Paranorma
12 July 2013, 20:01
Al ik op het internet aan het surfen ben krijg ik sommige woorden als link aangeboden, als je hier over gaat met de muis (niet klikken, maar gewoon muispijltje er op zetten) dan komt er een reclameboodschap te voorschijn.
Dit zijn boodschappen aller aard (chips, antirimpelcreme, ....)
Ook als ik ergens een site open met een afbeelding komt er onder de afbeelding steevast een kadertje van Dealfinder te staan waar enkele fototjes instaan enzo.
Van beide gemelde dingen 1 afbeelding gemaakt:
http://img824.imageshack.us/img824/9760/rx96.jpg
Heb de computer al eens gescand met AVG, maar die kan het probleem blijkbaar niet vinden.
De logjes die geplaatst diende te worden:
MBAM:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2013.07.12.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Para:: Para-HP [administrator]
12/07/2013 19:26:56
mbam-log-2013-07-12 (19-26-56).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 223061
Verstreken tijd: 4 minuut/minuten, 44 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 1
C:\Users\Para\AppData\Local\Temp\pricepeep_130001_ 1001.exe (Adware.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
GMER:
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-12 19:43:03
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.MS2O 931,51GB
Running: u9xqqu1t.exe; Driver: C:\Users\Para\AppData\Local\Temp\pwldqpog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076131465 2 bytes [13, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761314bb 2 bytes [13, 76]
.text ... * 2
.text C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.e xe[1420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076131465 2 bytes [13, 76]
.text C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.e xe[1420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761314bb 2 bytes [13, 76]
.text ... * 2
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076131465 2 bytes [13, 76]
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761314bb 2 bytes [13, 76]
.text ... * 2
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3024] C:\Windows\syswow64\USER32.dll!GetMenu + 412 0000000075b151dd 7 bytes JMP 0000000110053ac0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3024] C:\Windows\syswow64\USER32.dll!PeekMessageA + 407 0000000075b1610b 7 bytes JMP 0000000110053c10
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3024] C:\Windows\syswow64\USER32.dll!CreateDialogIndirec tParamW + 131 0000000075b1c6c1 7 bytes JMP 0000000110053bf0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3024] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA + 199 0000000075b5fc98 7 bytes JMP 0000000110053c60
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3024] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW + 52 0000000075b5fcd1 7 bytes JMP 0000000110053d30
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3024] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 31 0000000075b5fcf5 7 bytes JMP 0000000110053ce0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076131465 2 bytes [13, 76]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761314bb 2 bytes [13, 76]
.text ... * 2
.text C:\Users\Para\AppData\Local\Akamai\netsession_win. exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076131465 2 bytes [13, 76]
.text C:\Users\Para\AppData\Local\Akamai\netsession_win. exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761314bb 2 bytes [13, 76]
.text ... * 2
.text C:\Users\Para\AppData\Local\Akamai\netsession_win. exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076131465 2 bytes [13, 76]
.text C:\Users\Para\AppData\Local\Akamai\netsession_win. exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761314bb 2 bytes [13, 76]
.text ... * 2
.text C:\Windows\SysWOW64\vmnat.exe[3804] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 26 00000000703e13c6 2 bytes [3E, 70]
.text C:\Windows\SysWOW64\vmnat.exe[3804] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 74 00000000703e13f6 2 bytes [3E, 70]
.text C:\Windows\SysWOW64\vmnat.exe[3804] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 257 00000000703e14ad 2 bytes [3E, 70]
.text C:\Windows\SysWOW64\vmnat.exe[3804] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 303 00000000703e14db 2 bytes [3E, 70]
.text ... * 2
.text C:\Windows\SysWOW64\vmnat.exe[3804] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 79 00000000703e1577 2 bytes [3E, 70]
.text C:\Windows\SysWOW64\vmnat.exe[3804] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 175 00000000703e15d7 2 bytes [3E, 70]
.text C:\Windows\SysWOW64\vmnat.exe[3804] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 620 00000000703e1794 2 bytes [3E, 70]
.text C:\Windows\SysWOW64\vmnat.exe[3804] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 921 00000000703e18c1 2 bytes [3E, 70]
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076131465 2 bytes [13, 76]
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761314bb 2 bytes [13, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076131465 2 bytes [13, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761314bb 2 bytes [13, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [5876] entry point in ".rdata" section 00000000604c71e6
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThre ad + 5 000000007764f991 7 bytes {MOV EDX, 0x9c4e28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007764fbd5 7 bytes {MOV EDX, 0x9c4e68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007764fc05 7 bytes {MOV EDX, 0x9c4da8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007764fc1d 7 bytes {MOV EDX, 0x9c4d28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007764fc35 7 bytes {MOV EDX, 0x9c4f28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007764fc65 7 bytes {MOV EDX, 0x9c4f68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007764fce5 7 bytes {MOV EDX, 0x9c4ee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007764fcfd 7 bytes {MOV EDX, 0x9c4ea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007764fd49 7 bytes {MOV EDX, 0x9c4c68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFil e + 5 000000007764fe41 7 bytes {MOV EDX, 0x9c4ca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077650099 7 bytes {MOV EDX, 0x9c4c28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000776510a5 7 bytes {MOV EDX, 0x9c4de8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007765111d 7 bytes {MOV EDX, 0x9c4d68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttribute sFile + 5 0000000077651321 7 bytes {MOV EDX, 0x9c4ce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076131465 2 bytes [13, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761314bb 2 bytes [13, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThre ad + 5 000000007764f991 7 bytes {MOV EDX, 0x6b3a28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007764fbd5 7 bytes {MOV EDX, 0x6b3a68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007764fc05 7 bytes {MOV EDX, 0x6b39a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007764fc1d 7 bytes {MOV EDX, 0x6b3928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007764fc35 7 bytes {MOV EDX, 0x6b3b28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007764fc65 7 bytes {MOV EDX, 0x6b3b68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007764fce5 7 bytes {MOV EDX, 0x6b3ae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007764fcfd 7 bytes {MOV EDX, 0x6b3aa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007764fd49 7 bytes {MOV EDX, 0x6b3868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFil e + 5 000000007764fe41 7 bytes {MOV EDX, 0x6b38a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077650099 7 bytes {MOV EDX, 0x6b3828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000776510a5 7 bytes {MOV EDX, 0x6b39e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007765111d 7 bytes {MOV EDX, 0x6b3968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttribute sFile + 5 0000000077651321 7 bytes {MOV EDX, 0x6b38e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076131465 2 bytes [13, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761314bb 2 bytes [13, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThre ad + 5 000000007764f991 7 bytes {MOV EDX, 0x3bee28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007764fbd5 7 bytes {MOV EDX, 0x3bee68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007764fc05 7 bytes {MOV EDX, 0x3beda8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007764fc1d 7 bytes {MOV EDX, 0x3bed28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007764fc35 7 bytes {MOV EDX, 0x3bef28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007764fc65 7 bytes {MOV EDX, 0x3bef68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007764fce5 7 bytes {MOV EDX, 0x3beee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007764fcfd 7 bytes {MOV EDX, 0x3beea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007764fd49 7 bytes {MOV EDX, 0x3bec68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFil e + 5 000000007764fe41 7 bytes {MOV EDX, 0x3beca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077650099 7 bytes {MOV EDX, 0x3bec28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000776510a5 7 bytes {MOV EDX, 0x3bede8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007765111d 7 bytes {MOV EDX, 0x3bed68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttribute sFile + 5 0000000077651321 7 bytes {MOV EDX, 0x3bece8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076131465 2 bytes [13, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761314bb 2 bytes [13, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThre ad + 5 000000007764f991 7 bytes {MOV EDX, 0xdbb628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007764fbd5 7 bytes {MOV EDX, 0xdbb668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007764fc05 7 bytes {MOV EDX, 0xdbb5a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007764fc1d 7 bytes {MOV EDX, 0xdbb528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007764fc35 7 bytes {MOV EDX, 0xdbb728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007764fc65 7 bytes {MOV EDX, 0xdbb768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007764fce5 7 bytes {MOV EDX, 0xdbb6e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007764fcfd 7 bytes {MOV EDX, 0xdbb6a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007764fd49 7 bytes {MOV EDX, 0xdbb468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFil e + 5 000000007764fe41 7 bytes {MOV EDX, 0xdbb4a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077650099 7 bytes {MOV EDX, 0xdbb428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000776510a5 7 bytes {MOV EDX, 0xdbb5e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007765111d 7 bytes {MOV EDX, 0xdbb568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttribute sFile + 5 0000000077651321 7 bytes {MOV EDX, 0xdbb4e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076131465 2 bytes [13, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761314bb 2 bytes [13, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThre ad + 5 000000007764f991 7 bytes {MOV EDX, 0x8bba28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007764fbd5 7 bytes {MOV EDX, 0x8bba68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007764fc05 7 bytes {MOV EDX, 0x8bb9a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007764fc1d 7 bytes {MOV EDX, 0x8bb928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007764fc35 7 bytes {MOV EDX, 0x8bbb28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007764fc65 7 bytes {MOV EDX, 0x8bbb68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007764fce5 7 bytes {MOV EDX, 0x8bbae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007764fcfd 7 bytes {MOV EDX, 0x8bbaa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007764fd49 7 bytes {MOV EDX, 0x8bb868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFil e + 5 000000007764fe41 7 bytes {MOV EDX, 0x8bb8a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077650099 7 bytes {MOV EDX, 0x8bb828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000776510a5 7 bytes {MOV EDX, 0x8bb9e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007765111d 7 bytes {MOV EDX, 0x8bb968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttribute sFile + 5 0000000077651321 7 bytes {MOV EDX, 0x8bb8e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076131465 2 bytes [13, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761314bb 2 bytes [13, 76]
.text ... * 2
---- EOF - GMER 2.1 ----
DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457
Run by Para at 19:44:07 on 2013-07-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4077.2523 [GMT 2:00]
.
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.e xe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\hp\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Users\Para\AppData\Local\Akamai\netsession_win. exe
C:\Users\Para\AppData\Local\Akamai\netsession_win. exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\hp\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: TubeSaver: {E7673D9C-270D-4805-B619-5556A9977909} - C:\Program Files (x86)\TubeSaver\120.dll
uRun: [HP Deskjet 3050 J610 series (NET)] "C:\Program Files\hp\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN11J3932X05HX:NW" -scfn "HP Deskjet 3050 J610 series (NET)" -AutoStart 1
uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
uRun: [Akamai NetSession Interface] "C:\Users\Para\AppData\Local\Akamai\netsession_win. exe"
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
StartupFolder: C:\Users\Para\AppData\Roaming\MICROS~1\Windows\STA RTM~1\Programs\Startup\INKTWA~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\Users\Para\AppData\Roaming\MICROS~1\Windows\STA RTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: %windir%\system32\vsocklib.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F90768C4-D4FB-4D16-AEA2-CD0E0AF85639} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\Insta ller\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgi dsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-16 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-3-24 70296]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\driv ers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-2-24 203776]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-6-9 264008]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.e xe [2013-3-27 185688]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-9 85560]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-29 94264]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-2-24 1128952]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-24 2656280]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
R3 ACSSCR;ACR38 Smart Card Reader;C:\Windows\System32\drivers\a38usb.sys [2013-3-5 44672]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-24 114704]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-2-24 1360960]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-24 471144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.s ys [2012-2-24 31152]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-1-29 155824]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUs bFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-1 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-07-11 11:34:48 -------- d-----w- C:\Program Files (x86)\TubeSaver
2013-06-29 20:55:28 -------- d-----w- C:\Windows\Titans Of Steel Warring Suns
2013-06-29 20:55:28 -------- d-----w- C:\Matrix Games
2013-06-29 20:52:48 -------- d-----w- C:\Program Files (x86)\VideoSaver
2013-06-29 20:51:00 -------- d-----w- C:\Program Files (x86)\Glest_3.2.2
2013-06-26 08:04:56 -------- d-----w- C:\ProgramData\Citrix
2013-06-26 08:04:11 -------- d-----w- C:\Program Files (x86)\Citrix
2013-06-26 08:04:08 -------- d-----w- C:\Users\Para\AppData\Local\Citrix
2013-06-25 22:45:00 -------- d-----w- C:\Users\Para\AppData\Roaming\Unity
2013-06-25 22:29:24 -------- d-----w- C:\Users\Para\AppData\Local\Unity
2013-06-24 20:24:27 -------- d-----w- C:\Users\Para\AppData\Roaming\TeamViewer
2013-06-18 14:19:08 -------- d-----w- C:\Users\Para\AppData\Local\{F3C9D156-FC0D-4369-A3D7-379B0AEC5208}
2013-06-16 14:04:51 -------- d-----w- C:\Users\Para\AppData\Local\{5C1C2400-3024-444A-9572-2DE3980B7B7E}
.
==================== Find3M ====================
.
.
============= FINISH: 19:44:29,16 ===============
Attach:
.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 28/01/2013 14:56:40
System Uptime: 12/07/2013 19:33:34 (0 hours ago)
.
Motherboard: Foxconn | | 2ABF
Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz | CPU 1 | 3001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 917 GiB total, 760,269 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1,819 GiB free.
E: is CDROM ()
F: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP57: 20/06/2013 19:41:28 - Gepland controlepunt
RP58: 28/06/2013 3:06:17 - Gepland controlepunt
RP59: 6/07/2013 18:28:54 - Gepland controlepunt
.
==== Installed Programs ======================
.
802.11n Wireless LAN Card
Adobe Flash Player 10 ActiveX
Agatha Christie - Peril at End House
Akamai NetSession Interface
AMD APP SDK Runtime
ATI Catalyst Install Manager
µTorrent
Audacity 2.0.3
AuthenTec TrueAPI
AVG 2013
Bejeweled 3
Belgium e-ID middleware 4.0.4 (build 7251)
Blackhawk Striker 2
Blasterball 3
Bounce Symphony
Cake Mania
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Desktop
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chronicles of Albian
Chuzzle Deluxe
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Cradle of Rome 2
D3DX10
Elevated Installer
Farm Frenzy
FATE
FileZilla Client 3.6.0.2
Final Drive: Nitro
Galerie de photos Windows Live
Garmin BaseCamp
Garmin City Navigator Europe NT 2012.10 Update
Garmin Communicator Plugin
Garmin Communicator Plugin x64
Garmin Express
Garmin Express Tray
Garmin MapInstall
Garmin Update Service
Garmin USB Drivers
Garmin WebUpdater
Glest 3.2.2
Google Chrome
Google Update Helper
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.1.1.0
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Deskjet 3050 J610 series Basissoftware van het apparaat
HP Games
HP LinkUp
HP Odometer
HP Setup
HP Setup Manager
HP SimplePass PE 2011
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
HydraVision
Intel(R) Identity Protection Technology 1.1.2.0
Intel(R) Management Engine Components
Jewel Quest: The Sleepless Star - Collector's Edition
Junk Mail filter update
LabelPrint
Magic Desktop
MagicDisc 2.7.106
Mah Jong Medley
Malwarebytes Anti-Malware versie 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Help Viewer 1.0
Microsoft Mathematics
Microsoft Office Access MUI (Dutch) 2010
Microsoft Office Excel MUI (Dutch) 2010
Microsoft Office Groove MUI (Dutch) 2010
Microsoft Office InfoPath MUI (Dutch) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (Dutch) 2010
Microsoft Office Outlook MUI (Dutch) 2010
Microsoft Office PowerPoint MUI (Dutch) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proofing (Dutch) 2010
Microsoft Office Publisher MUI (Dutch) 2010
Microsoft Office Shared 32-bit MUI (Dutch) 2010
Microsoft Office Shared MUI (Dutch) 2010
Microsoft Office Word MUI (Dutch) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
MSVCRT
MSVCRT_amd64
Mystery of Mortlake Mansion
Namco All-Stars: PAC-MAN
Notepad++
OpenAL
PDF Complete Special Edition
Penguins!
PIXresizer
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
Realtek High Definition Audio Driver
Recovery Manager
Remote Graphics Receiver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489)
SilkroadR
Skype™ 6.1
Slingo Supreme
Sony Ericsson Update Engine
Sony PC Companion 2.10.165
Stuurprogrammapakket voor Windows - Fedict SmartCard (10/04/2011 4.0.0.5)
TERA
Titans Of Steel Warring Suns
tools-windows
TubeSaver
Tyre
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
Vacation Quest - The Hawaiian Islands
VIP Access SDK (1.0.1.4)
Virtual Villagers 5 - New Believers
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.5
VMware Player
Warzone 2100-3.1.0
WildTangent Games App (HP Games)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (64-bit)
YTD Video Downloader 3.9.6
Zuma Deluxe
.
==== End Of File ===========================
Iemand die me hiermee kan helpen, want ik vind het verschrikkelijk irritant
Dit zijn boodschappen aller aard (chips, antirimpelcreme, ....)
Ook als ik ergens een site open met een afbeelding komt er onder de afbeelding steevast een kadertje van Dealfinder te staan waar enkele fototjes instaan enzo.
Van beide gemelde dingen 1 afbeelding gemaakt:
http://img824.imageshack.us/img824/9760/rx96.jpg
Heb de computer al eens gescand met AVG, maar die kan het probleem blijkbaar niet vinden.
De logjes die geplaatst diende te worden:
MBAM:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2013.07.12.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Para:: Para-HP [administrator]
12/07/2013 19:26:56
mbam-log-2013-07-12 (19-26-56).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 223061
Verstreken tijd: 4 minuut/minuten, 44 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 1
C:\Users\Para\AppData\Local\Temp\pricepeep_130001_ 1001.exe (Adware.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
GMER:
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-12 19:43:03
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.MS2O 931,51GB
Running: u9xqqu1t.exe; Driver: C:\Users\Para\AppData\Local\Temp\pwldqpog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076131465 2 bytes [13, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761314bb 2 bytes [13, 76]
.text ... * 2
.text C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.e xe[1420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076131465 2 bytes [13, 76]
.text C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.e xe[1420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761314bb 2 bytes [13, 76]
.text ... * 2
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076131465 2 bytes [13, 76]
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761314bb 2 bytes [13, 76]
.text ... * 2
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3024] C:\Windows\syswow64\USER32.dll!GetMenu + 412 0000000075b151dd 7 bytes JMP 0000000110053ac0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3024] C:\Windows\syswow64\USER32.dll!PeekMessageA + 407 0000000075b1610b 7 bytes JMP 0000000110053c10
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3024] C:\Windows\syswow64\USER32.dll!CreateDialogIndirec tParamW + 131 0000000075b1c6c1 7 bytes JMP 0000000110053bf0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3024] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA + 199 0000000075b5fc98 7 bytes JMP 0000000110053c60
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3024] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW + 52 0000000075b5fcd1 7 bytes JMP 0000000110053d30
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3024] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 31 0000000075b5fcf5 7 bytes JMP 0000000110053ce0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076131465 2 bytes [13, 76]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761314bb 2 bytes [13, 76]
.text ... * 2
.text C:\Users\Para\AppData\Local\Akamai\netsession_win. exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076131465 2 bytes [13, 76]
.text C:\Users\Para\AppData\Local\Akamai\netsession_win. exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761314bb 2 bytes [13, 76]
.text ... * 2
.text C:\Users\Para\AppData\Local\Akamai\netsession_win. exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076131465 2 bytes [13, 76]
.text C:\Users\Para\AppData\Local\Akamai\netsession_win. exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761314bb 2 bytes [13, 76]
.text ... * 2
.text C:\Windows\SysWOW64\vmnat.exe[3804] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 26 00000000703e13c6 2 bytes [3E, 70]
.text C:\Windows\SysWOW64\vmnat.exe[3804] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 74 00000000703e13f6 2 bytes [3E, 70]
.text C:\Windows\SysWOW64\vmnat.exe[3804] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 257 00000000703e14ad 2 bytes [3E, 70]
.text C:\Windows\SysWOW64\vmnat.exe[3804] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 303 00000000703e14db 2 bytes [3E, 70]
.text ... * 2
.text C:\Windows\SysWOW64\vmnat.exe[3804] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 79 00000000703e1577 2 bytes [3E, 70]
.text C:\Windows\SysWOW64\vmnat.exe[3804] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 175 00000000703e15d7 2 bytes [3E, 70]
.text C:\Windows\SysWOW64\vmnat.exe[3804] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 620 00000000703e1794 2 bytes [3E, 70]
.text C:\Windows\SysWOW64\vmnat.exe[3804] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 921 00000000703e18c1 2 bytes [3E, 70]
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076131465 2 bytes [13, 76]
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761314bb 2 bytes [13, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076131465 2 bytes [13, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761314bb 2 bytes [13, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [5876] entry point in ".rdata" section 00000000604c71e6
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThre ad + 5 000000007764f991 7 bytes {MOV EDX, 0x9c4e28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007764fbd5 7 bytes {MOV EDX, 0x9c4e68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007764fc05 7 bytes {MOV EDX, 0x9c4da8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007764fc1d 7 bytes {MOV EDX, 0x9c4d28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007764fc35 7 bytes {MOV EDX, 0x9c4f28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007764fc65 7 bytes {MOV EDX, 0x9c4f68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007764fce5 7 bytes {MOV EDX, 0x9c4ee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007764fcfd 7 bytes {MOV EDX, 0x9c4ea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007764fd49 7 bytes {MOV EDX, 0x9c4c68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFil e + 5 000000007764fe41 7 bytes {MOV EDX, 0x9c4ca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077650099 7 bytes {MOV EDX, 0x9c4c28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000776510a5 7 bytes {MOV EDX, 0x9c4de8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007765111d 7 bytes {MOV EDX, 0x9c4d68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttribute sFile + 5 0000000077651321 7 bytes {MOV EDX, 0x9c4ce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076131465 2 bytes [13, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761314bb 2 bytes [13, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThre ad + 5 000000007764f991 7 bytes {MOV EDX, 0x6b3a28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007764fbd5 7 bytes {MOV EDX, 0x6b3a68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007764fc05 7 bytes {MOV EDX, 0x6b39a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007764fc1d 7 bytes {MOV EDX, 0x6b3928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007764fc35 7 bytes {MOV EDX, 0x6b3b28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007764fc65 7 bytes {MOV EDX, 0x6b3b68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007764fce5 7 bytes {MOV EDX, 0x6b3ae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007764fcfd 7 bytes {MOV EDX, 0x6b3aa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007764fd49 7 bytes {MOV EDX, 0x6b3868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFil e + 5 000000007764fe41 7 bytes {MOV EDX, 0x6b38a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077650099 7 bytes {MOV EDX, 0x6b3828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000776510a5 7 bytes {MOV EDX, 0x6b39e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007765111d 7 bytes {MOV EDX, 0x6b3968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttribute sFile + 5 0000000077651321 7 bytes {MOV EDX, 0x6b38e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076131465 2 bytes [13, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761314bb 2 bytes [13, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThre ad + 5 000000007764f991 7 bytes {MOV EDX, 0x3bee28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007764fbd5 7 bytes {MOV EDX, 0x3bee68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007764fc05 7 bytes {MOV EDX, 0x3beda8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007764fc1d 7 bytes {MOV EDX, 0x3bed28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007764fc35 7 bytes {MOV EDX, 0x3bef28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007764fc65 7 bytes {MOV EDX, 0x3bef68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007764fce5 7 bytes {MOV EDX, 0x3beee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007764fcfd 7 bytes {MOV EDX, 0x3beea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007764fd49 7 bytes {MOV EDX, 0x3bec68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFil e + 5 000000007764fe41 7 bytes {MOV EDX, 0x3beca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077650099 7 bytes {MOV EDX, 0x3bec28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000776510a5 7 bytes {MOV EDX, 0x3bede8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007765111d 7 bytes {MOV EDX, 0x3bed68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttribute sFile + 5 0000000077651321 7 bytes {MOV EDX, 0x3bece8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076131465 2 bytes [13, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761314bb 2 bytes [13, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThre ad + 5 000000007764f991 7 bytes {MOV EDX, 0xdbb628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007764fbd5 7 bytes {MOV EDX, 0xdbb668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007764fc05 7 bytes {MOV EDX, 0xdbb5a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007764fc1d 7 bytes {MOV EDX, 0xdbb528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007764fc35 7 bytes {MOV EDX, 0xdbb728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007764fc65 7 bytes {MOV EDX, 0xdbb768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007764fce5 7 bytes {MOV EDX, 0xdbb6e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007764fcfd 7 bytes {MOV EDX, 0xdbb6a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007764fd49 7 bytes {MOV EDX, 0xdbb468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFil e + 5 000000007764fe41 7 bytes {MOV EDX, 0xdbb4a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077650099 7 bytes {MOV EDX, 0xdbb428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000776510a5 7 bytes {MOV EDX, 0xdbb5e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007765111d 7 bytes {MOV EDX, 0xdbb568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttribute sFile + 5 0000000077651321 7 bytes {MOV EDX, 0xdbb4e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076131465 2 bytes [13, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761314bb 2 bytes [13, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThre ad + 5 000000007764f991 7 bytes {MOV EDX, 0x8bba28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007764fbd5 7 bytes {MOV EDX, 0x8bba68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007764fc05 7 bytes {MOV EDX, 0x8bb9a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007764fc1d 7 bytes {MOV EDX, 0x8bb928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007764fc35 7 bytes {MOV EDX, 0x8bbb28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007764fc65 7 bytes {MOV EDX, 0x8bbb68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007764fce5 7 bytes {MOV EDX, 0x8bbae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007764fcfd 7 bytes {MOV EDX, 0x8bbaa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007764fd49 7 bytes {MOV EDX, 0x8bb868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFil e + 5 000000007764fe41 7 bytes {MOV EDX, 0x8bb8a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077650099 7 bytes {MOV EDX, 0x8bb828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000776510a5 7 bytes {MOV EDX, 0x8bb9e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007765111d 7 bytes {MOV EDX, 0x8bb968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttribute sFile + 5 0000000077651321 7 bytes {MOV EDX, 0x8bb8e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076131465 2 bytes [13, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761314bb 2 bytes [13, 76]
.text ... * 2
---- EOF - GMER 2.1 ----
DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457
Run by Para at 19:44:07 on 2013-07-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4077.2523 [GMT 2:00]
.
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.e xe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\hp\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Users\Para\AppData\Local\Akamai\netsession_win. exe
C:\Users\Para\AppData\Local\Akamai\netsession_win. exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\hp\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: TubeSaver: {E7673D9C-270D-4805-B619-5556A9977909} - C:\Program Files (x86)\TubeSaver\120.dll
uRun: [HP Deskjet 3050 J610 series (NET)] "C:\Program Files\hp\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN11J3932X05HX:NW" -scfn "HP Deskjet 3050 J610 series (NET)" -AutoStart 1
uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
uRun: [Akamai NetSession Interface] "C:\Users\Para\AppData\Local\Akamai\netsession_win. exe"
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
StartupFolder: C:\Users\Para\AppData\Roaming\MICROS~1\Windows\STA RTM~1\Programs\Startup\INKTWA~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\Users\Para\AppData\Roaming\MICROS~1\Windows\STA RTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: %windir%\system32\vsocklib.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F90768C4-D4FB-4D16-AEA2-CD0E0AF85639} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\Insta ller\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgi dsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-16 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-3-24 70296]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\driv ers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-2-24 203776]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-6-9 264008]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.e xe [2013-3-27 185688]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-9 85560]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-29 94264]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-2-24 1128952]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-24 2656280]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
R3 ACSSCR;ACR38 Smart Card Reader;C:\Windows\System32\drivers\a38usb.sys [2013-3-5 44672]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-24 114704]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-2-24 1360960]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-24 471144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.s ys [2012-2-24 31152]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-1-29 155824]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUs bFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-1 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-07-11 11:34:48 -------- d-----w- C:\Program Files (x86)\TubeSaver
2013-06-29 20:55:28 -------- d-----w- C:\Windows\Titans Of Steel Warring Suns
2013-06-29 20:55:28 -------- d-----w- C:\Matrix Games
2013-06-29 20:52:48 -------- d-----w- C:\Program Files (x86)\VideoSaver
2013-06-29 20:51:00 -------- d-----w- C:\Program Files (x86)\Glest_3.2.2
2013-06-26 08:04:56 -------- d-----w- C:\ProgramData\Citrix
2013-06-26 08:04:11 -------- d-----w- C:\Program Files (x86)\Citrix
2013-06-26 08:04:08 -------- d-----w- C:\Users\Para\AppData\Local\Citrix
2013-06-25 22:45:00 -------- d-----w- C:\Users\Para\AppData\Roaming\Unity
2013-06-25 22:29:24 -------- d-----w- C:\Users\Para\AppData\Local\Unity
2013-06-24 20:24:27 -------- d-----w- C:\Users\Para\AppData\Roaming\TeamViewer
2013-06-18 14:19:08 -------- d-----w- C:\Users\Para\AppData\Local\{F3C9D156-FC0D-4369-A3D7-379B0AEC5208}
2013-06-16 14:04:51 -------- d-----w- C:\Users\Para\AppData\Local\{5C1C2400-3024-444A-9572-2DE3980B7B7E}
.
==================== Find3M ====================
.
.
============= FINISH: 19:44:29,16 ===============
Attach:
.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 28/01/2013 14:56:40
System Uptime: 12/07/2013 19:33:34 (0 hours ago)
.
Motherboard: Foxconn | | 2ABF
Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz | CPU 1 | 3001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 917 GiB total, 760,269 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1,819 GiB free.
E: is CDROM ()
F: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP57: 20/06/2013 19:41:28 - Gepland controlepunt
RP58: 28/06/2013 3:06:17 - Gepland controlepunt
RP59: 6/07/2013 18:28:54 - Gepland controlepunt
.
==== Installed Programs ======================
.
802.11n Wireless LAN Card
Adobe Flash Player 10 ActiveX
Agatha Christie - Peril at End House
Akamai NetSession Interface
AMD APP SDK Runtime
ATI Catalyst Install Manager
µTorrent
Audacity 2.0.3
AuthenTec TrueAPI
AVG 2013
Bejeweled 3
Belgium e-ID middleware 4.0.4 (build 7251)
Blackhawk Striker 2
Blasterball 3
Bounce Symphony
Cake Mania
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Desktop
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chronicles of Albian
Chuzzle Deluxe
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Cradle of Rome 2
D3DX10
Elevated Installer
Farm Frenzy
FATE
FileZilla Client 3.6.0.2
Final Drive: Nitro
Galerie de photos Windows Live
Garmin BaseCamp
Garmin City Navigator Europe NT 2012.10 Update
Garmin Communicator Plugin
Garmin Communicator Plugin x64
Garmin Express
Garmin Express Tray
Garmin MapInstall
Garmin Update Service
Garmin USB Drivers
Garmin WebUpdater
Glest 3.2.2
Google Chrome
Google Update Helper
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.1.1.0
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Deskjet 3050 J610 series Basissoftware van het apparaat
HP Games
HP LinkUp
HP Odometer
HP Setup
HP Setup Manager
HP SimplePass PE 2011
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
HydraVision
Intel(R) Identity Protection Technology 1.1.2.0
Intel(R) Management Engine Components
Jewel Quest: The Sleepless Star - Collector's Edition
Junk Mail filter update
LabelPrint
Magic Desktop
MagicDisc 2.7.106
Mah Jong Medley
Malwarebytes Anti-Malware versie 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Help Viewer 1.0
Microsoft Mathematics
Microsoft Office Access MUI (Dutch) 2010
Microsoft Office Excel MUI (Dutch) 2010
Microsoft Office Groove MUI (Dutch) 2010
Microsoft Office InfoPath MUI (Dutch) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (Dutch) 2010
Microsoft Office Outlook MUI (Dutch) 2010
Microsoft Office PowerPoint MUI (Dutch) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proofing (Dutch) 2010
Microsoft Office Publisher MUI (Dutch) 2010
Microsoft Office Shared 32-bit MUI (Dutch) 2010
Microsoft Office Shared MUI (Dutch) 2010
Microsoft Office Word MUI (Dutch) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
MSVCRT
MSVCRT_amd64
Mystery of Mortlake Mansion
Namco All-Stars: PAC-MAN
Notepad++
OpenAL
PDF Complete Special Edition
Penguins!
PIXresizer
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
Realtek High Definition Audio Driver
Recovery Manager
Remote Graphics Receiver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489)
SilkroadR
Skype™ 6.1
Slingo Supreme
Sony Ericsson Update Engine
Sony PC Companion 2.10.165
Stuurprogrammapakket voor Windows - Fedict SmartCard (10/04/2011 4.0.0.5)
TERA
Titans Of Steel Warring Suns
tools-windows
TubeSaver
Tyre
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
Vacation Quest - The Hawaiian Islands
VIP Access SDK (1.0.1.4)
Virtual Villagers 5 - New Believers
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.5
VMware Player
Warzone 2100-3.1.0
WildTangent Games App (HP Games)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (64-bit)
YTD Video Downloader 3.9.6
Zuma Deluxe
.
==== End Of File ===========================
Iemand die me hiermee kan helpen, want ik vind het verschrikkelijk irritant