# Virus "Congratulations you've won"



## Marieke93 (Feb 24, 2012)

I saw another thread with the same virus but read in the rules that I should make my own post, so here I am.

I've been getting random audio ads telling me "Congratulations, you've won!" at random intervals. It's not coming from my browser, it may be coming from an exe file named 'conime.exe' but I'm not sure. My laptop has been running very very slow for a while, not sure if that's related. I've run the programs and included the logs, I hope you can help me! I'll be happy to provide more information.

*HIJACKTHIS LOG*

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:13:35, on 24-Feb-12
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SndVol.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 64.212.73.53:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Marieke\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://www.spgame.com/infogame/msxml4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DBF3954F-8AF4-4E8C-AFC8-32916D13B6AD} (KCSActiveXV3Ctrl Class) - http://kamuse.zcdn.co.kr/kamuse/kcsdownload/activex/KCSActiveXv3-1000.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fb_inet_server.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--
End of file - 10173 bytes

*DDS.TXT*

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Marieke at 21:27:36 on 2012-02-24
Microsoft® Windows Vista Ultimate 6.0.6002.2.1252.31.1033.18.2974.1263 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Firebird\Firebird_2_5\bin\fb_inet_server.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SndVol.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 64.212.73.53:8080
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ATnotes.exe] c:\program files\atnotes\ATnotes.exe
uRun: [Google Update] "c:\users\marieke\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxp://www.spgame.com/infogame/msxml4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DBF3954F-8AF4-4E8C-AFC8-32916D13B6AD} - hxxp://kamuse.zcdn.co.kr/kamuse/kcsdownload/activex/KCSActiveXv3-1000.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{3FDC87A9-2477-4DF4-A552-AA66A326712D} : DhcpNameServer = 194.109.6.66 194.109.9.99
TCP: Interfaces\{C7181595-030D-4C86-8E15-13AC83DF09B8} : DhcpNameServer = 194.109.6.66 194.109.9.99
TCP: Interfaces\{CD693CFC-B86E-41C0-9413-43A61B6A9870} : DhcpNameServer = 195.121.1.34 195.121.1.66
TCP: Interfaces\{D708ABF9-51D7-499F-A7D5-8B95E76DE91F} : DhcpNameServer = 192.168.178.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\marieke\appdata\roaming\mozilla\firefox\profiles\bmdbhyd7.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\users\marieke\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_5\bin\fb_inet_server.exe [2010-11-7 3726028]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-9-12 21504]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 265928]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-9-8 73216]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-22 112128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-4-15 2274296]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-9-8 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-9-8 235392]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-15 14:14:45	680448	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-15 14:14:43	2044416	----a-w-	c:\windows\system32\win32k.sys
2012-02-15 14:14:40	2409784	----a-w-	c:\program files\windows mail\OESpamFilter.dat
2012-01-31 13:05:43	--------	d-----w-	c:\users\marieke\.spss
2012-01-31 13:03:21	--------	d-----w-	c:\programdata\SafeNet Sentinel
2012-01-31 13:02:01	--------	d-----w-	c:\programdata\SPSS
2012-01-31 13:02:00	--------	d-----w-	c:\program files\common files\SPSS
2012-01-31 13:01:58	--------	d-----w-	c:\program files\common files\SPSSInc
2012-01-31 13:01:38	--------	d-----w-	c:\program files\SPSSInc
2012-01-31 13:01:28	205	----a-w-	c:\windows\system32\lsprst7.dll
2012-01-31 13:01:28	1025	----a-w-	c:\windows\system32\sysprs7.dll
2012-01-31 12:58:36	--------	d-----w-	c:\program files\SPSSIncOEM
2012-01-29 13:26:47	295952	----a-w-	c:\windows\SCRANTIC.SCR
2012-01-29 13:26:47	--------	d-----w-	C:\SIERRA
.
==================== Find3M ====================
.
2012-01-12 21:07:12	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-12-14 03:04:54	1798656	----a-w-	c:\windows\system32\jscript9.dll
2011-12-14 02:57:18	1127424	----a-w-	c:\windows\system32\wininet.dll
2011-12-14 02:56:58	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-11-30 17:39:24	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 21:28:51.24 ===============

*ARK.TXT*

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-24 22:34:45
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-60ZCT1 rev.13.01A13
Running: lh4idxv0.exe; Driver: C:\Users\Marieke\AppData\Local\Temp\pxldypow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAFC63F3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xAFC63FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAFC64080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAFC6411C]

INT 0x72 ? 863B9BF8
INT 0x82 ? 863B9BF8
INT 0x92 ? 863B9BF8
INT 0xA2 ? 84AE0BF8
INT 0xA2 ? 84AE0BF8
INT 0xA2 ? 84AE0BF8
INT 0xA2 ? 84AE0BF8
INT 0xA2 ? 863B9BF8
INT 0xA2 ? 863B9BF8
INT 0xA2 ? 84AE0BF8
INT 0xB2 ? 863B9BF8
INT 0xB2 ? 863B9BF8
INT 0xB2 ? 863B9BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 3F1 822C3B74 4 Bytes [3C, 3F, C6, AF]
.text ntkrnlpa.exe!KeSetEvent + 621 822C3DA4 8 Bytes [E4, 3F, C6, AF, 80, 40, C6, ...]
.text ntkrnlpa.exe!KeSetEvent + 681 822C3E04 4 Bytes [1C, 41, C6, AF]
? System32\Drivers\spvo.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 913E341B 5 Bytes JMP 863B91D8 
.text a407ocyy.SYS 915C2000 22 Bytes [82, 83, 5D, 82, 6C, 82, 5D, ...]
.text a407ocyy.SYS 915C2017 137 Bytes [00, 32, 37, 18, 8A, 3D, 35, ...]
.text a407ocyy.SYS 915C20A1 43 Bytes [00, 2C, 82, 74, F6, 25, 82, ...]
.text a407ocyy.SYS 915C20CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text a407ocyy.SYS 915C20DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcess + 6  76E54AAA 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text  C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 16, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 16, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 16, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 16, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E560C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 16, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 16, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 16, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E56141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 16, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5627F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 16, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 16, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 16, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
.text  C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtCreateFile + B  76E5424F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
.text  C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 854831F8

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\udfs \UdfsCdRom 84D93500
Device \FileSystem\udfs \UdfsDisk 84D93500
Device \Driver\netbt \Device\NetBT_Tcpip_{D708ABF9-51D7-499F-A7D5-8B95E76DE91F} 86F551F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 84AE21F8
Device \Driver\usbuhci \Device\USBPDO-0 862F21F8
Device \Driver\usbuhci \Device\USBPDO-1 862F21F8
Device \Driver\usbehci \Device\USBPDO-2 863BA1F8
Device \Driver\usbuhci \Device\USBPDO-3 862F21F8
Device \Driver\usbuhci \Device\USBPDO-4 862F21F8

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\sptd \Device\1522116851 spvo.sys
Device \Driver\usbuhci \Device\USBPDO-5 862F21F8
Device \Driver\usbuhci \Device\USBPDO-6 862F21F8
Device \Driver\volmgr \Device\HarddiskVolume1 84AE21F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\usbehci \Device\USBPDO-7 863BA1F8
Device \Driver\volmgr \Device\HarddiskVolume2 84AE21F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 8646A1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 854811F8
Device \Driver\atapi \Device\Ide\IdePort0 854811F8
Device \Driver\atapi \Device\Ide\IdePort1 854811F8
Device \Driver\atapi \Device\Ide\IdePort2 854811F8
Device \Driver\atapi \Device\Ide\IdePort3 854811F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 854811F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 854821F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 854821F8
Device \Driver\msahci \Device\Ide\PciIde0Channel4 854821F8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 854821F8
Device \Driver\cdrom \Device\CdRom1 8646A1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{CD693CFC-B86E-41C0-9413-43A61B6A9870} 86F551F8
Device \Driver\netbt \Device\NetBt_Wins_Export 86F551F8
Device \Driver\Smb \Device\NetbiosSmb 86EF81F8
Device \Driver\iScsiPrt \Device\RaidPort0 863B71F8

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\PCI_PNP0740 \Device\0000005d spvo.sys

AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 862F21F8
Device \Driver\usbuhci \Device\USBFDO-1 862F21F8
Device \Driver\usbehci \Device\USBFDO-2 863BA1F8
Device \Driver\usbuhci \Device\USBFDO-3 862F21F8
Device \Driver\usbuhci \Device\USBFDO-4 862F21F8
Device \Driver\usbuhci \Device\USBFDO-5 862F21F8
Device \Driver\usbuhci \Device\USBFDO-6 862F21F8
Device \Driver\usbehci \Device\USBFDO-7 863BA1F8
Device \Driver\a407ocyy \Device\Scsi\a407ocyy1Port5Path0Target0Lun0 863FE1F8
Device \Driver\a407ocyy \Device\Scsi\a407ocyy1 863FE1F8
Device \FileSystem\cdfs \Cdfs 87C71500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x94 0xB5 0xBC 0xF0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x14 0x3D 0x2E 0x23 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x1C 0xE7 0x76 0x3B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x4F 0xCC 0x37 0xCC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x14 0x3D 0x2E 0x23 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x1C 0xE7 0x76 0x3B ...

---- Files - GMER 1.0.15 ----

File C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\E5I26CA4.txt 93 bytes

---- EOF - GMER 1.0.15 ----


----------



## flavallee (May 12, 2002)

A gold/blue shield virus/malware removal specialist will need to assist you with the DDS.TXT and ARK.TXT logs.

In the meantime, download and install the free version of

*Malwarebytes Anti-Malware 1.60.1.1000*

*SUPERAntiSpyware 5.0.0.1144*

then update their definition files, then run a quick scan with them, then select and remove EVERYTHING they find.

Note: DON'T use the computer while each scan is in progress.

----------------------------------------------------------

I strongly advise you NOT to use the file cleaner and registry cleaner feature of *AVG 2012* and NOT to use *AVG PC Tuneup 2011*.

This is a good way to damage the Windows operating system and break some of your programs and generate error/warning messages and create havoc with your computer.

---------------------------------------------------------


----------



## Marieke93 (Feb 24, 2012)

Thank you for your quick reply! I've run both programs, both found some files that I deleted. I also uninstalled AVG PC Tuneup 2011.


----------



## flavallee (May 12, 2002)

Let's see the scan logs so we can see what was found and removed.

-------------------------------------------------------

Start Malwarebytes Anti-Malware.

Click "Logs"(tab).

Highlight the scan log entry, then click "Open".

When the scan log appears in Notepad, copy-and-paste it here.

-------------------------------------------------------

Start SUPERAntiSpyware.

Click "View Scan Logs".

Highlight the scan log entry, then click "View Selected Log".

When the scan log appears in Notepad, copy-and-paste it here.

-------------------------------------------------------


----------



## flavallee (May 12, 2002)

Your computer has a lot of programs that are auto-loading and running in the background.

Some of them don't need to auto-load and run at all, and others can be manually started when needed.

A bloated startup load can slow down overall performance and cause various problems.

I can assist you with that later.

-------------------------------------------------------

Use the computer for awhile and see if you're still getting the audio ads.

-------------------------------------------------------


----------



## Marieke93 (Feb 24, 2012)

Haven't heard any audio ads so far!
Here's the logs:

Malwarebytes log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.24.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Marieke :: SAM [administrator]

24-Feb-12 23:31:41
mbam-log-2012-02-24 (23-31-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203917
Time elapsed: 10 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.

(end)

SuperAntiSpyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/24/2012 at 11:59 PM

Application Version : 5.0.1144

Core Rules Database Version : 8276
Trace Rules Database Version: 6088

Scan type : Quick Scan
Total Scan Time : 00:12:39

Operating System Information
Windows Vista Ultimate 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned : 619
Memory threats detected : 0
Registry items scanned : 27256
Registry threats detected : 0
File items scanned : 52936
File threats detected : 192

Adware.Tracking Cookie
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /adbrite ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /adecn ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /ads.creative-serving ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /beacons.hottraffic ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /bluemango.solution.weborama ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /collective-media ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /dm3adserver ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /eaeacom.112.2o7 ]
.imrworldwide.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /media6degrees ]
.specificclick.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /mediaplex ]
.specificclick.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /microsoftwllivemkt.112.2o7 ]
.adviva.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /msnportal.112.2o7 ]
.ru4.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /ohra.adservinginternational ]
.kontera.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /sparkle.adservinginternational ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /thephonehouse.solution.weborama ]
statse.webtrendslive.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /tradedoubler ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /vd.solution.weborama ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /vdwp.solution.weborama ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /vodafonebranding.solution.weborama ]
.adtech.de [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /weborama ]
fl01.ct2.comclick.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
beacons.hottraffic.nl [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\SG2JVVKN.txt [ /myroitracking.com ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\FZ0BWXRH.txt [ /adxpose.com ]
.atdmt.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\56DG03ZO.txt [ /c.atdmt.com ]
.atdmt.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\O2D5ZQ6R.txt [ /findology.com ]
adserver3.spele.nl [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
adserver3.spele.nl [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\95LHX4CD.txt [ /findsimle.com ]
.mediabrandsww.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\TW5CKJY7.txt [ /ads.pubmatic.com ]
adserver3.spele.nl [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
ad.adserver01.de [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
counter.hitslink.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\RIU62Q8C.txt [ /apmebf.com ]
nl.sitestat.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.vodafonebranding.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.vodafonebranding.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.vodafonebranding.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.vodafonebranding.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\1W2K8N26.txt [ /invitemedia.com ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\TUJ779T4.txt [ /ads.adk2.com ]
.revsci.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\62ME2J4Q.txt [ /clicksor.com ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /nl.sitestat.com ]
.adbrite.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\4TXBMVE0.txt [ /revsci.net ]
.adbrite.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\5LV8LDAT.txt [ /smartadserver.com ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\AC7G4VX2.txt [ /atdmt.com ]
.doubleclick.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.sizz.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.sizz.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.sizz.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.sizz.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
www9.addfreestats.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\KSFV8OGV.txt [ /ads.creative-serving.com ]
.media6degrees.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\UEKRP6XR.txt [ /conversioncompany.solution.weborama.fr ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\6LYCZJNE.txt [ /adjuggler.net ]
.media6degrees.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\A1Y6WJHR.txt [ /serving-sys.com ]
.statcounter.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\H2FHFJWS.txt [ /trafficno.com ]
.content.yieldmanager.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\TCGWOLY0.txt [ /my.enveromedia.com ]
.serving-sys.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\BC3J4RXZ.txt [ /adrime.solution.weborama.fr ]
ad.yieldmanager.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\T8MMF2EJ.txt [ /fastclick.net ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\4VVB7B49.txt [ /ad.yieldmanager.com ]
.bluemango.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.bluemango.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.bluemango.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\2O79O4YN.txt [ /vidasco.rotator.hadj7.adjuggler.net ]
.bluemango.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\53S8LQY4.txt [ /aim4media.com ]
server.iad.liveperson.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\6KR6C6W3.txt [ /doubleclick.net ]
.mediaplex.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.adjuggler.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.shinystat.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
m1.webstats.motigo.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
C:\USERS\MARIEKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\TQSL5VBD.txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt [ Cookie:[email protected]/hc/78172407 ]
C:\USERS\MARIEKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\SG2JVVKN.txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\FZ0BWXRH.txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\56DG03ZO.txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\O2D5ZQ6R.txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\95LHX4CD.txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\1W2K8N26.txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\62ME2J4Q.txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\4TXBMVE0.txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\AC7G4VX2.txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\UEKRP6XR.txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\6LYCZJNE.txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\A1Y6WJHR.txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\TCGWOLY0.txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\BC3J4RXZ.txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\2O79O4YN.txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\53S8LQY4.txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\6KR6C6W3.txt [ Cookie:[email protected]/ ]
C:\USERS\MARIEKE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]


----------



## flavallee (May 12, 2002)

OK, that's good. :up:

I'm going to sit on the sidelines for now and wait for a gold/blue shield member to assist you.

This section is VERY busy, so be patient.

By the way, *Java(TM) 6 update 30* needs to be updated to 1.6.0.31(6 Update 31).

---------------------------------------------------------


----------



## Marieke93 (Feb 24, 2012)

Bump..


----------



## kevinf80 (Mar 21, 2006)

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

*Link 1*
*Link 2*


 Ensure that Combofix is saved directly to the Desktop * <--- Very important*

 Disable all security programs as they will have a negative effect on Combofix, instructions available *Here* if required. Be aware the list may not have all programs listed, if you need more help please ask.

 Close any open browsers and any other programs you might have running

 Double click the







icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

 Instructions for running Combofix available *Here* if required.

 If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

 When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

*******Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze* ******

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read *Here* why disabling autoruns is recommended.

*EXTRA NOTES*

 If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
 If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
 If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin


----------



## Marieke93 (Feb 24, 2012)

Thank you! I ran combofix but I think I accidentally downloaded it in Dutch, I've translated the Dutch parts in the logs:

-- Also, the scroll function of my touch pad doesn't work anymore since ComboFix restarted my laptop just now. Any ideas how I can get it to work again?

ComboFix 12-02-25.02 - Marieke 27-Feb-12 20:01:24.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.31.1033.18.2974.2058 [GMT 1:00]
Started from: c:\users\Marieke\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* New recovery point was made
.
.
(((((((((((((((((((((((((((((((((( Other erasures )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\lsprst7.dll
c:\windows\system32\SETCA31.tmp
c:\windows\system32\SETCBF8.tmp
c:\windows\system32\SETCF97.tmp
.
.
(((((((((((((((((((( Files made from 2012-01-27 to 2012-02-27 ))))))))))))))))))))))))))))))
.
.
2012-02-27 19:08 . 2012-02-27 19:08	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-02-27 19:08 . 2012-02-27 19:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-25 11:19 . 2012-02-25 11:19	--------	d-----w-	c:\program files\Common Files\Java
2012-02-24 22:43 . 2012-02-24 22:43	--------	d-----w-	c:\users\Marieke\AppData\Roaming\SUPERAntiSpyware.com
2012-02-24 22:43 . 2012-02-24 22:45	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-02-24 22:43 . 2012-02-24 22:43	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-02-24 22:30 . 2012-02-24 22:30	--------	d-----w-	c:\users\Marieke\AppData\Roaming\Malwarebytes
2012-02-24 22:30 . 2012-02-24 22:30	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-24 22:30 . 2012-02-24 22:30	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-02-24 22:30 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-15 14:14 . 2011-12-14 16:17	680448	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-15 14:14 . 2012-01-12 19:52	2044416	----a-w-	c:\windows\system32\win32k.sys
2012-02-15 14:14 . 2011-12-20 10:56	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-01-31 13:05 . 2012-02-07 15:37	--------	d-----w-	c:\users\Marieke\.spss
2012-01-31 13:03 . 2012-01-31 13:03	--------	d-----w-	c:\programdata\SafeNet Sentinel
2012-01-31 13:02 . 2012-01-31 13:02	--------	d-----w-	c:\programdata\SPSS
2012-01-31 13:02 . 2012-01-31 13:02	--------	d-----w-	c:\program files\Common Files\SPSS
2012-01-31 13:01 . 2012-01-31 13:01	--------	d-----w-	c:\program files\SPSSInc
2012-01-31 13:01 . 2012-01-31 13:01	1025	----a-w-	c:\windows\system32\sysprs7.dll
2012-01-29 13:26 . 2012-01-29 13:26	--------	d-----w-	C:\SIERRA
2012-01-29 13:26 . 1992-12-09 16:08	295952	----a-w-	c:\windows\SCRANTIC.SCR
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-25 11:18 . 2010-09-11 19:36	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-11-30 17:39 . 2011-06-18 08:57	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-27 11:26 . 2011-06-27 14:45	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Starting points )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* Empty references & legitimate standard references are not listed 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-02-24 740216]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19550344]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54	551296	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ FontCache
bthsvcs	REG_MULTI_SZ  BthServ
WindowsMobile	REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Shared Tasks' folder
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1403598637-1565816913-3000759082-1000Core.job
- c:\users\Marieke\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 16:28]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1403598637-1565816913-3000759082-1000UA.job
- c:\users\Marieke\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 16:28]
.
.
------- Additional Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 64.212.73.53:8080
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
DPF: {DBF3954F-8AF4-4E8C-AFC8-32916D13B6AD} - hxxp://kamuse.zcdn.co.kr/kamuse/kcsdownload/activex/KCSActiveXv3-1000.cab
FF - ProfilePath - c:\users\Marieke\AppData\Roaming\Mozilla\Firefox\Profiles\bmdbhyd7.default\
.
.
**************************************************************************
Scanning hidden processes ... 
.
scanning hidden autostart processes ... 
.
scanning hidden files ... 
.
Scan successfully completed
hidden files:
.
**************************************************************************
.
------------------------ Other Active Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\AVG\AVG2012\AVGIDSAgent.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-02-27 20:26:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-27 19:26
ComboFix2.txt 2011-12-04 16:03
.
Pre-Run: 165,992,845,312 bytes free
Post-Run: 166,330,552,320 bytes free
.
- - End Of File - - 43326F62E9538100902807948AF29731


----------



## kevinf80 (Mar 21, 2006)

Do you recognize this proxy server running in Internet Explorer :-

*uInternet Settings,ProxyServer = 64.212.73.53:8080*

Regarding scroll function on touch pad, Select Start > In the search box type *Device manager* In new window scroll to *Mice and other pointing device* Expand that entry look at *PS/2 compatible mouse* Are there any question or exclamation marks, right click on that entry select update driver, select for windows to check?

How is your system responding now, any improvement...

Kevin


----------



## Marieke93 (Feb 24, 2012)

I never use IE or proxies, so I don't know what that's about. I haven't heard any audio ads anymore, but my system is still a lot slower than it used to be... 

Also, windows says the drivers are up to date, so still no scroll function.

Thanks again!


----------



## Marieke93 (Feb 24, 2012)

Restarted my browser and now the scroll works again! Thanks!


----------



## kevinf80 (Mar 21, 2006)

OK, that is good news, regarding proxy, if it is not known then it has to go:

*Internet Explorer:*
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". ok, apply (only if applicable), ok.

Next,

Download







TFC to your desktop, from either of the following links
*Link 1*
*Link 2*

 Save any open work. TFC will close all open application windows.
 Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select Run as Administartor
 If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, *including your Desktop*. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not *Re-boot it yourself to complete cleaning process* *<---- Very Important *

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. *Always remember to re-boot after a run, even if not prompted*

Next,

*Run ESET Online Scan*

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
*ESET OnlineScan*
Click the







button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on







to download the ESET Smart Installer. *Save* it to your desktop.
Double click on the







icon on your desktop.

Check








Click the







button.
Accept any security warnings from your browser.
Check








*Leave the tick out of remove found threats*
Push the *Start* button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push








Push







, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the







button.
Push








You can refer to *this animation* by *neomage* if needed.
Frequently asked questions available *Here* *Please read them before running the scan.*

*Also be aware this scan can take several hours to complete depending on the size of your system.*

ESET log can be found here *"C:\Program Files\ESET\EsetOnlineScanner\log.txt".*

Kevin


----------



## Marieke93 (Feb 24, 2012)

Had to leave the scan running overnight. Here is the log:


C:\Qoobox\Quarantine\C\Users\Marieke\AppData\Local\1cf6efbe\X.vir	a variant of Win32/Sirefef.DD trojan
C:\Qoobox\Quarantine\C\Users\Marieke\AppData\Local\1cf6efbe\U\[email protected] a variant of Win32/Sirefef.DV trojan
C:\Qoobox\Quarantine\C\Users\Marieke\AppData\Local\1cf6efbe\U\[email protected] a variant of Win32/Agent.TEO trojan
C:\Qoobox\Quarantine\C\Users\Marieke\AppData\Local\1cf6efbe\U\[email protected] Win32/Sirefef.DV trojan
C:\Qoobox\Quarantine\C\Windows\System32\c_47915.nl_.vir	a variant of Win32/Sirefef.CR trojan
C:\Users\Marieke\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\110421085919649.rsc	multiple threats

(Also, the ESET buttons look different from the ones in your posts - it's still clear what you have to do but I thought I'd let you know)

Thanks again!


----------



## kevinf80 (Mar 21, 2006)

If your security alerts to any of the following steps just accept/allow them to happen....

OK, do the following:

*Step 1*

Remove Combofix now that we're done with it

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")









 Please follow the prompts to uninstall Combofix.
 You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
The above procedure will delete the following:

 ComboFix and its associated files and folders.
 VundoFix backups, if present
 The C:_OtMoveIt folder, if present
 Reset the clock settings.
 Hide file extensions, if required.
 Hide System/Hidden files, if required.
 Reset System Restore.
*It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.*

*Step 2*


Download *OTC* by OldTimer and save it to your *desktop.* *Alternative mirror*
Double click







icon to start the program. 
If you are using Vista or Windows 7, please right-click and choose run as administrator
Then Click the big







button.
You will get a prompt saying "_Begining Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.
This will remove tools we have used and itself. *Any tools/logs remaining on the Desktop can be deleted.*

*Step 3*

Remove ESET Online Scanner


Click Start, type *programs and features* in the Search box, and then press ENTER.
Click to select the product to be uninstalled from the listing of installed products*(ESET Online Scanner)*, and then click Uninstall/Change from the bar that displays the available tasks to remove *ESET*. Only re-boot if prompted

*Step 4*

Re-run TFC to clear all temp folders etc,

*Step 5*

You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by *Secunia*, available *Here* Before clicking the *Start* scan* button, please check the box for the option *Enable thorough system inspection*. Just below the "Scan Options:" section, you'll see the status of what's currently processing....








...when the scan completes, the message "Detection completed successfully" will appear in the *Programs/Result* section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.

Let me know if the above steps completed OK, also if any remaining issues or concerns...

Kevin


----------



## Marieke93 (Feb 24, 2012)

I ran secunia yesterday and it found some problems (skype, flash and firefox not up to date) which I fixed, but it also found a Windows Update that I had to install. Only windows update keeps failing, and I can't install the update. It gives me code 80070020, and the update is KB2536275. I've had a lot of problems with windows update a year or so and eventually had to completely reinstall windows. Hope this can be resolved another way now 

Anyway, yesterday I had to stop the secunia scan because my laptop froze. I'm running the scan again now because it wasn't finished yet, but it's been scanning for an hour now and hasn't found anything (and it should've at least found the windows update I can't install)

Also my scroll function stopped working again, and this time the fix doesn't work


----------



## kevinf80 (Mar 21, 2006)

Download the windows update direct from here http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=26444 see if that will install ok,

Regarding your touch pad issue, re-install the driver and see if that helps...

Kevin


----------



## Marieke93 (Feb 24, 2012)

The update doesn't work from the url either (I have windows vista btw, not 7, but I found the correct download on the website), it just tells me that the update was not installed, no error code or anything...


----------



## kevinf80 (Mar 21, 2006)

The update failure is not down to any malware, your system is clean. Maybe best to open a thread inthe Vista section of the Operating System Forum here http://forums.techguy.org/75-windows-vista/ Link back to this thread so the technical guys can see what we`ve done....

Let me know how you get on....

Kevin


----------



## Marieke93 (Feb 24, 2012)

Thank you for all your help, I'm going to open a thread in the Vista section now. I'll mark this one as solved, since my laptop is all clean now  Thanks again, I really appreciate it!
Marieke


----------

