Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Virus "Congratulations you've won"


(!)

Marieke93's Avatar
Marieke93 Marieke93 is offline
Computer Specs
Member with 13 posts.
THREAD STARTER
 
Join Date: Feb 2012
Experience: Beginner
24-Feb-2012, 05:44 PM #1
Virus "Congratulations you've won"
I saw another thread with the same virus but read in the rules that I should make my own post, so here I am.

I've been getting random audio ads telling me "Congratulations, you've won!" at random intervals. It's not coming from my browser, it may be coming from an exe file named 'conime.exe' but I'm not sure. My laptop has been running very very slow for a while, not sure if that's related. I've run the programs and included the logs, I hope you can help me! I'll be happy to provide more information.

HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:13:35, on 24-Feb-12
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SndVol.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 64.212.73.53:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Marieke\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://www.spgame.com/infogame/msxml4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DBF3954F-8AF4-4E8C-AFC8-32916D13B6AD} (KCSActiveXV3Ctrl Class) - http://kamuse.zcdn.co.kr/kamuse/kcsd...veXv3-1000.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fb_inet_server.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.ex e
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--
End of file - 10173 bytes


DDS.TXT


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Marieke at 21:27:36 on 2012-02-24
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.31.1033.18.2974.1263 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.ex e
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Firebird\Firebird_2_5\bin\fb_inet_server.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SndVol.exe
C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 64.212.73.53:8080
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ATnotes.exe] c:\program files\atnotes\ATnotes.exe
uRun: [Google Update] "c:\users\marieke\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxp://www.spgame.com/infogame/msxml4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DBF3954F-8AF4-4E8C-AFC8-32916D13B6AD} - hxxp://kamuse.zcdn.co.kr/kamuse/kcsdownload/activex/KCSActiveXv3-1000.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{3FDC87A9-2477-4DF4-A552-AA66A326712D} : DhcpNameServer = 194.109.6.66 194.109.9.99
TCP: Interfaces\{C7181595-030D-4C86-8E15-13AC83DF09B8} : DhcpNameServer = 194.109.6.66 194.109.9.99
TCP: Interfaces\{CD693CFC-B86E-41C0-9413-43A61B6A9870} : DhcpNameServer = 195.121.1.34 195.121.1.66
TCP: Interfaces\{D708ABF9-51D7-499F-A7D5-8B95E76DE91F} : DhcpNameServer = 192.168.178.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\marieke\appdata\roaming\mozilla\firefox\profiles\bmdbhyd7.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\users\marieke\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_5\bin\fb_inet_server.exe [2010-11-7 3726028]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-9-12 21504]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDe viceService.exe [2011-3-14 265928]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenu m.sys [2011-9-8 73216]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-22 112128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-4-15 2274296]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-9-8 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-9-8 235392]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-15 14:14:45 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 14:14:43 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 14:14:40 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-31 13:05:43 -------- d-----w- c:\users\marieke\.spss
2012-01-31 13:03:21 -------- d-----w- c:\programdata\SafeNet Sentinel
2012-01-31 13:02:01 -------- d-----w- c:\programdata\SPSS
2012-01-31 13:02:00 -------- d-----w- c:\program files\common files\SPSS
2012-01-31 13:01:58 -------- d-----w- c:\program files\common files\SPSSInc
2012-01-31 13:01:38 -------- d-----w- c:\program files\SPSSInc
2012-01-31 13:01:28 205 ----a-w- c:\windows\system32\lsprst7.dll
2012-01-31 13:01:28 1025 ----a-w- c:\windows\system32\sysprs7.dll
2012-01-31 12:58:36 -------- d-----w- c:\program files\SPSSIncOEM
2012-01-29 13:26:47 295952 ----a-w- c:\windows\SCRANTIC.SCR
2012-01-29 13:26:47 -------- d-----w- C:\SIERRA
.
==================== Find3M ====================
.
2012-01-12 21:07:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-30 17:39:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 21:28:51.24 ===============

ARK.TXT


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-24 22:34:45
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-60ZCT1 rev.13.01A13
Running: lh4idxv0.exe; Driver: C:\Users\Marieke\AppData\Local\Temp\pxldypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAFC63F3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xAFC63FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAFC64080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAFC6411C]

INT 0x72 ? 863B9BF8
INT 0x82 ? 863B9BF8
INT 0x92 ? 863B9BF8
INT 0xA2 ? 84AE0BF8
INT 0xA2 ? 84AE0BF8
INT 0xA2 ? 84AE0BF8
INT 0xA2 ? 84AE0BF8
INT 0xA2 ? 863B9BF8
INT 0xA2 ? 863B9BF8
INT 0xA2 ? 84AE0BF8
INT 0xB2 ? 863B9BF8
INT 0xB2 ? 863B9BF8
INT 0xB2 ? 863B9BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 3F1 822C3B74 4 Bytes [3C, 3F, C6, AF]
.text ntkrnlpa.exe!KeSetEvent + 621 822C3DA4 8 Bytes [E4, 3F, C6, AF, 80, 40, C6, ...]
.text ntkrnlpa.exe!KeSetEvent + 681 822C3E04 4 Bytes [1C, 41, C6, AF]
? System32\Drivers\spvo.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 913E341B 5 Bytes JMP 863B91D8
.text a407ocyy.SYS 915C2000 22 Bytes [82, 83, 5D, 82, 6C, 82, 5D, ...]
.text a407ocyy.SYS 915C2017 137 Bytes [00, 32, 37, 18, 8A, 3D, 35, ...]
.text a407ocyy.SYS 915C20A1 43 Bytes [00, 2C, 82, 74, F6, 25, 82, ...]
.text a407ocyy.SYS 915C20CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text a407ocyy.SYS 915C20DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 16, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 16, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 16, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 16, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E560C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 16, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 16, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 16, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E56141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 16, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5627F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 16, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 16, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 16, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 854831F8

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\udfs \UdfsCdRom 84D93500
Device \FileSystem\udfs \UdfsDisk 84D93500
Device \Driver\netbt \Device\NetBT_Tcpip_{D708ABF9-51D7-499F-A7D5-8B95E76DE91F} 86F551F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 84AE21F8
Device \Driver\usbuhci \Device\USBPDO-0 862F21F8
Device \Driver\usbuhci \Device\USBPDO-1 862F21F8
Device \Driver\usbehci \Device\USBPDO-2 863BA1F8
Device \Driver\usbuhci \Device\USBPDO-3 862F21F8
Device \Driver\usbuhci \Device\USBPDO-4 862F21F8

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\sptd \Device\1522116851 spvo.sys
Device \Driver\usbuhci \Device\USBPDO-5 862F21F8
Device \Driver\usbuhci \Device\USBPDO-6 862F21F8
Device \Driver\volmgr \Device\HarddiskVolume1 84AE21F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\usbehci \Device\USBPDO-7 863BA1F8
Device \Driver\volmgr \Device\HarddiskVolume2 84AE21F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 8646A1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 854811F8
Device \Driver\atapi \Device\Ide\IdePort0 854811F8
Device \Driver\atapi \Device\Ide\IdePort1 854811F8
Device \Driver\atapi \Device\Ide\IdePort2 854811F8
Device \Driver\atapi \Device\Ide\IdePort3 854811F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 854811F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 854821F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 854821F8
Device \Driver\msahci \Device\Ide\PciIde0Channel4 854821F8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 854821F8
Device \Driver\cdrom \Device\CdRom1 8646A1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{CD693CFC-B86E-41C0-9413-43A61B6A9870} 86F551F8
Device \Driver\netbt \Device\NetBt_Wins_Export 86F551F8
Device \Driver\Smb \Device\NetbiosSmb 86EF81F8
Device \Driver\iScsiPrt \Device\RaidPort0 863B71F8

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\PCI_PNP0740 \Device\0000005d spvo.sys

AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 862F21F8
Device \Driver\usbuhci \Device\USBFDO-1 862F21F8
Device \Driver\usbehci \Device\USBFDO-2 863BA1F8
Device \Driver\usbuhci \Device\USBFDO-3 862F21F8
Device \Driver\usbuhci \Device\USBFDO-4 862F21F8
Device \Driver\usbuhci \Device\USBFDO-5 862F21F8
Device \Driver\usbuhci \Device\USBFDO-6 862F21F8
Device \Driver\usbehci \Device\USBFDO-7 863BA1F8
Device \Driver\a407ocyy \Device\Scsi\a407ocyy1Port5Path0Target0Lun0 863FE1F8
Device \Driver\a407ocyy \Device\Scsi\a407ocyy1 863FE1F8
Device \FileSystem\cdfs \Cdfs 87C71500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@hdf12 0x94 0xB5 0xBC 0xF0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001@hdf12 0x14 0x3D 0x2E 0x23 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001\gdq0@hdf12 0x1C 0xE7 0x76 0x3B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@hdf12 0x4F 0xCC 0x37 0xCC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001@hdf12 0x14 0x3D 0x2E 0x23 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001\gdq0@hdf12 0x1C 0xE7 0x76 0x3B ...

---- Files - GMER 1.0.15 ----

File C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\E5I26CA4.txt 93 bytes

---- EOF - GMER 1.0.15 ----
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 56,951 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
24-Feb-2012, 06:28 PM #2
A gold/blue shield virus/malware removal specialist will need to assist you with the DDS.TXT and ARK.TXT logs.

In the meantime, download and install the free version of

Malwarebytes Anti-Malware 1.60.1.1000

SUPERAntiSpyware 5.0.0.1144

then update their definition files, then run a quick scan with them, then select and remove EVERYTHING they find.

Note: DON'T use the computer while each scan is in progress.

----------------------------------------------------------

I strongly advise you NOT to use the file cleaner and registry cleaner feature of AVG 2012 and NOT to use AVG PC Tuneup 2011.

This is a good way to damage the Windows operating system and break some of your programs and generate error/warning messages and create havoc with your computer.

---------------------------------------------------------
Marieke93's Avatar
Marieke93 Marieke93 is offline
Computer Specs
Member with 13 posts.
THREAD STARTER
 
Join Date: Feb 2012
Experience: Beginner
24-Feb-2012, 07:17 PM #3
Thank you for your quick reply! I've run both programs, both found some files that I deleted. I also uninstalled AVG PC Tuneup 2011.
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 56,951 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
24-Feb-2012, 07:32 PM #4
Let's see the scan logs so we can see what was found and removed.

-------------------------------------------------------

Start Malwarebytes Anti-Malware.

Click "Logs"(tab).

Highlight the scan log entry, then click "Open".

When the scan log appears in Notepad, copy-and-paste it here.

-------------------------------------------------------

Start SUPERAntiSpyware.

Click "View Scan Logs".

Highlight the scan log entry, then click "View Selected Log".

When the scan log appears in Notepad, copy-and-paste it here.

-------------------------------------------------------
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 56,951 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
24-Feb-2012, 07:37 PM #5
Your computer has a lot of programs that are auto-loading and running in the background.

Some of them don't need to auto-load and run at all, and others can be manually started when needed.

A bloated startup load can slow down overall performance and cause various problems.

I can assist you with that later.

-------------------------------------------------------

Use the computer for awhile and see if you're still getting the audio ads.

-------------------------------------------------------
Marieke93's Avatar
Marieke93 Marieke93 is offline
Computer Specs
Member with 13 posts.
THREAD STARTER
 
Join Date: Feb 2012
Experience: Beginner
24-Feb-2012, 07:42 PM #6
Haven't heard any audio ads so far!
Here's the logs:

Malwarebytes log:


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.24.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Marieke :: SAM [administrator]

24-Feb-12 23:31:41
mbam-log-2012-02-24 (23-31-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203917
Time elapsed: 10 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.

(end)

SuperAntiSpyware log:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/24/2012 at 11:59 PM

Application Version : 5.0.1144

Core Rules Database Version : 8276
Trace Rules Database Version: 6088

Scan type : Quick Scan
Total Scan Time : 00:12:39

Operating System Information
Windows Vista Ultimate 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned : 619
Memory threats detected : 0
Registry items scanned : 27256
Registry threats detected : 0
File items scanned : 52936
File threats detected : 192

Adware.Tracking Cookie
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@adbrite[1].txt [ /adbrite ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@adecn[1].txt [ /adecn ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@ads.crea tive-serving[1].txt [ /ads.creative-serving ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@beacons. hottraffic[1].txt [ /beacons.hottraffic ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@bluemang o.solution.weborama[1].txt [ /bluemango.solution.weborama ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@collecti ve-media[2].txt [ /collective-media ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@dm3adser ver[2].txt [ /dm3adserver ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@eaeacom. 112.2o7[1].txt [ /eaeacom.112.2o7 ]
.imrworldwide.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@media6de grees[1].txt [ /media6degrees ]
.specificclick.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@mediaple x[2].txt [ /mediaplex ]
.specificclick.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@microsof twllivemkt.112.2o7[1].txt [ /microsoftwllivemkt.112.2o7 ]
.adviva.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@msnporta l.112.2o7[1].txt [ /msnportal.112.2o7 ]
.ru4.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@ohra.ads ervinginternational[2].txt [ /ohra.adservinginternational ]
.kontera.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@sparkle. adservinginternational[2].txt [ /sparkle.adservinginternational ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@thephone house.solution.weborama[2].txt [ /thephonehouse.solution.weborama ]
statse.webtrendslive.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@tradedou bler[2].txt [ /tradedoubler ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@vd.solut ion.weborama[2].txt [ /vd.solution.weborama ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@vdwp.sol ution.weborama[2].txt [ /vdwp.solution.weborama ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@vodafone branding.solution.weborama[2].txt [ /vodafonebranding.solution.weborama ]
.adtech.de [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@weborama[1].txt [ /weborama ]
fl01.ct2.comclick.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
beacons.hottraffic.nl [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\SG2JVVKN.txt [ /myroitracking.com ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\FZ0BWXRH.txt [ /adxpose.com ]
.atdmt.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\56DG03ZO.txt [ /c.atdmt.com ]
.atdmt.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.adviva.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\O2D5ZQ6R.txt [ /findology.com ]
adserver3.spele.nl [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
adserver3.spele.nl [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\95LHX4CD.txt [ /findsimle.com ]
.mediabrandsww.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\TW5CKJY7.txt [ /ads.pubmatic.com ]
adserver3.spele.nl [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
ad.adserver01.de [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
counter.hitslink.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
wstat.wibiya.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\RIU62Q8C.txt [ /apmebf.com ]
nl.sitestat.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.vodafonebranding.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.vodafonebranding.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.vodafonebranding.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.vodafonebranding.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\1W2K8N26.txt [ /invitemedia.com ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\TUJ779T4.txt [ /ads.adk2.com ]
.revsci.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\62ME2J4Q.txt [ /clicksor.com ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@nl.sites tat[1].txt [ /nl.sitestat.com ]
.adbrite.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\4TXBMVE0.txt [ /revsci.net ]
.adbrite.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\5LV8LDAT.txt [ /smartadserver.com ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\AC7G4VX2.txt [ /atdmt.com ]
.doubleclick.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.sizz.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.sizz.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.sizz.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.sizz.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
www9.addfreestats.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\KSFV8OGV.txt [ /ads.creative-serving.com ]
.media6degrees.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\UEKRP6XR.txt [ /conversioncompany.solution.weborama.fr ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\6LYCZJNE.txt [ /adjuggler.net ]
.media6degrees.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\A1Y6WJHR.txt [ /serving-sys.com ]
.statcounter.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\H2FHFJWS.txt [ /trafficno.com ]
.content.yieldmanager.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\TCGWOLY0.txt [ /my.enveromedia.com ]
.serving-sys.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\BC3J4RXZ.txt [ /adrime.solution.weborama.fr ]
ad.yieldmanager.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\T8MMF2EJ.txt [ /fastclick.net ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\4VVB7B49.txt [ /ad.yieldmanager.com ]
.bluemango.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.bluemango.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.bluemango.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\2O79O4YN.txt [ /vidasco.rotator.hadj7.adjuggler.net ]
.bluemango.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\53S8LQY4.txt [ /aim4media.com ]
server.iad.liveperson.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\6KR6C6W3.txt [ /doubleclick.net ]
.mediaplex.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.adjuggler.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.shinystat.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
m1.webstats.motigo.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\ COOKIES.SQLITE ]
C:\USERS\MARIEKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marieke@chea ptickets.122.2o7[1].txt [ Cookie:marieke@cheaptickets.122.2o7.net/ ]
C:\USERS\MARIEKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\TQSL5VBD.txt [ Cookie:marieke@m1.webstats.motigo.com/ ]
C:\USERS\MARIEKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marieke@2o7[2].txt [ Cookie:marieke@2o7.net/ ]
C:\USERS\MARIEKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marieke@atdm t[2].txt [ Cookie:marieke@atdmt.com/ ]
C:\USERS\MARIEKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marieke@ehg-cheaptickets.hitbox[1].txt [ Cookie:marieke@ehg-cheaptickets.hitbox.com/ ]
C:\USERS\MARIEKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marieke@msnp ortal.112.2o7[1].txt [ Cookie:marieke@msnportal.112.2o7.net/ ]
C:\USERS\MARIEKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marieke@live person[3].txt [ Cookie:marieke@liveperson.net/hc/78172407 ]
C:\USERS\MARIEKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marieke@hitb ox[2].txt [ Cookie:marieke@hitbox.com/ ]
C:\USERS\MARIEKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marieke@doub leclick[1].txt [ Cookie:marieke@doubleclick.net/ ]
C:\USERS\MARIEKE\Cookies\SG2JVVKN.txt [ Cookie:marieke@myroitracking.com/ ]
C:\USERS\MARIEKE\Cookies\FZ0BWXRH.txt [ Cookie:marieke@adxpose.com/ ]
C:\USERS\MARIEKE\Cookies\56DG03ZO.txt [ Cookie:marieke@c.atdmt.com/ ]
C:\USERS\MARIEKE\Cookies\O2D5ZQ6R.txt [ Cookie:marieke@findology.com/ ]
C:\USERS\MARIEKE\Cookies\95LHX4CD.txt [ Cookie:marieke@findsimle.com/ ]
C:\USERS\MARIEKE\Cookies\marieke@collective-media[2].txt [ Cookie:marieke@collective-media.net/ ]
C:\USERS\MARIEKE\Cookies\marieke@weborama[1].txt [ Cookie:marieke@weborama.fr/ ]
C:\USERS\MARIEKE\Cookies\marieke@mediaplex[2].txt [ Cookie:marieke@mediaplex.com/ ]
C:\USERS\MARIEKE\Cookies\marieke@adecn[1].txt [ Cookie:marieke@adecn.com/ ]
C:\USERS\MARIEKE\Cookies\1W2K8N26.txt [ Cookie:marieke@invitemedia.com/ ]
C:\USERS\MARIEKE\Cookies\marieke@media6degrees[1].txt [ Cookie:marieke@media6degrees.com/ ]
C:\USERS\MARIEKE\Cookies\62ME2J4Q.txt [ Cookie:marieke@clicksor.com/ ]
C:\USERS\MARIEKE\Cookies\marieke@bluemango.solution.weborama[1].txt [ Cookie:marieke@bluemango.solution.weborama.fr/ ]
C:\USERS\MARIEKE\Cookies\4TXBMVE0.txt [ Cookie:marieke@revsci.net/ ]
C:\USERS\MARIEKE\Cookies\marieke@ohra.adservinginternational[2].txt [ Cookie:marieke@ohra.adservinginternational.com/ ]
C:\USERS\MARIEKE\Cookies\AC7G4VX2.txt [ Cookie:marieke@atdmt.com/ ]
C:\USERS\MARIEKE\Cookies\marieke@dm3adserver[2].txt [ Cookie:marieke@dm3adserver.com/ ]
C:\USERS\MARIEKE\Cookies\marieke@msnportal.112.2o7[1].txt [ Cookie:marieke@msnportal.112.2o7.net/ ]
C:\USERS\MARIEKE\Cookies\marieke@vd.solution.weborama[2].txt [ Cookie:marieke@vd.solution.weborama.fr/ ]
C:\USERS\MARIEKE\Cookies\marieke@sparkle.adservinginternational[2].txt [ Cookie:marieke@sparkle.adservinginternational.com/ ]
C:\USERS\MARIEKE\Cookies\UEKRP6XR.txt [ Cookie:marieke@conversioncompany.solution.weborama.fr/ ]
C:\USERS\MARIEKE\Cookies\marieke@vdwp.solution.weborama[2].txt [ Cookie:marieke@vdwp.solution.weborama.fr/ ]
C:\USERS\MARIEKE\Cookies\6LYCZJNE.txt [ Cookie:marieke@adjuggler.net/ ]
C:\USERS\MARIEKE\Cookies\marieke@beacons.hottraffic[1].txt [ Cookie:marieke@beacons.hottraffic.nl/ ]
C:\USERS\MARIEKE\Cookies\A1Y6WJHR.txt [ Cookie:marieke@serving-sys.com/ ]
C:\USERS\MARIEKE\Cookies\TCGWOLY0.txt [ Cookie:marieke@my.enveromedia.com/ ]
C:\USERS\MARIEKE\Cookies\marieke@thephonehouse.solution.weborama[2].txt [ Cookie:marieke@thephonehouse.solution.weborama.fr/ ]
C:\USERS\MARIEKE\Cookies\BC3J4RXZ.txt [ Cookie:marieke@adrime.solution.weborama.fr/ ]
C:\USERS\MARIEKE\Cookies\marieke@microsoftwllivemkt.112.2o7[1].txt [ Cookie:marieke@microsoftwllivemkt.112.2o7.net/ ]
C:\USERS\MARIEKE\Cookies\2O79O4YN.txt [ Cookie:marieke@vidasco.rotator.hadj7.adjuggler.net/ ]
C:\USERS\MARIEKE\Cookies\53S8LQY4.txt [ Cookie:marieke@aim4media.com/ ]
C:\USERS\MARIEKE\Cookies\6KR6C6W3.txt [ Cookie:marieke@doubleclick.net/ ]
C:\USERS\MARIEKE\Cookies\marieke@adbrite[1].txt [ Cookie:marieke@adbrite.com/ ]
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 56,951 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
24-Feb-2012, 08:09 PM #7
OK, that's good.

I'm going to sit on the sidelines for now and wait for a gold/blue shield member to assist you.

This section is VERY busy, so be patient.

By the way, Java(TM) 6 update 30 needs to be updated to 1.6.0.31(6 Update 31).

---------------------------------------------------------
Marieke93's Avatar
Marieke93 Marieke93 is offline
Computer Specs
Member with 13 posts.
THREAD STARTER
 
Join Date: Feb 2012
Experience: Beginner
27-Feb-2012, 02:44 PM #8
Bump..
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,458 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
27-Feb-2012, 02:53 PM #9
Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2
  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
Marieke93's Avatar
Marieke93 Marieke93 is offline
Computer Specs
Member with 13 posts.
THREAD STARTER
 
Join Date: Feb 2012
Experience: Beginner
27-Feb-2012, 03:33 PM #10
Thank you! I ran combofix but I think I accidentally downloaded it in Dutch, I've translated the Dutch parts in the logs:

-- Also, the scroll function of my touch pad doesn't work anymore since ComboFix restarted my laptop just now. Any ideas how I can get it to work again?


ComboFix 12-02-25.02 - Marieke 27-Feb-12 20:01:24.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.31.1033.18.2974.2058 [GMT 1:00]
Started from: c:\users\Marieke\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* New recovery point was made
.
.
(((((((((((((((((((((((((((((((((( Other erasures )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\lsprst7.dll
c:\windows\system32\SETCA31.tmp
c:\windows\system32\SETCBF8.tmp
c:\windows\system32\SETCF97.tmp
.
.
(((((((((((((((((((( Files made from 2012-01-27 to 2012-02-27 ))))))))))))))))))))))))))))))
.
.
2012-02-27 19:08 . 2012-02-27 19:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-02-27 19:08 . 2012-02-27 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-25 11:19 . 2012-02-25 11:19 -------- d-----w- c:\program files\Common Files\Java
2012-02-24 22:43 . 2012-02-24 22:43 -------- d-----w- c:\users\Marieke\AppData\Roaming\SUPERAntiSpyware.com
2012-02-24 22:43 . 2012-02-24 22:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-24 22:43 . 2012-02-24 22:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-24 22:30 . 2012-02-24 22:30 -------- d-----w- c:\users\Marieke\AppData\Roaming\Malwarebytes
2012-02-24 22:30 . 2012-02-24 22:30 -------- d-----w- c:\programdata\Malwarebytes
2012-02-24 22:30 . 2012-02-24 22:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-24 22:30 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-15 14:14 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 14:14 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 14:14 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-31 13:05 . 2012-02-07 15:37 -------- d-----w- c:\users\Marieke\.spss
2012-01-31 13:03 . 2012-01-31 13:03 -------- d-----w- c:\programdata\SafeNet Sentinel
2012-01-31 13:02 . 2012-01-31 13:02 -------- d-----w- c:\programdata\SPSS
2012-01-31 13:02 . 2012-01-31 13:02 -------- d-----w- c:\program files\Common Files\SPSS
2012-01-31 13:01 . 2012-01-31 13:01 -------- d-----w- c:\program files\SPSSInc
2012-01-31 13:01 . 2012-01-31 13:01 1025 ----a-w- c:\windows\system32\sysprs7.dll
2012-01-29 13:26 . 2012-01-29 13:26 -------- d-----w- C:\SIERRA
2012-01-29 13:26 . 1992-12-09 16:08 295952 ----a-w- c:\windows\SCRANTIC.SCR
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-25 11:18 . 2010-09-11 19:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-30 17:39 . 2011-06-18 08:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-27 11:26 . 2011-06-27 14:45 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Starting points )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* Empty references & legitimate standard references are not listed
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-02-24 740216]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19550344]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Shared Tasks' folder
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1403598637-1565816913-3000759082-1000Core.job
- c:\users\Marieke\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 16:28]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1403598637-1565816913-3000759082-1000UA.job
- c:\users\Marieke\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 16:28]
.
.
------- Additional Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 64.212.73.53:8080
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
DPF: {DBF3954F-8AF4-4E8C-AFC8-32916D13B6AD} - hxxp://kamuse.zcdn.co.kr/kamuse/kcsdownload/activex/KCSActiveXv3-1000.cab
FF - ProfilePath - c:\users\Marieke\AppData\Roaming\Mozilla\Firefox\Profiles\bmdbhyd7.default\
.
.
**************************************************************************
Scanning hidden processes ...
.
scanning hidden autostart processes ...
.
scanning hidden files ...
.
Scan successfully completed
hidden files:
.
**************************************************************************
.
------------------------ Other Active Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.ex e
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\AVG\AVG2012\AVGIDSAgent.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-02-27 20:26:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-27 19:26
ComboFix2.txt 2011-12-04 16:03
.
Pre-Run: 165,992,845,312 bytes free
Post-Run: 166,330,552,320 bytes free
.
- - End Of File - - 43326F62E9538100902807948AF29731
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,458 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
27-Feb-2012, 03:59 PM #11
Do you recognize this proxy server running in Internet Explorer :-

uInternet Settings,ProxyServer = 64.212.73.53:8080

Regarding scroll function on touch pad, Select Start > In the search box type Device manager In new window scroll to Mice and other pointing device Expand that entry look at PS/2 compatible mouse Are there any question or exclamation marks, right click on that entry select update driver, select for windows to check?

How is your system responding now, any improvement...

Kevin
Marieke93's Avatar
Marieke93 Marieke93 is offline
Computer Specs
Member with 13 posts.
THREAD STARTER
 
Join Date: Feb 2012
Experience: Beginner
27-Feb-2012, 04:07 PM #12
I never use IE or proxies, so I don't know what that's about. I haven't heard any audio ads anymore, but my system is still a lot slower than it used to be...

Also, windows says the drivers are up to date, so still no scroll function.

Thanks again!
Marieke93's Avatar
Marieke93 Marieke93 is offline
Computer Specs
Member with 13 posts.
THREAD STARTER
 
Join Date: Feb 2012
Experience: Beginner
27-Feb-2012, 04:28 PM #13
Restarted my browser and now the scroll works again! Thanks!
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,458 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
27-Feb-2012, 04:39 PM #14
OK, that is good news, regarding proxy, if it is not known then it has to go:

Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". ok, apply (only if applicable), ok.

Next,

Download TFC to your desktop, from either of the following links
Link 1
Link 2
  • Save any open work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select “Run as Administartor”
  • If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run, even if not prompted

Next,

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Leave the tick out of remove found threats
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Kevin
Marieke93's Avatar
Marieke93 Marieke93 is offline
Computer Specs
Member with 13 posts.
THREAD STARTER
 
Join Date: Feb 2012
Experience: Beginner
28-Feb-2012, 01:26 AM #15
Had to leave the scan running overnight. Here is the log:


C:\Qoobox\Quarantine\C\Users\Marieke\AppData\Local\1cf6efbe\X.vir a variant of Win32/Sirefef.DD trojan
C:\Qoobox\Quarantine\C\Users\Marieke\AppData\Local\1cf6efbe\U\80000000.@.vi r a variant of Win32/Sirefef.DV trojan
C:\Qoobox\Quarantine\C\Users\Marieke\AppData\Local\1cf6efbe\U\800000cb.@.vi r a variant of Win32/Agent.TEO trojan
C:\Qoobox\Quarantine\C\Users\Marieke\AppData\Local\1cf6efbe\U\800000cf.@.vi r Win32/Sirefef.DV trojan
C:\Qoobox\Quarantine\C\Windows\System32\c_47915.nl_.vir a variant of Win32/Sirefef.CR trojan
C:\Users\Marieke\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\110421085919649.rsc multiple threats

(Also, the ESET buttons look different from the ones in your posts - it's still clear what you have to do but I thought I'd let you know)

Thanks again!
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑