1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Virus "Congratulations you've won"

Discussion in 'Virus & Other Malware Removal' started by Marieke93, Feb 24, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Marieke93

    Marieke93 Thread Starter

    Joined:
    Feb 24, 2012
    Messages:
    13
    I saw another thread with the same virus but read in the rules that I should make my own post, so here I am.

    I've been getting random audio ads telling me "Congratulations, you've won!" at random intervals. It's not coming from my browser, it may be coming from an exe file named 'conime.exe' but I'm not sure. My laptop has been running very very slow for a while, not sure if that's related. I've run the programs and included the logs, I hope you can help me! I'll be happy to provide more information.

    HIJACKTHIS LOG

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:13:35, on 24-Feb-12
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\ProgramData\DatacardService\DCSHelper.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\rundll32.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SndVol.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 64.212.73.53:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Marieke\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://www.spgame.com/infogame/msxml4.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DBF3954F-8AF4-4E8C-AFC8-32916D13B6AD} (KCSActiveXV3Ctrl Class) - http://kamuse.zcdn.co.kr/kamuse/kcsdownload/activex/KCSActiveXv3-1000.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fb_inet_server.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

    --
    End of file - 10173 bytes


    DDS.TXT


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
    Run by Marieke at 21:27:36 on 2012-02-24
    Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.31.1033.18.2974.1263 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Firebird\Firebird_2_5\bin\fb_inet_server.exe
    C:\ProgramData\DatacardService\HWDeviceService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\ProgramData\DatacardService\DCSHelper.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\rundll32.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SndVol.exe
    C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uInternet Settings,ProxyServer = 64.212.73.53:8080
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [ATnotes.exe] c:\program files\atnotes\ATnotes.exe
    uRun: [Google Update] "c:\users\marieke\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
    mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
    DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxp://www.spgame.com/infogame/msxml4.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {DBF3954F-8AF4-4E8C-AFC8-32916D13B6AD} - hxxp://kamuse.zcdn.co.kr/kamuse/kcsdownload/activex/KCSActiveXv3-1000.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    TCP: DhcpNameServer = 192.168.178.1
    TCP: Interfaces\{3FDC87A9-2477-4DF4-A552-AA66A326712D} : DhcpNameServer = 194.109.6.66 194.109.9.99
    TCP: Interfaces\{C7181595-030D-4C86-8E15-13AC83DF09B8} : DhcpNameServer = 194.109.6.66 194.109.9.99
    TCP: Interfaces\{CD693CFC-B86E-41C0-9413-43A61B6A9870} : DhcpNameServer = 195.121.1.34 195.121.1.66
    TCP: Interfaces\{D708ABF9-51D7-499F-A7D5-8B95E76DE91F} : DhcpNameServer = 192.168.178.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\marieke\appdata\roaming\mozilla\firefox\profiles\bmdbhyd7.default\
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
    FF - plugin: c:\users\marieke\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_5\bin\fb_inet_server.exe [2010-11-7 3726028]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-9-12 21504]
    R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 265928]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-9-8 73216]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-22 112128]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-4-15 2274296]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-9-8 102784]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-9-8 235392]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-02-15 14:14:45 680448 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-15 14:14:43 2044416 ----a-w- c:\windows\system32\win32k.sys
    2012-02-15 14:14:40 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2012-01-31 13:05:43 -------- d-----w- c:\users\marieke\.spss
    2012-01-31 13:03:21 -------- d-----w- c:\programdata\SafeNet Sentinel
    2012-01-31 13:02:01 -------- d-----w- c:\programdata\SPSS
    2012-01-31 13:02:00 -------- d-----w- c:\program files\common files\SPSS
    2012-01-31 13:01:58 -------- d-----w- c:\program files\common files\SPSSInc
    2012-01-31 13:01:38 -------- d-----w- c:\program files\SPSSInc
    2012-01-31 13:01:28 205 ----a-w- c:\windows\system32\lsprst7.dll
    2012-01-31 13:01:28 1025 ----a-w- c:\windows\system32\sysprs7.dll
    2012-01-31 12:58:36 -------- d-----w- c:\program files\SPSSIncOEM
    2012-01-29 13:26:47 295952 ----a-w- c:\windows\SCRANTIC.SCR
    2012-01-29 13:26:47 -------- d-----w- C:\SIERRA
    .
    ==================== Find3M ====================
    .
    2012-01-12 21:07:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
    2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
    2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-11-30 17:39:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 21:28:51.24 ===============

    ARK.TXT


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-02-24 22:34:45
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-60ZCT1 rev.13.01A13
    Running: lh4idxv0.exe; Driver: C:\Users\Marieke\AppData\Local\Temp\pxldypow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAFC63F3C]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xAFC63FE4]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAFC64080]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAFC6411C]

    INT 0x72 ? 863B9BF8
    INT 0x82 ? 863B9BF8
    INT 0x92 ? 863B9BF8
    INT 0xA2 ? 84AE0BF8
    INT 0xA2 ? 84AE0BF8
    INT 0xA2 ? 84AE0BF8
    INT 0xA2 ? 84AE0BF8
    INT 0xA2 ? 863B9BF8
    INT 0xA2 ? 863B9BF8
    INT 0xA2 ? 84AE0BF8
    INT 0xB2 ? 863B9BF8
    INT 0xB2 ? 863B9BF8
    INT 0xB2 ? 863B9BF8

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 3F1 822C3B74 4 Bytes [3C, 3F, C6, AF]
    .text ntkrnlpa.exe!KeSetEvent + 621 822C3DA4 8 Bytes [E4, 3F, C6, AF, 80, 40, C6, ...]
    .text ntkrnlpa.exe!KeSetEvent + 681 822C3E04 4 Bytes [1C, 41, C6, AF]
    ? System32\Drivers\spvo.sys The system cannot find the path specified. !
    .text USBPORT.SYS!DllUnload 913E341B 5 Bytes JMP 863B91D8
    .text a407ocyy.SYS 915C2000 22 Bytes [82, 83, 5D, 82, 6C, 82, 5D, ...]
    .text a407ocyy.SYS 915C2017 137 Bytes [00, 32, 37, 18, 8A, 3D, 35, ...]
    .text a407ocyy.SYS 915C20A1 43 Bytes [00, 2C, 82, 74, F6, 25, 82, ...]
    .text a407ocyy.SYS 915C20CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
    .text a407ocyy.SYS 915C20DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
    .text ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5020] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 16, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 16, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 16, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 16, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E560C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 16, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 16, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 16, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E56141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 16, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5627F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 16, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 16, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 16, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5036] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5060] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5068] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5080] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5620] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtCreateFile + 6 76E5424A 4 Bytes [28, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtCreateFile + B 76E5424F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtMapViewOfSection + 6 76E5499A 1 Byte [28]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtMapViewOfSection + 6 76E5499A 4 Bytes [28, 03, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtMapViewOfSection + B 76E5499F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenFile + 6 76E54A2A 4 Bytes [68, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenFile + B 76E54A2F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenProcess + 6 76E54AAA 4 Bytes [A8, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenProcess + B 76E54AAF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenProcessToken + 6 76E54ABA 4 Bytes CALL 75E550C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenProcessToken + B 76E54ABF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenProcessTokenEx + 6 76E54ACA 4 Bytes [A8, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenProcessTokenEx + B 76E54ACF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenThread + 6 76E54B1A 4 Bytes [68, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenThread + B 76E54B1F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenThreadToken + 6 76E54B2A 4 Bytes [68, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenThreadToken + B 76E54B2F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenThreadTokenEx + 6 76E54B3A 4 Bytes CALL 75E55141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtOpenThreadTokenEx + B 76E54B3F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtQueryAttributesFile + 6 76E54BCA 4 Bytes [A8, 00, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtQueryAttributesFile + B 76E54BCF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtQueryFullAttributesFile + 6 76E54C7A 4 Bytes CALL 75E5527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtQueryFullAttributesFile + B 76E54C7F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtSetInformationFile + 6 76E5515A 4 Bytes [28, 01, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtSetInformationFile + B 76E5515F 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtSetInformationThread + 6 76E551AA 4 Bytes [28, 02, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtSetInformationThread + B 76E551AF 1 Byte [E2]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 1 Byte [68]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtUnmapViewOfSection + 6 76E5544A 4 Bytes [68, 03, 06, 00]
    .text C:\Users\Marieke\AppData\Local\Google\Chrome\Application\chrome.exe[5668] ntdll.dll!NtUnmapViewOfSection + B 76E5544F 1 Byte [E2]

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 854831F8

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    Device \FileSystem\udfs \UdfsCdRom 84D93500
    Device \FileSystem\udfs \UdfsDisk 84D93500
    Device \Driver\netbt \Device\NetBT_Tcpip_{D708ABF9-51D7-499F-A7D5-8B95E76DE91F} 86F551F8

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    Device \Driver\volmgr \Device\VolMgrControl 84AE21F8
    Device \Driver\usbuhci \Device\USBPDO-0 862F21F8
    Device \Driver\usbuhci \Device\USBPDO-1 862F21F8
    Device \Driver\usbehci \Device\USBPDO-2 863BA1F8
    Device \Driver\usbuhci \Device\USBPDO-3 862F21F8
    Device \Driver\usbuhci \Device\USBPDO-4 862F21F8

    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\sptd \Device\1522116851 spvo.sys
    Device \Driver\usbuhci \Device\USBPDO-5 862F21F8
    Device \Driver\usbuhci \Device\USBPDO-6 862F21F8
    Device \Driver\volmgr \Device\HarddiskVolume1 84AE21F8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\usbehci \Device\USBPDO-7 863BA1F8
    Device \Driver\volmgr \Device\HarddiskVolume2 84AE21F8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\cdrom \Device\CdRom0 8646A1F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 854811F8
    Device \Driver\atapi \Device\Ide\IdePort0 854811F8
    Device \Driver\atapi \Device\Ide\IdePort1 854811F8
    Device \Driver\atapi \Device\Ide\IdePort2 854811F8
    Device \Driver\atapi \Device\Ide\IdePort3 854811F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 854811F8
    Device \Driver\msahci \Device\Ide\PciIde0Channel0 854821F8
    Device \Driver\msahci \Device\Ide\PciIde0Channel1 854821F8
    Device \Driver\msahci \Device\Ide\PciIde0Channel4 854821F8
    Device \Driver\msahci \Device\Ide\PciIde0Channel5 854821F8
    Device \Driver\cdrom \Device\CdRom1 8646A1F8
    Device \Driver\netbt \Device\NetBT_Tcpip_{CD693CFC-B86E-41C0-9413-43A61B6A9870} 86F551F8
    Device \Driver\netbt \Device\NetBt_Wins_Export 86F551F8
    Device \Driver\Smb \Device\NetbiosSmb 86EF81F8
    Device \Driver\iScsiPrt \Device\RaidPort0 863B71F8

    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\PCI_PNP0740 \Device\0000005d spvo.sys

    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\usbuhci \Device\USBFDO-0 862F21F8
    Device \Driver\usbuhci \Device\USBFDO-1 862F21F8
    Device \Driver\usbehci \Device\USBFDO-2 863BA1F8
    Device \Driver\usbuhci \Device\USBFDO-3 862F21F8
    Device \Driver\usbuhci \Device\USBFDO-4 862F21F8
    Device \Driver\usbuhci \Device\USBFDO-5 862F21F8
    Device \Driver\usbuhci \Device\USBFDO-6 862F21F8
    Device \Driver\usbehci \Device\USBFDO-7 863BA1F8
    Device \Driver\a407ocyy \Device\Scsi\a407ocyy1Port5Path0Target0Lun0 863FE1F8
    Device \Driver\a407ocyy \Device\Scsi\a407ocyy1 863FE1F8
    Device \FileSystem\cdfs \Cdfs 87C71500

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x94 0xB5 0xBC 0xF0 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x14 0x3D 0x2E 0x23 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1C 0xE7 0x76 0x3B ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4F 0xCC 0x37 0xCC ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x14 0x3D 0x2E 0x23 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1C 0xE7 0x76 0x3B ...

    ---- Files - GMER 1.0.15 ----

    File C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\E5I26CA4.txt 93 bytes

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,648
    A gold/blue shield virus/malware removal specialist will need to assist you with the DDS.TXT and ARK.TXT logs.

    In the meantime, download and install the free version of

    Malwarebytes Anti-Malware 1.60.1.1000

    SUPERAntiSpyware 5.0.0.1144

    then update their definition files, then run a quick scan with them, then select and remove EVERYTHING they find.

    Note: DON'T use the computer while each scan is in progress.

    ----------------------------------------------------------

    I strongly advise you NOT to use the file cleaner and registry cleaner feature of AVG 2012 and NOT to use AVG PC Tuneup 2011.

    This is a good way to damage the Windows operating system and break some of your programs and generate error/warning messages and create havoc with your computer.

    ---------------------------------------------------------
     
  3. Marieke93

    Marieke93 Thread Starter

    Joined:
    Feb 24, 2012
    Messages:
    13
    Thank you for your quick reply! I've run both programs, both found some files that I deleted. I also uninstalled AVG PC Tuneup 2011.
     
  4. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,648
    Let's see the scan logs so we can see what was found and removed.

    -------------------------------------------------------

    Start Malwarebytes Anti-Malware.

    Click "Logs"(tab).

    Highlight the scan log entry, then click "Open".

    When the scan log appears in Notepad, copy-and-paste it here.

    -------------------------------------------------------

    Start SUPERAntiSpyware.

    Click "View Scan Logs".

    Highlight the scan log entry, then click "View Selected Log".

    When the scan log appears in Notepad, copy-and-paste it here.

    -------------------------------------------------------
     
  5. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,648
    Your computer has a lot of programs that are auto-loading and running in the background.

    Some of them don't need to auto-load and run at all, and others can be manually started when needed.

    A bloated startup load can slow down overall performance and cause various problems.

    I can assist you with that later.

    -------------------------------------------------------

    Use the computer for awhile and see if you're still getting the audio ads.

    -------------------------------------------------------
     
  6. Marieke93

    Marieke93 Thread Starter

    Joined:
    Feb 24, 2012
    Messages:
    13
    Haven't heard any audio ads so far!
    Here's the logs:

    Malwarebytes log:


    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.24.04

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Marieke :: SAM [administrator]

    24-Feb-12 23:31:41
    mbam-log-2012-02-24 (23-31-41).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 203917
    Time elapsed: 10 minute(s), 23 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
    C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.

    (end)

    SuperAntiSpyware log:


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 02/24/2012 at 11:59 PM

    Application Version : 5.0.1144

    Core Rules Database Version : 8276
    Trace Rules Database Version: 6088

    Scan type : Quick Scan
    Total Scan Time : 00:12:39

    Operating System Information
    Windows Vista Ultimate 32-bit, Service Pack 2 (Build 6.00.6002)
    UAC On - Administrator

    Memory items scanned : 619
    Memory threats detected : 0
    Registry items scanned : 27256
    Registry threats detected : 0
    File items scanned : 52936
    File threats detected : 192

    Adware.Tracking Cookie
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@adbrite[1].txt [ /adbrite ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@adecn[1].txt [ /adecn ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /ads.creative-serving ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /beacons.hottraffic ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /bluemango.solution.weborama ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@collective-media[2].txt [ /collective-media ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@dm3adserver[2].txt [ /dm3adserver ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /eaeacom.112.2o7 ]
    .imrworldwide.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@media6degrees[1].txt [ /media6degrees ]
    .specificclick.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@mediaplex[2].txt [ /mediaplex ]
    .specificclick.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .specificclick.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /microsoftwllivemkt.112.2o7 ]
    .adviva.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /msnportal.112.2o7 ]
    .ru4.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /ohra.adservinginternational ]
    .kontera.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /sparkle.adservinginternational ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /thephonehouse.solution.weborama ]
    statse.webtrendslive.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@tradedoubler[2].txt [ /tradedoubler ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /vd.solution.weborama ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /vdwp.solution.weborama ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /vodafonebranding.solution.weborama ]
    .adtech.de [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\marieke@weborama[1].txt [ /weborama ]
    fl01.ct2.comclick.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    fl01.ct2.comclick.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    fl01.ct2.comclick.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    fl01.ct2.comclick.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    beacons.hottraffic.nl [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\SG2JVVKN.txt [ /myroitracking.com ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\FZ0BWXRH.txt [ /adxpose.com ]
    .atdmt.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\56DG03ZO.txt [ /c.atdmt.com ]
    .atdmt.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .adviva.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\O2D5ZQ6R.txt [ /findology.com ]
    adserver3.spele.nl [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    adserver3.spele.nl [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\95LHX4CD.txt [ /findsimle.com ]
    .mediabrandsww.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\TW5CKJY7.txt [ /ads.pubmatic.com ]
    adserver3.spele.nl [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    ad.adserver01.de [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    counter.hitslink.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    wstat.wibiya.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\RIU62Q8C.txt [ /apmebf.com ]
    nl.sitestat.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .vodafonebranding.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .vodafonebranding.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .vodafonebranding.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .vodafonebranding.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\1W2K8N26.txt [ /invitemedia.com ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\TUJ779T4.txt [ /ads.adk2.com ]
    .revsci.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\62ME2J4Q.txt [ /clicksor.com ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /nl.sitestat.com ]
    .adbrite.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\4TXBMVE0.txt [ /revsci.net ]
    .adbrite.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\5LV8LDAT.txt [ /smartadserver.com ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\AC7G4VX2.txt [ /atdmt.com ]
    .doubleclick.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .yieldmanager.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .bs.serving-sys.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .sizz.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .sizz.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .sizz.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .sizz.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    www9.addfreestats.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\KSFV8OGV.txt [ /ads.creative-serving.com ]
    .media6degrees.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\UEKRP6XR.txt [ /conversioncompany.solution.weborama.fr ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\6LYCZJNE.txt [ /adjuggler.net ]
    .media6degrees.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\A1Y6WJHR.txt [ /serving-sys.com ]
    .statcounter.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .content.yieldmanager.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\H2FHFJWS.txt [ /trafficno.com ]
    .content.yieldmanager.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\TCGWOLY0.txt [ /my.enveromedia.com ]
    .serving-sys.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\BC3J4RXZ.txt [ /adrime.solution.weborama.fr ]
    ad.yieldmanager.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\T8MMF2EJ.txt [ /fastclick.net ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\4VVB7B49.txt [ /ad.yieldmanager.com ]
    .bluemango.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .bluemango.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .bluemango.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\2O79O4YN.txt [ /vidasco.rotator.hadj7.adjuggler.net ]
    .bluemango.solution.weborama.fr [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\53S8LQY4.txt [ /aim4media.com ]
    server.iad.liveperson.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .tradedoubler.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .tradedoubler.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Marieke\AppData\Roaming\Microsoft\Windows\Cookies\6KR6C6W3.txt [ /doubleclick.net ]
    .mediaplex.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .apmebf.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .adtech.de [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .adtech.de [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .amazon-adsystem.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .pro-market.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .adjuggler.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .fastclick.net [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .shinystat.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    m1.webstats.motigo.com [ C:\USERS\MARIEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BMDBHYD7.DEFAULT\COOKIES.SQLITE ]
    C:\USERS\MARIEKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\TQSL5VBD.txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marieke@2o7[2].txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marieke@atdmt[2].txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marieke@liveperson[3].txt [ Cookie:[email protected]/hc/78172407 ]
    C:\USERS\MARIEKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marieke@hitbox[2].txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\marieke@doubleclick[1].txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\SG2JVVKN.txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\FZ0BWXRH.txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\56DG03ZO.txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\O2D5ZQ6R.txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\95LHX4CD.txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\marieke@collective-media[2].txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\marieke@weborama[1].txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\marieke@mediaplex[2].txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\marieke@adecn[1].txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\1W2K8N26.txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\marieke@media6degrees[1].txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\62ME2J4Q.txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\4TXBMVE0.txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\AC7G4VX2.txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\marieke@dm3adserver[2].txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\UEKRP6XR.txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\6LYCZJNE.txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\A1Y6WJHR.txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\TCGWOLY0.txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\BC3J4RXZ.txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\2O79O4YN.txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\53S8LQY4.txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\6KR6C6W3.txt [ Cookie:[email protected]/ ]
    C:\USERS\MARIEKE\Cookies\marieke@adbrite[1].txt [ Cookie:[email protected]/ ]
     
  7. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,648
    OK, that's good. (y)

    I'm going to sit on the sidelines for now and wait for a gold/blue shield member to assist you.

    This section is VERY busy, so be patient.

    By the way, Java(TM) 6 update 30 needs to be updated to 1.6.0.31(6 Update 31).

    ---------------------------------------------------------
     
  8. Marieke93

    Marieke93 Thread Starter

    Joined:
    Feb 24, 2012
    Messages:
    13
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

    Link 1
    Link 2

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  10. Marieke93

    Marieke93 Thread Starter

    Joined:
    Feb 24, 2012
    Messages:
    13
    Thank you! I ran combofix but I think I accidentally downloaded it in Dutch, I've translated the Dutch parts in the logs:

    -- Also, the scroll function of my touch pad doesn't work anymore since ComboFix restarted my laptop just now. Any ideas how I can get it to work again?


    ComboFix 12-02-25.02 - Marieke 27-Feb-12 20:01:24.1.2 - x86
    Microsoft® Windows Vista&#8482; Ultimate 6.0.6002.2.1252.31.1033.18.2974.2058 [GMT 1:00]
    Started from: c:\users\Marieke\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * New recovery point was made
    .
    .
    (((((((((((((((((((((((((((((((((( Other erasures )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\drivers\etc\hosts.ics
    c:\windows\system32\lsprst7.dll
    c:\windows\system32\SETCA31.tmp
    c:\windows\system32\SETCBF8.tmp
    c:\windows\system32\SETCF97.tmp
    .
    .
    (((((((((((((((((((( Files made from 2012-01-27 to 2012-02-27 ))))))))))))))))))))))))))))))
    .
    .
    2012-02-27 19:08 . 2012-02-27 19:08 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-02-27 19:08 . 2012-02-27 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-25 11:19 . 2012-02-25 11:19 -------- d-----w- c:\program files\Common Files\Java
    2012-02-24 22:43 . 2012-02-24 22:43 -------- d-----w- c:\users\Marieke\AppData\Roaming\SUPERAntiSpyware.com
    2012-02-24 22:43 . 2012-02-24 22:45 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-02-24 22:43 . 2012-02-24 22:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-02-24 22:30 . 2012-02-24 22:30 -------- d-----w- c:\users\Marieke\AppData\Roaming\Malwarebytes
    2012-02-24 22:30 . 2012-02-24 22:30 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-24 22:30 . 2012-02-24 22:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-24 22:30 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-15 14:14 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-15 14:14 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
    2012-02-15 14:14 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2012-01-31 13:05 . 2012-02-07 15:37 -------- d-----w- c:\users\Marieke\.spss
    2012-01-31 13:03 . 2012-01-31 13:03 -------- d-----w- c:\programdata\SafeNet Sentinel
    2012-01-31 13:02 . 2012-01-31 13:02 -------- d-----w- c:\programdata\SPSS
    2012-01-31 13:02 . 2012-01-31 13:02 -------- d-----w- c:\program files\Common Files\SPSS
    2012-01-31 13:01 . 2012-01-31 13:01 -------- d-----w- c:\program files\SPSSInc
    2012-01-31 13:01 . 2012-01-31 13:01 1025 ----a-w- c:\windows\system32\sysprs7.dll
    2012-01-29 13:26 . 2012-01-29 13:26 -------- d-----w- C:\SIERRA
    2012-01-29 13:26 . 1992-12-09 16:08 295952 ----a-w- c:\windows\SCRANTIC.SCR
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-25 11:18 . 2010-09-11 19:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-30 17:39 . 2011-06-18 08:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-27 11:26 . 2011-06-27 14:45 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Starting points )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* Empty references & legitimate standard references are not listed
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-02-24 740216]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19550344]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 4617600]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    .
    Contents of the 'Shared Tasks' folder
    .
    2012-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1403598637-1565816913-3000759082-1000Core.job
    - c:\users\Marieke\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 16:28]
    .
    2012-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1403598637-1565816913-3000759082-1000UA.job
    - c:\users\Marieke\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 16:28]
    .
    .
    ------- Additional Scan -------
    .
    uStart Page = about:blank
    uInternet Settings,ProxyServer = 64.212.73.53:8080
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.178.1
    DPF: {DBF3954F-8AF4-4E8C-AFC8-32916D13B6AD} - hxxp://kamuse.zcdn.co.kr/kamuse/kcsdownload/activex/KCSActiveXv3-1000.cab
    FF - ProfilePath - c:\users\Marieke\AppData\Roaming\Mozilla\Firefox\Profiles\bmdbhyd7.default\
    .
    .
    **************************************************************************
    Scanning hidden processes ...
    .
    scanning hidden autostart processes ...
    .
    scanning hidden files ...
    .
    Scan successfully completed
    hidden files:
    .
    **************************************************************************
    .
    ------------------------ Other Active Processes ------------------------
    .
    c:\progra~1\AVG\AVG2012\avgrsx.exe
    c:\program files\AVG\AVG2012\avgcsrvx.exe
    c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
    c:\windows\system32\WLANExt.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\AVG\AVG2012\avgwdsvc.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\AVG\AVG2012\avgnsx.exe
    c:\program files\AVG\AVG2012\avgemcx.exe
    c:\program files\AVG\AVG2012\AVGIDSAgent.exe
    c:\windows\system32\conime.exe
    c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-27 20:26:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-27 19:26
    ComboFix2.txt 2011-12-04 16:03
    .
    Pre-Run: 165,992,845,312 bytes free
    Post-Run: 166,330,552,320 bytes free
    .
    - - End Of File - - 43326F62E9538100902807948AF29731
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Do you recognize this proxy server running in Internet Explorer :-

    uInternet Settings,ProxyServer = 64.212.73.53:8080

    Regarding scroll function on touch pad, Select Start > In the search box type Device manager In new window scroll to Mice and other pointing device Expand that entry look at PS/2 compatible mouse Are there any question or exclamation marks, right click on that entry select update driver, select for windows to check?

    How is your system responding now, any improvement...

    Kevin
     
  12. Marieke93

    Marieke93 Thread Starter

    Joined:
    Feb 24, 2012
    Messages:
    13
    I never use IE or proxies, so I don't know what that's about. I haven't heard any audio ads anymore, but my system is still a lot slower than it used to be...

    Also, windows says the drivers are up to date, so still no scroll function.

    Thanks again! :)
     
  13. Marieke93

    Marieke93 Thread Starter

    Joined:
    Feb 24, 2012
    Messages:
    13
    Restarted my browser and now the scroll works again! Thanks!
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    OK, that is good news, regarding proxy, if it is not known then it has to go:

    Internet Explorer:
    Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". ok, apply (only if applicable), ok.

    Next,

    Download [​IMG] TFC to your desktop, from either of the following links
    Link 1
    Link 2
    • Save any open work. TFC will close all open application windows.
    • Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select “Run as Administartor”
    • If prompted, click "Yes" to reboot.
    TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

    Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run, even if not prompted

    Next,

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take several hours to complete depending on the size of your system.

    ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

    Kevin
     
  15. Marieke93

    Marieke93 Thread Starter

    Joined:
    Feb 24, 2012
    Messages:
    13
    Had to leave the scan running overnight. Here is the log:


    C:\Qoobox\Quarantine\C\Users\Marieke\AppData\Local\1cf6efbe\X.vir a variant of Win32/Sirefef.DD trojan
    C:\Qoobox\Quarantine\C\Users\Marieke\AppData\Local\1cf6efbe\U\80000000.@.vir a variant of Win32/Sirefef.DV trojan
    C:\Qoobox\Quarantine\C\Users\Marieke\AppData\Local\1cf6efbe\U\800000cb.@.vir a variant of Win32/Agent.TEO trojan
    C:\Qoobox\Quarantine\C\Users\Marieke\AppData\Local\1cf6efbe\U\800000cf.@.vir Win32/Sirefef.DV trojan
    C:\Qoobox\Quarantine\C\Windows\System32\c_47915.nl_.vir a variant of Win32/Sirefef.CR trojan
    C:\Users\Marieke\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\110421085919649.rsc multiple threats

    (Also, the ESET buttons look different from the ones in your posts - it's still clear what you have to do but I thought I'd let you know)

    Thanks again!
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1042550