Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My first virus


  • Please log in to reply

#16
Ronald Bruns

Ronald Bruns

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

The author of ComboFix is the one who deserves the thanks. I don't recognize that last log file. What created it please?

1- * Shhhhhhhhhhhhhhhhhht!* Don't let my uncle hear that, if the author of Combofix deserves all credit, Mr. Gates is responsible for the infection in the first place and not my clicker-happy uncle, hahaha. :P Thank YOU for pointing out a fix AND all YOUR time Jintan!

2- The creator of the log is called "Ronald-Bruns-learning-to-use-the-tab-button-in-Notepad."
We just wrote down all information provided in the Device-manager -> Unknown Device -> "Details Tab"
Most of them were empty, hence the irregular numbers. There is a drop-down-list under details;
"1]" is the one at the top, "24]" is all the way down.


I'll run the script for Combofix later today, the same goes for the scans.
We un-installed both SuperAntiSpyware and MBAM before running Combofix because we ran numerous scans before without any result, and we didn't want them to influence your scan-applications. Also, the system is disconnected from the net now, so I'm not entirely sure if I can re-connect and download all the updates, as we didn't test this anymore.

We'll let you know in a few hours,

-Thank YOU!
  • 0

Advertisements


#17
Ronald Bruns

Ronald Bruns

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hi Jintan!

I ran the Combofix-script without a hitch, here's that log:

ComboFix 12-04-10.01 - Administrator 11-04-2012 16:43:49.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1014.630 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt.txt
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-03-11 to 2012-04-11 ))))))))))))))))))))))))))))))
.
.
2012-04-11 14:46 . 2012-04-11 14:46 -------- d--h--r- c:\documents and settings\Administrator\Onlangs geopend
2012-04-10 16:15 . 2012-04-10 16:15 -------- d-----w- c:\windows\system32\xircom
2012-04-10 16:15 . 2012-04-10 16:15 -------- d-----w- c:\windows\system32\wbem\snmp
2012-04-10 16:15 . 2012-04-10 16:15 -------- d-----w- c:\program files\microsoft frontpage
2012-04-09 15:13 . 2012-04-10 16:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2012-04-09 15:01 . 2012-04-09 15:01 -------- d-----w- c:\program files\VideoLAN
2012-04-03 17:24 . 2012-04-03 17:24 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-04-03 17:24 . 2012-04-03 17:24 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-04-03 17:24 . 2012-04-03 17:24 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-04-03 14:36 . 2012-04-03 14:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Auslogics
2012-03-30 15:09 . 2012-03-30 15:09 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-03-30 13:23 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 09:56 . 2010-09-01 07:02 1869312 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( [email protected]_16.15.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-10 16:35 . 2012-04-10 16:35 118152 c:\windows\system32\FNTCACHE.DAT
- 2012-04-10 16:10 . 2012-04-10 16:10 118152 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2010-01-08 1044480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-07 128512]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-25 14:57 136176 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 20:33 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [25-11-2010 22:37 5632]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [25-11-2010 22:37 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [25-11-2010 22:37 5632]
S2 gupdate;Google Update-service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31-1-2012 0:49 136176]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [27-10-2011 18:35 1756384]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31-1-2012 0:49 136176]
.
Inhoud van de 'Gedeelde Taken' map
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-30 22:49]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-30 22:49]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-583907252-1177238915-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-25 14:57]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-583907252-1177238915-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-25 14:57]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
TCP: Interfaces\{2662CA9A-BCCB-40D9-AB24-ABAA529BD6BB}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{AEED3375-2EE5-4E0F-83FB-4DCBB7795A71}: NameServer = 8.26.56.26,156.154.70.22
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-11 16:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(1672)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\rsvp.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Voltooingstijd: 2012-04-11 16:48:36 - machine werd herstart
ComboFix-quarantined-files.txt 2012-04-11 14:48
ComboFix2.txt 2012-04-10 16:17
.
Pre-Run: 59.784.192.000 bytes beschikbaar
Post-Run: 59.776.675.840 bytes beschikbaar
.
- - End Of File - - C5103566EACAA34C04A1DA9F7938B607
  • 0

#18
Ronald Bruns

Ronald Bruns

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
...Then we ran MBAM and ESET, although I'm not sure the ESET-Anti-Stealth-mode was properly enabled, we're really sorry for that.
They both found nothing. They were both able to update the newest definitions, but the internet-connection still is buggy.

Current system status:
* Hardware issue remains, I checked the Device-manager again, and nothing else seems to be missing. There is 1 unknown device, and I turned that "off." Both network adaptors show up, as all other devices from chipset to USB, disks, everything is there and works. So the "Unknown Device" is a bit of a mystery to us...
* Resetting the wireless connection by right-clicking on the icon in the system-tray still mentions the DNS-cache cannot be cleaned.
* Browser still giver DNS-lookup-failure / works normal / works very slowly at complete random.
* Microsoft Update still doesn't work.


Ah, and when I inserted my USB-stick in the system today for the first time (autostart is off for everything) to transfer the CFScript, MBAM- and ESET-installation files, it wouldn't let me disconnect (icon system tray) the USB afterwords, mentioning a program was still using it, while nothing was running except basic tasks always mentioned in Task Manager. I just turned the PC off, took out the USB and rebooted, but I thought it was rather..., "special"


Here is the MBAM log, I seem to have misplaced (?) the ESET log, but both turned up with nothing, so I have to run that ESET-Stealth-scan ASAP:

-Thanks

*** mbam-log-2012-04-11 (16-57-04).txt ***

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Databaseversie: v2012.04.11.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: MIJNPC [administrator]

11-4-2012 16:57:04
mbam-log-2012-04-11 (16-57-04).txt

Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 167506
Verstreken tijd: 1 minuut/minuten, 36 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)
  • 0

#19
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Clean logs, so the system appears clean now. Good work. How is everything running?
  • 0

#20
Ronald Bruns

Ronald Bruns

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I'm not sure the ESET-Anti-Stealth-mode was properly enabled, we're really sorry for that.
The internet-connection still is very buggy.

Current system status:
* Hardware issue remains, I checked the Device-manager again, and nothing else seems to be missing. There is 1 unknown device, and I turned that "off." Both network adaptors show up, as all other devices from chipset to USB, disks, everything is there and works. So the "Unknown Device" is a bit of a mystery to us...
(EDIT: The "new hardware" has been detected since the first reboot after the first Combofix-scan)
* Resetting the wireless connection by right-clicking on the icon in the system-tray still mentions the DNS-cache cannot be cleaned.
* Browser still giver DNS-lookup-failure / works normal / works very slowly / at complete random.
* Microsoft Update doesn't work.


Ah, and when I inserted my USB-stick in the system today for the first time (autostart is off for everything) to transfer the CFScript, MBAM- and ESET-installation files, it wouldn't let me disconnect (icon system tray) the USB afterwords, mentioning a program was still using it, while nothing was running except basic tasks always mentioned in Task Manager. I just turned the PC off, took out the USB and rebooted, but I thought it was rather..., "special"

I'll run the ESET-Anti-stealth ASAP.

-Thanks

EDIT 2: The ESET-stealth-scan found nothing, and didn't produce a log I could find. Connectivity-issues remain, both on LAN-cable as Wireless. DNS-cache can't be cleared.
We installed "Sandboxie," for the sandboxed-browser, but no other active security software.

Edited by Ronald Bruns, 12 April 2012 - 02:59 PM.

  • 0

#21
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Before we look at all the other items, we need to know what that problem device is.

Right click My Computer, left click Manage.

In that menu click Device Manager.

Double click on the unknown device, click the Details tab, change the drop down to Hardware Ids, then write down and post what the top line under that shows please.
  • 0

#22
Ronald Bruns

Ronald Bruns

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hi Jintan,

There is no Hardware-ID, it's empty.
The first one is Device-id, and that states ROOT\LEGACY_SASKUTIL\0000
But most of them are empty.
  • 0

#23
Ronald Bruns

Ronald Bruns

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hi Jintan,

I just found out that hardware device may be a leftover from SuperAntiSpyware (SAS), it is mentioned on their own forums.
I have downloaded their special un-install-tool and we'll run that first thing in the morning...



EDIT= Update:
There is no longer any hardware conlfict or unknown device in the device manager!
We re-installed SAS, ran SASUNINSTALL.EXE from their website (WinXP-32 version), the pc rebooted and everything seems to be fine now, hardware-wise.


System problems:
- BAD connection to internet (random)
- DNS-cache can't be cleared
- Microsoft-Updates are found, downloaded, prepared to install, installed even and then FAIL, just like before, so I turned auto-update off for now.

Thanks!

Edited by Ronald Bruns, 13 April 2012 - 05:55 AM.

  • 0

#24
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
As I just posted in another thread here where I had failed to reply, I offer my apologies. I let myself get busy elsewhere, and forget to check here. Assuming you would still like to correct those problems:

Go here and download Cédric GEORGEOT's CAT – Crisis Aversion Tool, then click that cat.exe to run the tool.

(For the download link, scroll down and click "ici" in: Bref, un must have à télécharger d’urgence ici. <------).

When CAT opens, click the left-side Fixes tab. Place a check next to:

Flush DNS Resolver Cache
Reset All Networking Interfaces
Reset Windows Update


Then click Apply Checked Fixes, and agree to start the installer service. When it completes it's changes, click the upper left X and agree to close CAT. It will also open a log file - just close that for now.

A Caution - Please refrain from the temptation to effect other changes with CAT.

Then reboot, and check for improvements.
  • 0

#25
Ronald Bruns

Ronald Bruns

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Glad to hear again from you,

We ran CAT.exe as instructed and it seems it has "some" effect. After 24 hours of "testing" the system we found the following:
The internet-connection itself seems stable and responsive. Before, we never knew if it was going to find Google.com or not, now it always does.
Also, after the CAT.exe we were able to manually install some KB's from Microsoft.com to fix a known Language error, Microsoft Update is working correctly again, which feels like a victory !!!
Applications that need internet connections like Google Earth and MBAM updates are also working fine again.

The issues that still remain are:
- Resetting the wireless connection still leaves a final message: "DNS-cache can't be cleaned."
- YouTube.com videos (Flash-stuff) only loads a first few seconds, then "hangs." Re-installing browser / un-installing all Flash software / Different browser doesn't resolve this. Also, internet radio (also flash-plugin) stops after about 5 minutes. Reloading pages, clearing caches, nothing works.

Thanks!
  • 0

Advertisements


#26
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Cat.exe does seem to have one downside. Please go to Control Panel - Automatic Updates, and see if the option to change the settings for it is available (example - change from "Automatically" to "Notify me..").

Run and post a new OTL log please.
  • 0

#27
Ronald Bruns

Ronald Bruns

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
We forgot to mention that the "Automatic Updates" settings within the security center can't be changed anymore after running CAT.exe
Manually visiting MS update works now.


We will post an OTL log next Monday, around 18.00 GMT.

Thanks.
  • 0

#28
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Just do the following to correct the auto update issue. May need to reboot to complete the changes.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"AUOptions"=-
"NoAutoUpdate"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate]
"DisableWindowsUpdateAccess"=-
Open Notepad (Start - Run, type Notepad then press OK), and copy the text in the box above and paste it into the open Notepad textbox.

Save this to your desktop as "updates.reg"

Be sure to include the "" quotes in the name.

Then right click updates.reg, select Merge, and allow it to merge the new information with the Registry.
  • 0

#29
Ronald Bruns

Ronald Bruns

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hi Jintan,

Thanks for the updates.reg, it worked like a charm. Microsoft Update works well, and the settings can be changed again.
Just out of curiosity, you did mean "Be sure to exclude" the parantheses (""), right?
I always get an error that files/directories cannot have " / and stuff included in the file-name.



After a long shutdown, the system seems to have a lot of trouble to connect to the net.
Rebooting a few times helps, and when it connects, it stays connected, and re-connects well after reboots and/or short shutdowns.
Youtube movies still only load a few seconds, clearing cache in browser and even CCleaner after closing the browser doesn't help.

Also, last Saturday, my uncle encountered his first BSOD, he wrote down the detail, but I forgot to take the note with me, sorry.
I remember it was a 0x000..08 error from ig*fx.dll. Coincidentally, I had a BSOD on my own system miles away at the exact same time, so I guess it was a power-peak or something, as we had some lightning as well. My BSOD was related to my nVidea driver, also a 0x00...08 error.

And finally, here's the new OTL log.
We ran it after updating the registry and rebooting first, of course.

-Thanks



*** OTL_April23.txt ***

OTL logfile created on: 23-4-2012 15:56:46 - Run 4
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Tegeloramix\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1013,54 Mb Total Physical Memory | 735,89 Mb Available Physical Memory | 72,61% Memory free
2,38 Gb Paging File | 2,21 Gb Available in Paging File | 93,03% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,50 Gb Total Space | 53,78 Gb Free Space | 72,20% Space Free | Partition Type: NTFS
Drive E: | 14,72 Gb Total Space | 10,07 Gb Free Space | 68,41% Space Free | Partition Type: FAT32

Computer Name: MIJNPC | User Name: Tegeloramix | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-04-22 13:05:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tegeloramix\Bureaublad\OTL.exe
PRC - [2012-03-22 12:14:16 | 000,452,880 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2012-03-22 12:14:16 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012-01-13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011-10-14 08:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia PSI\psia.exe
PRC - [2011-10-14 08:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia PSI\sua.exe
PRC - [2011-10-14 08:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia PSI\psi_tray.exe
PRC - [2008-07-03 17:18:06 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2012-03-22 12:14:16 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012-01-13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-10-14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011-10-14 08:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia PSI\sua.exe -- (Secunia Update Agent)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\TEGELO~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012-03-22 12:14:14 | 000,134,416 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011-12-10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011-06-09 17:43:34 | 001,756,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2010-11-25 22:37:31 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mvxxmm.sys -- (mvxxmm)
DRV - [2010-11-25 22:37:31 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv64xxmm.sys -- (mv64xxmm)
DRV - [2010-11-25 22:37:31 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv61xxmm.sys -- (mv61xxmm)
DRV - [2010-09-01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010-07-30 17:36:12 | 000,224,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6B528F7B-1290-4F85-BA27-8515B393FF4B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6B528F7B-1290-4F85-BA27-8515B393FF4B}: "URL" = http://www.google.co...age={startPage}
IE - HKLM\..\SearchScopes\{6BA4BBC5-3A34-465E-A7AD-CA216AD72022}: "URL" = http://en.wikipedia....h={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-1757981266-583907252-1177238915-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1757981266-583907252-1177238915-1004\..\SearchScopes,DefaultScope = {6B528F7B-1290-4F85-BA27-8515B393FF4B}
IE - HKU\S-1-5-21-1757981266-583907252-1177238915-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1757981266-583907252-1177238915-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Tegeloramix\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Tegeloramix\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Tegeloramix\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Tegeloramix\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Tegeloramix\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Tegeloramix\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: WOT = C:\Documents and Settings\Tegeloramix\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.13_0\
CHR - Extension: YouTube = C:\Documents and Settings\Tegeloramix\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Zoeken = C:\Documents and Settings\Tegeloramix\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Tegeloramix\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.31_0\
CHR - Extension: Better Pop Up Blocker = C:\Documents and Settings\Tegeloramix\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\
CHR - Extension: Gmail = C:\Documents and Settings\Tegeloramix\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-04-11 16:47:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKU\S-1-5-21-1757981266-583907252-1177238915-1004..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Secunia PSI Tray.lnk = C:\Program Files\Secunia PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-1757981266-583907252-1177238915-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1757981266-583907252-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1757981266-583907252-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1757981266-583907252-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1757981266-583907252-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-1757981266-583907252-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-1757981266-583907252-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O7 - HKU\S-1-5-21-1757981266-583907252-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1757981266-583907252-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1757981266-583907252-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-1757981266-583907252-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.35.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEED3375-2EE5-4E0F-83FB-4DCBB7795A71}: DhcpNameServer = 212.54.40.25 212.54.35.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Ierland.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Ierland.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-08-24 14:35:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-04-23 15:54:01 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tegeloramix\Bureaublad\OTL.exe
[2012-04-23 15:52:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tegeloramix\Onlangs geopend
[2012-04-23 15:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012-04-21 00:04:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Google Earth
[2012-04-20 15:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012-04-20 14:21:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2012-04-20 14:20:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012-04-20 14:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tegeloramix\Application Data\Malwarebytes
[2012-04-20 14:09:36 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012-04-20 14:05:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012-04-20 14:00:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-04-20 14:00:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-04-20 14:00:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-04-20 14:00:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-04-20 13:57:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tegeloramix\Menu Start\Programma's\Systeembeheer
[2012-04-20 13:57:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tegeloramix\Mijn documenten\Mijn video's
[2012-04-20 13:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Sandboxie
[2012-04-20 13:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012-04-20 13:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tegeloramix\Mijn documenten\Downloads
[2012-04-20 13:41:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tegeloramix\Bureaublad\Afblijven
[2012-04-20 13:40:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tegeloramix\Application Data\Google
[2012-04-19 18:00:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tegeloramix\Application Data\Macromedia
[2012-04-19 17:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO Firewall
[2012-04-19 17:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tegeloramix\Menu Start\Programma's\Google Chrome
[2012-04-19 17:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tegeloramix\Local Settings\Application Data\Google
[2012-04-19 17:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tegeloramix\Application Data\Adobe
[2012-04-19 17:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tegeloramix\Local Settings\Application Data\Secunia PSI
[2012-04-19 17:26:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tegeloramix\PrivacIE
[2012-04-19 17:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tegeloramix\Local Settings\Application Data\Privatefirewall
[2012-04-19 17:20:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tegeloramix\Application Data\Identities
[2012-04-19 17:20:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tegeloramix\Mijn documenten\Mijn muziek
[2012-04-19 17:20:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tegeloramix\Mijn documenten\Mijn afbeeldingen
[2012-04-19 17:20:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tegeloramix\Cookies
[2012-04-19 17:20:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Tegeloramix\Application Data\Microsoft
[2012-04-19 17:20:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tegeloramix\Application Data
[2012-04-19 17:20:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tegeloramix\Favorieten
[2012-04-19 17:20:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tegeloramix\IETldCache
[2012-04-19 17:20:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tegeloramix\Bureaublad
[2012-04-19 17:20:28 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Tegeloramix\Local Settings\Application Data\Microsoft
[2012-04-19 17:20:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tegeloramix\SendTo
[2012-04-19 17:20:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tegeloramix\Menu Start\Programma's\Opstarten
[2012-04-19 17:20:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tegeloramix\Mijn documenten
[2012-04-19 17:20:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tegeloramix\Menu Start
[2012-04-19 17:20:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tegeloramix\Menu Start\Programma's\Bureau-accessoires
[2012-04-19 17:20:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tegeloramix\Sjablonen
[2012-04-19 17:20:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tegeloramix\Netwerkprinteromgeving
[2012-04-19 17:20:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tegeloramix\NetHood
[2012-04-19 17:20:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tegeloramix\Local Settings
[2012-04-19 17:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\$Afblijven$
[2012-04-19 17:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Extra's
[2012-04-19 17:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Onderhoud
[2012-04-19 17:10:39 | 000,000,000 | ---D | C] -- C:\Downloads
[2012-04-19 17:00:16 | 000,000,000 | ---D | C] -- C:\Program Files\Private Firewall
[2012-04-19 17:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Privacyware
[2012-04-19 16:53:36 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia PSI
[2012-04-19 16:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012-04-19 16:14:20 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll
[2012-04-19 16:14:20 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imagehlp.dll
[2012-04-19 16:09:46 | 000,000,000 | ---D | C] -- C:\CAT-Logs
[2012-04-12 17:42:51 | 000,000,000 | R--D | C] -- C:\Sandbox
[2012-04-12 16:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012-04-10 18:15:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2012-04-10 18:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2012-04-10 18:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2012-04-10 18:07:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-04-10 18:06:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012-04-10 18:06:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-04-09 17:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tegeloramix\Bureaublad\DnDeze
[2012-04-09 17:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012-04-03 19:24:10 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71.dll
[2012-04-03 19:24:08 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2012-03-30 17:09:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012-03-30 15:23:59 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-04-23 15:55:30 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-04-23 15:55:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-04-23 15:55:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2012-04-23 15:55:24 | 000,118,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-04-23 15:55:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-04-23 15:54:47 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\Tegeloramix\NTUSER.DAT
[2012-04-23 15:54:47 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Tegeloramix\ntuser.ini
[2012-04-23 15:54:41 | 004,832,508 | -H-- | M] () -- C:\Documents and Settings\Tegeloramix\Local Settings\Application Data\IconCache.db
[2012-04-23 15:44:00 | 000,001,168 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-583907252-1177238915-1005UA.job
[2012-04-23 15:12:00 | 000,001,168 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-583907252-1177238915-500UA.job
[2012-04-23 15:04:00 | 000,001,058 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-04-23 14:55:00 | 000,001,160 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-583907252-1177238915-1004UA.job
[2012-04-23 14:40:40 | 000,000,266 | ---- | M] () -- C:\Documents and Settings\Tegeloramix\Bureaublad\updates.reg
[2012-04-23 01:12:00 | 000,001,116 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-583907252-1177238915-500Core.job
[2012-04-22 13:05:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tegeloramix\Bureaublad\OTL.exe
[2012-04-22 03:33:06 | 001,106,214 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2012-04-22 03:33:06 | 000,505,176 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2012-04-22 03:33:06 | 000,437,066 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-04-22 03:33:06 | 000,087,944 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2012-04-22 03:33:06 | 000,067,704 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-04-21 18:44:00 | 000,001,116 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-583907252-1177238915-1005Core.job
[2012-04-21 17:55:00 | 000,001,108 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-583907252-1177238915-1004Core.job
[2012-04-20 14:51:36 | 000,001,478 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2012-04-20 14:07:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2012-04-20 13:55:28 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Tegeloramix\Bureaublad\Sandboxed Web Browser.lnk
[2012-04-20 13:55:28 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Tegeloramix\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012-04-20 13:40:38 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Tegeloramix\Bureaublad\Google Earth.lnk
[2012-04-19 17:36:58 | 000,000,028 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012-04-19 17:20:50 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Tegeloramix\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureaublad weergeven.scf
[2012-04-19 16:53:38 | 000,000,715 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Secunia PSI Tray.lnk
[2012-04-11 16:47:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-04-10 18:07:19 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012-04-04 17:50:14 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012-04-03 19:24:10 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2012-04-03 19:24:10 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-04-23 15:55:24 | 000,118,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-04-23 15:53:45 | 000,000,266 | ---- | C] () -- C:\Documents and Settings\Tegeloramix\Bureaublad\updates.reg
[2012-04-20 14:00:06 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-04-20 14:00:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-04-20 14:00:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-04-20 14:00:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-04-20 14:00:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-04-20 13:55:39 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Tegeloramix\Bureaublad\Sandboxed Web Browser.lnk
[2012-04-20 13:55:39 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Tegeloramix\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012-04-20 13:55:37 | 000,001,478 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2012-04-20 13:40:38 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Tegeloramix\Bureaublad\Google Earth.lnk
[2012-04-19 18:39:58 | 000,001,168 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-583907252-1177238915-1005UA.job
[2012-04-19 18:39:57 | 000,001,116 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-583907252-1177238915-1005Core.job
[2012-04-19 17:50:51 | 000,001,160 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-583907252-1177238915-1004UA.job
[2012-04-19 17:50:50 | 000,001,108 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-583907252-1177238915-1004Core.job
[2012-04-19 17:33:37 | 004,832,508 | -H-- | C] () -- C:\Documents and Settings\Tegeloramix\Local Settings\Application Data\IconCache.db
[2012-04-19 17:20:50 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Tegeloramix\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureaublad weergeven.scf
[2012-04-19 17:20:39 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Tegeloramix\Menu Start\Programma's\Internet Explorer.lnk
[2012-04-19 17:20:32 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\Tegeloramix\ntuser.ini
[2012-04-19 17:20:29 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Tegeloramix\Menu Start\Programma's\Hulp op afstand.lnk
[2012-04-19 17:20:29 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Tegeloramix\Menu Start\Programma's\Windows Media Player.lnk
[2012-04-19 17:20:28 | 001,310,720 | -H-- | C] () -- C:\Documents and Settings\Tegeloramix\NTUSER.DAT
[2012-04-19 17:00:17 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012-04-19 16:53:38 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Secunia PSI Tray.lnk
[2012-04-10 18:07:19 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012-04-10 18:07:16 | 000,261,936 | RHS- | C] () -- C:\cmldr
[2012-03-30 15:21:39 | 000,001,912 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012-02-15 18:13:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011-08-24 16:23:38 | 001,106,214 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011-08-24 16:23:36 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011-08-24 16:17:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2011-08-24 16:17:36 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2011-08-24 16:17:32 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2011-08-24 16:17:32 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2011-08-24 14:44:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011-08-24 14:35:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2011-08-24 14:34:13 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2011-08-24 14:34:10 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2011-08-24 14:31:55 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011-08-24 14:31:42 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2011-08-24 14:31:42 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2011-08-24 14:30:48 | 000,027,404 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2011-08-24 14:30:47 | 000,003,864 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2010-11-25 22:27:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

< End of report >
  • 0

#30
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
The log results look good. Can you get a copy of that BSOD dump log for me?

Navigate (right click My Computer, left click Explore) to the following folder:

c:\windows\minidump

And if one is there, locate in it any recent minidump(date-somenumber).dmp files created, where "date-somenumber" matches dates of any recent crashes there. If they exist, then just zip a copy of it, and send it to [noparse][email protected][/noparse] as an attachment. Please place "Submitted Files - Ronald Bruns/g2g/dmp" as the email Subject.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP