startpagina

OTL logfile created on: 19-1-2014 19:21:44 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Isabel\Downloads

Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16476)

Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1013,36 Mb Total Physical Memory | 158,39 Mb Available Physical Memory | 15,63% Memory free

1,99 Gb Paging File | 0,92 Gb Available in Paging File | 46,36% Paging File free

Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 148,95 Gb Total Space | 123,30 Gb Free Space | 82,78% Space Free | Partition Type: NTFS

Computer Name: ISABEL-PC | User Name: Isabel | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Isabel\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)

PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)

PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)

PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis)

PRC - C:\Program Files\CapsLKNotify\CapsLKNotify.exe (Compal Electronics, Inc)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\CCleaner\Lang\lang-1043.dll ()

========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) – C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (AdobeARMservice) – C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (LMIMaint) – C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)

SRV - (LMIGuardianSvc) – C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)

SRV - (IEEtwCollectorService) – C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)

SRV - (NisSrv) – c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) – c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV - (WinDefend) – C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (MBAMService) – C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) – C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (GoToAssist) – C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)

SRV - (LogMeIn) – C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)

========== Driver Services (SafeList) ==========

DRV - (MpKsl8c0cb4ca) – c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{82BD3CEC-A3A9-4033-BCCF-92787C984A90}\MpKsl8c0cb4ca.sys File not found

DRV - (LMIRfsClientNP) – C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)

DRV - (NisDrv) – C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV - (dg_ssudbus) – C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV - (LMIInfo) – C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)

DRV - (MBAMProtector) – C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (ssudmdm) – C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV - (RdpVideoMiniport) – C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV - (TsUsbGD) – C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV - (TsUsbFlt) – C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (LMIRfsDriver) – C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)

DRV - (WinUsb) – C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (phaudlwr) – C:\Windows\System32\drivers\phaudlwr.sys (Philips Applied Technologies)

DRV - (RSUSBSTOR) – C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV - (EMSC) – C:\Windows\System32\drivers\EMSC.sys (Windows (R) Win 7 DDK provider)

DRV - (SPC520m) – C:\Windows\System32\drivers\SPC520m.sys (Philips )

DRV - (SPC520) – C:\Windows\System32\drivers\SPC520.sys (Philips )

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1390134736&from=cor&uid=WDCXWD1600BEVT-75ZCT2_WD-WXD0AC9W8949W8949&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=71578&st=home&tid=8195&ver=4.9&ts=1382824800000.000007&tguid=71578-8195-1382859924392-35F6E9763AB95768F7C0E814FD3BAF88

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si=71578&tid=8195&ver=4.9&ts=1382824800000.000007&tguid=71578-8195-1382859924392-35F6E9763AB95768F7C0E814FD3BAF88&st=chrome&q=

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si=71578&tid=8195&ver=4.9&ts=1382824800000.000007&tguid=71578-8195-1382859924392-35F6E9763AB95768F7C0E814FD3BAF88&st=chrome&q=

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si=71578&st=home&tid=8195&ver=4.9&ts=1382824800000.000007&tguid=71578-8195-1382859924392-35F6E9763AB95768F7C0E814FD3BAF88

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si=71578&st=home&tid=8195&ver=4.9&ts=1382824800000.000007&tguid=71578-8195-1382859924392-35F6E9763AB95768F7C0E814FD3BAF88

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://search.certified-toolbar.com?si=71578&st=bs&tid=8195&ver=4.9&ts=1382824800000.000007&tguid=71578-8195-1382859924392-35F6E9763AB95768F7C0E814FD3BAF88&q={searchTerms}

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://search.certified-toolbar.com?si=71578&st=bs&tid=8195&ver=4.9&ts=1382859924392&tguid=71578-8195-1382859924392-35F6E9763AB95768F7C0E814FD3BAF88&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1390134736&from=cor&uid=WDCXWD1600BEVT-75ZCT2_WD-WXD0AC9W8949W8949&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1390134736&from=cor&uid=WDCXWD1600BEVT-75ZCT2_WD-WXD0AC9W8949W8949&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startpagina.nl/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3D 3E 05 21 93 FE C9 01

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =

IE - HKCU\..\URLSearchHook: {296aa17d-c89e-4242-a5a4-44bfe76914a2} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {AABDBB27-0820-4574-97FB-83D16814541E}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\..\SearchScopes\{AABDBB27-0820-4574-97FB-83D16814541E}: “URL” = http://search.certified-toolbar.com?si=71578&st=bs&tid=8195&ver=4.9&ts=1382824800000.000007&tguid=71578-8195-1382859924392-35F6E9763AB95768F7C0E814FD3BAF88&q={searchTerms}

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://search.certified-toolbar.com?si=71578&st=bs&tid=8195&ver=4.9&ts=1382859924392&tguid=71578-8195-1382859924392-35F6E9763AB95768F7C0E814FD3BAF88&q={searchTerms}

IE - HKCU\..\SearchScopes\{B2F983E5-B531-4718-8535-F23EB524EBEF}: “URL” = http://search.softonic.com/MOY00011/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=533

IE - HKCU\..\SearchScopes\{E133E310-C55A-43DA-8377-D86B1F00E544}: “URL” = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYNL&apn_uid=B92936BE-E990-44DC-BE8B-E08604F7A730&apn_sauid=EFA838EB-D8E2-4A1E-A3B9-88DDF2B89BD8

IE - HKCU\..\SearchScopes\CA07930441CB4D78A78B3008C8644E59: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3241951

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyOverride” = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Isabel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

(No name found) – C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - Extension: SaltarSmart = C:\Users\Isabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\chdboodilddefglllfoimeceomkpmkbi\1.0.0_1\

CHR - Extension: Google Wallet = C:\Users\Isabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: () - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll (Oceanis)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {296AA17D-C89E-4242-A5A4-44BFE76914A2} - No CLSID value found.

O4 - HKLM..\Run: C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: C:\Program Files\CapsLKNotify\CapsLKNotify.exe (Compal Electronics, Inc)

O4 - HKLM..\Run: C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKCU..\Run: C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)

O4 - HKCU..\Run: C:\Users\Isabel\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files\PokerStars.EU\PokerStarsUpdate.exe File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)

O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8865458-52DE-4A38-9751-8CB9550E500F}: DhcpNameServer = 192.168.2.254

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe) - C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis)

O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - () - C:\autoexec.bat –

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile – “%1” %*

O35 - HKLM\..exefile – “%1” %*

O37 - HKLM\…com – “%1” %*

O37 - HKLM\…exe – “%1” %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

– C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

– C:\Program Files\trend micro

– C:\rsit

– C:\Users\Isabel\AppData\Roaming\Malwarebytes

– C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

– C:\ProgramData\Malwarebytes

(Malwarebytes Corporation) – C:\Windows\System32\drivers\mbam.sys

– C:\Program Files\Malwarebytes' Anti-Malware

– C:\Program Files\CCleaner

– C:\Users\Isabel\AppData\Roaming\0V1L2Z2Z1T1I1L1T

– C:\ProgramData\WPM

– C:\ProgramData\APN

(Oracle Corporation) – C:\Windows\System32\javaws.exe

– C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

(Oracle Corporation) – C:\Windows\System32\javaw.exe

(Oracle Corporation) – C:\Windows\System32\java.exe

(Oracle Corporation) – C:\Windows\System32\WindowsAccessBridge.dll

(Microsoft Corporation) – C:\Windows\System32\win32k.sys

(Microsoft Corporation) – C:\Windows\System32\drivers\netio.sys

(Microsoft Corporation) – C:\Windows\System32\drivers\usbport.sys

(Microsoft Corporation) – C:\Windows\System32\drivers\usbd.sys

– C:\Users\Isabel\AppData\Local\Facebook

– C:\Users\Isabel\AppData\Roaming\QuickScan

========== Files - Modified Within 30 Days ==========

() – C:\Windows\tasks\Adobe Flash Player Updater.job

() – C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

() – C:\Windows\bootstat.dat

() – C:\hiberfil.sys

() – C:\Users\Isabel\Desktop\OTL - Snelkoppeling.lnk

() – C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

() – C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

() – C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

() – C:\Windows\wininit.ini

() – C:\Users\Isabel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

() – C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-670820757-871311736-3026841884-1000UA.job

() – C:\Users\Public\Desktop\Google Chrome.lnk

(Adobe Systems Incorporated) – C:\Windows\System32\FlashPlayerApp.exe

(Adobe Systems Incorporated) – C:\Windows\System32\FlashPlayerCPLApp.cpl

() – C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

() – C:\Users\Public\Desktop\CCleaner.lnk

() – C:\Users\Isabel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

() – C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-670820757-871311736-3026841884-1000Core.job

() – C:\Windows\System32\FNTCACHE.DAT

() – C:\Windows\System32\perfh013.dat

() – C:\Windows\System32\perfh009.dat

() – C:\Windows\System32\perfc013.dat

() – C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

() – C:\Users\Isabel\Desktop\OTL - Snelkoppeling.lnk

() – C:\Windows\wininit.ini

() – C:\Users\Isabel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

() – C:\Users\Public\Desktop\Google Chrome.lnk

() – C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

() – C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

() – C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

() – C:\Users\Public\Desktop\CCleaner.lnk

() – C:\Windows\System32\drivers\RTAIODAT.DAT

() – C:\Windows\System32\FNTCACHE.DAT

() – C:\Windows\System32\EMSC.dll

() – C:\Windows\System32\ffmpeg.dll

() – C:\Windows\System32\libbluray.dll

() – C:\Windows\System32\avformat-lav-53.dll

() – C:\Windows\System32\swscale-lav-2.dll

() – C:\Windows\System32\avutil-lav-51.dll

() – C:\Windows\System32\avcodec-lav-53.dll

() – C:\Windows\System32\avfilter-lav-2.dll

() – C:\Windows\System32\ff_vfw.dll

() – C:\Windows\System32\TomsMoComp_ff.dll

() – C:\Windows\System32\ff_unrar.dll

() – C:\Windows\System32\ff_wmv9.dll

() – C:\Windows\System32\ff_samplerate.dll

() – C:\Windows\System32\ff_libmad.dll

() – C:\Windows\System32\ff_libdts.dll

() – C:\Windows\System32\ff_liba52.dll

() – C:\Windows\System32\ff_libfaad2.dll

() – C:\Windows\System32\libmpeg2_ff.dll

========== ZeroAccess Check ==========

() – C:\Windows\assembly\Desktop.ini

“” = %SystemRoot%\system32\shell32.dll – (Microsoft Corporation)

“ThreadingModel” = Apartment

“” = %systemroot%\system32\wbem\fastprox.dll – (Microsoft Corporation)

“ThreadingModel” = Free

“” = %systemroot%\system32\wbem\wbemess.dll – (Microsoft Corporation)

“ThreadingModel” = Both

< End of report >

All processes killed

========== COMMANDS ==========

Restore point Set: OTL Restore Point

Error: Unable to interpret < TL > in the current context!

Error: Unable to interpret < IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = {searchTerms} > in the current context!

Error: Unable to interpret < IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = > in the current context!

Error: Unable to interpret < IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = > in the current context!

Error: Unable to interpret < IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = > in the current context!

Error: Unable to interpret < IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = > in the current context!

Error: Unable to interpret < IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = > in the current context!

Error: Unable to interpret < IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} > in the current context!

Error: Unable to interpret < IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = {searchTerms}&FORM=IE8SRC > in the current context!

Error: Unable to interpret < IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = {searchTerms} > in the current context!

Error: Unable to interpret < IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = {searchTerms} > in the current context!

Error: Unable to interpret < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = {searchTerms} > in the current context!

Error: Unable to interpret < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = about:blank > in the current context!

Error: Unable to interpret < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = {searchTerms} > in the current context!

Error: Unable to interpret < IE - HKCU\..\URLSearchHook: {296aa17d-c89e-4242-a5a4-44bfe76914a2} - No CLSID value found > in the current context!

Error: Unable to interpret < IE - HKCU\..\SearchScopes,DefaultScope = {AABDBB27-0820-4574-97FB-83D16814541E} > in the current context!

Error: Unable to interpret < IE - HKCU\..\SearchScopes\{AABDBB27-0820-4574-97FB-83D16814541E}: “URL” = {searchTerms} > in the current context!

Error: Unable to interpret < IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = {searchTerms} > in the current context!

Error: Unable to interpret < IE - HKCU\..\SearchScopes\{B2F983E5-B531-4718-8535-F23EB524EBEF}: “URL” = {searchTerms}&SearchSource=4&cc=&r=533 > in the current context!

Error: Unable to interpret < IE - HKCU\..\SearchScopes\{E133E310-C55A-43DA-8377-D86B1F00E544}: “URL” = {searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYNL&apn_uid=B92936BE-E990-44DC-BE8B-E08604F7A730&apn_sauid=EFA838EB-D8E2-4A1E-A3B9-88DDF2B89BD8 > in the current context!

Error: Unable to interpret < IE - HKCU\..\SearchScopes\CA07930441CB4D78A78B3008C8644E59: “URL” = {searchTerms}&SearchSource=4&ctid=CT3241951 > in the current context!

Error: Unable to interpret < O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. > in the current context!

Error: Unable to interpret < O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. > in the current context!

Error: Unable to interpret < O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {296AA17D-C89E-4242-A5A4-44BFE76914A2} - No CLSID value found. > in the current context!

Error: Unable to interpret < O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files\PokerStars.EU\PokerStarsUpdate.exe File not found > in the current context!

Error: Unable to interpret < O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. > in the current context!

Error: Unable to interpret < – C:\ProgramData\WPM > in the current context!

Error: Unable to interpret in the current context!

Error: Unable to interpret < :Reg > in the current context!

Error: Unable to interpret < :Files > in the current context!

Error: Unable to interpret < ipconfig /flushdns /c > in the current context!

Error: Unable to interpret < :Commands > in the current context!

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

User: Administrator

->Temp folder emptied: 184327 bytes

->Temporary Internet Files folder emptied: 9460205 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 56931 bytes

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56475 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Isabel

->Temp folder emptied: 5630772 bytes

->Temporary Internet Files folder emptied: 1188444 bytes

->Java cache emptied: 2332844 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 56986 bytes

User: LogMeInRemoteUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 664290 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 23071592 bytes

%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 41,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01192014_200329

Files\Folders moved on Reboot…

PendingFileRenameOperations files…

Registry entries deleted on Reboot…

isabel

Ben

isabel

isabel

Ben

isabel

Ben

isabel

Ben

isabel