF 6 printer_is1" = doPDF 6.3 printer
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Dell Touchpad
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06096D5E-09ED-9A82-6946-6568EBB7CB2C}" = Catalyst Control Center InstallProxy
"{0DF1DAD2-17FD-E64F-C6A2-A42D94474229}" = Skins
"{1C279CAE-F230-0255-0F19-634750A69747}" = CCC Help Portuguese
"{206936E5-73DF-07D8-29B6-34E802541EBB}" = CCC Help English
"{20D8E6B9-5E1A-4CE5-83D8-EF3626B6CEF9}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28D58BB6-06C3-49F3-3EF2-93F3158B6505}" = Catalyst Control Center Core Implementation
"{3180427D-DDE9-4704-A30F-B4C46CC29C41}" = Catalyst Control Center Graphics Full Existing
"{34E38BB7-98FD-03C2-13D1-B68789668CEE}" = CCC Help Italian
"{3BB37700-F05F-213F-FF1C-684698BAC17E}" = CCC Help Japanese
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 3.0.1.72
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46A869A1-3F59-44A4-64D7-120FE0057B2F}" = CCC Help German
"{49E5F021-4DA5-41A3-A893-0A9564D30264}" = Jing
"{4AF97226-2624-AD56-9003-E581DEB96E8C}" = CCC Help Korean
"{4DD386D7-8D6D-985B-418B-94BCA7CEDB8E}" = ccc-core-static
"{4EF8BE6A-899C-4196-94E7-297C5F7A203E}" = pdfforge Toolbar v1.1.1
"{4FC41915-5EFB-27A4-1C4B-B06DB9673CD7}" = CCC Help Spanish
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69535FEF-6533-8F4F-D96B-2C345D89617A}" = CCC Help Chinese Traditional
"{6CA2A34B-93EC-C934-8251-08960730AB69}" = CCC Help Danish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{739777CE-1678-65B2-B97E-C0E1545EECDF}" = Catalyst Control Center Graphics Light
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82E80931-6DFE-5E67-7C37-F66ABF135331}" = CCC Help Swedish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8ECD943A-0C75-CAD5-FC01-91CBFEDFBC9E}" = CCC Help Chinese Standard
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0413-1000-0000000FF1CE}_PROPLUS_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROPLUS_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{93F0A673-84B6-90E5-C701-457F796D1430}" = CCC Help Dutch
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DF04B9A-3B45-3D00-8A0F-9EB596626DA7}" = Catalyst Control Center Graphics Full New
"{A669EFEC-39AA-D25B-5F81-450FAABF1E3E}" = CCC Help Russian
"{A909E7C7-F541-4B53-EA99-4F531E5E242B}" = CCC Help French
"{AA0B63ED-2485-5E3B-DB58-F8962C32CDF9}" = Catalyst Control Center Localization All
"{AB480DA0-7EE9-465D-9C12-4CDE65BF18FB}" = Pando
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.02.10
"{AC76BA86-7AD7-1043-7B44-A92000000001}" = Adobe Reader 9.2 - Nederlands
"{B131BD51-21C7-FE1C-91A7-1B1361A9B283}" = Catalyst Control Center Graphics Previews Common
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CA1D5579-2901-06E0-A3B7-ACA65136FFB6}" = CCC Help Finnish
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = SkypeÖ 4.2
"{D23B5897-4D59-25D5-9478-BA1E5EC58552}" = CCC Help Norwegian
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5C04820-9EDB-BB72-647E-7DC9BCBCE983}" = Catalyst Control Center Graphics Previews Vista
"{E8A602BF-C276-4DB2-A9FF-B4C30EA1CB7C}_is1" = iDump (Freeware) Build:30
"{EF702442-B623-4B6A-B41D-412584301725}_is1" = Easy2Sync for Outlook 3.xx
"{FF203294-02C1-4632-832C-762CBD15CF2D}" = Ericsson Wireless Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Air Video Server" = Air Video Server 2.2.4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Setup.divx.com" = DivX Setup
"Football Manager 2009" = Football Manager 2009
"GFI Backup 2009 - Home Edition" = GFI Backup 2009 - Home Edition
"Glary Utilities_is1" = Glary Utilities 2.19.0.800
"Hema Album Software Advanced_is1" = Hema Album Software Advanced
"iMUIS Client_is1" = iMUIS client versie 3.6.5c
"iMUIS_is1" = iMUIS versie 3.6.5d voor Interbase
"InterBase 7.5 Server" = InterBase 7.5 Server
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MixPad" = MixPad Audio Mixer
"PC Wizard 2009_is1" = PC Wizard 2009.1.9111
"PhotoStage" = PhotoStage Slideshow Producer
"PokerStars" = PokerStars
"PROPLUS" = Microsoft Office Professional Plus 2007
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 10540" = Football Manager 2009
"ToolBox" = NCH Toolbox
"uTorrent" = ÁTorrent
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools-runtime voor het Office-systeem 3.0
"VLC media player" = VLC media player 1.0.3
"WavePad" = WavePad Sound Editor

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"A4FC0DD2C9D0008AA89FFBC8B9E86C6A57F620B5" = dropioOutlook
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

d-sniper
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-05-02
OS OS : Vista
Points Points : 24351
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV Security suite problem

Post by Belahzur on 17th June 2010, 12:38 am

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O4 - HKCU..\Run: [fhklwidvjl] c:\users\rederij vlaun\appdata\local\yqwfyfd\ejodkjq.exe ()
    [2010-06-07 23:42:52 | 000,000,000 | ---D | C] -- C:\Users\Rederij Vlaun\AppData\Local\yqwfyfd
    [2010-05-24 22:31:33 | 000,000,000 | ---D | C] -- C:\Users\Rederij Vlaun\AppData\Local\nhytejdkq
    [2010-06-07 23:45:16 | 000,052,736 | ---- | C] () -- C:\Users\Rederij Vlaun\AppData\Local\syssvc.exe
    [2010-05-24 22:31:12 | 000,000,032 | --S- | C] () -- C:\Users\Rederij Vlaun\AppData\Local\2879274566.dat



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum