Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Troy advised I start malware removal topic here [Solved]

Started by Dad_man , Mar 29 2012 12:06 PM

  • This topic is locked This topic is locked

#1
Dad_man
Posted 29 March 2012 - 12:06 PM

Dad_man

    New Member

  • Member
  • Pip
  • 9 posts
Hello all,

I have started a topic at the network section earlier, because I have some serious issues with being port-scanned many times a minute, after one of the kids installed some malware on a laptop. I re-installed it, but the port-scans persist and even hamper connection-speeds now and then. The ports that are being tried to be opened are: 25, 139, 443, 445(90% of all the times), 1433, 3389, 4899 and finally, 5900.

I got myself a new ISP, (new modem/router to be installed, temporary UMTS sticks now) but I wanted to make sure everything is in order before I hook up all our systems to the new network. As I am a journalist, I want to at least make sure I can communicate safely with this system before I do anything else. Secure banking would be nice as well... I hope anyone can help me.

Thank you in advance for your time.

Here's my OTL log:

OTL logfile created on: 29-3-2012 19:43:07 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Ad\Bureaublad
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

2,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 80,02% Memory free
2,60 Gb Paging File | 2,32 Gb Available in Paging File | 89,07% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35,00 Gb Total Space | 25,46 Gb Free Space | 72,73% Space Free | Partition Type: NTFS
Drive D: | 39,53 Gb Total Space | 38,30 Gb Free Space | 96,90% Space Free | Partition Type: NTFS

Computer Name: XPTEST | User Name: Ad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-03-29 18:56:42 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ad\Bureaublad\OTL.exe
PRC - [2012-03-11 23:13:21 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012-03-11 23:13:00 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011-12-27 09:40:10 | 000,359,936 | ---- | M] (The Privoxy team - www.privoxy.org) -- C:\Program Files\Privoxy\privoxy.exe
PRC - [2011-11-03 10:29:04 | 004,657,048 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files\SpeedFan\speedfan.exe
PRC - [2011-10-14 08:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia_PSI\psia.exe
PRC - [2011-10-14 08:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia_PSI\psi_tray.exe
PRC - [2011-06-15 16:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011-04-27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008-04-14 19:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012-03-29 19:01:08 | 000,192,512 | ---- | M] () -- C:\Documents and Settings\Ad\Local Settings\Temp\sfamcc00001.dll
MOD - [2012-03-29 19:01:08 | 000,172,032 | ---- | M] () -- C:\Documents and Settings\Ad\Local Settings\Temp\sfareca00001.dll
MOD - [2012-01-03 15:10:50 | 000,300,544 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD
MOD - [2011-12-27 09:40:10 | 000,086,528 | ---- | M] () -- C:\Program Files\Privoxy\mgwz.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012-03-11 23:13:21 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011-10-14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia_PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011-04-27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Fxdrv.sys -- (FXDRV)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012-03-28 12:47:00 | 000,032,768 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2012-03-28 12:47:00 | 000,004,096 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\siside.sys -- (SiSide)
DRV - [2012-03-11 23:13:46 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012-03-11 23:13:45 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012-03-11 23:13:44 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011-03-18 18:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010-09-01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2005-06-20 16:08:44 | 002,324,480 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004-08-04 00:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002-10-17 09:14:46 | 000,049,024 | R--- | M] (Windows ® 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002-08-20 11:19:08 | 000,009,472 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [1996-04-03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Ad\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Ad\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)


[2012-03-24 16:26:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ad\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Ad\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Ad\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Ad\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Ad\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: WOT = C:\Documents and Settings\Ad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.12_0\
CHR - Extension: Hide My [bleep]! Web Proxy = C:\Documents and Settings\Ad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd\1.2.4_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Ad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.22_0\
CHR - Extension: IP Address and Domain Information = C:\Documents and Settings\Ad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lhgkegeccnckoiliokondpaaalbhafoa\3.11_0\
CHR - Extension: Better Pop Up Blocker = C:\Documents and Settings\Ad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\

O1 HOSTS File: ([2006-04-10 14:00:00 | 000,000,776 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\Ad\Menu Start\Programma's\Opstarten\SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Secunia PSI Tray.lnk = C:\Program Files\Secunia_PSI\psi_tray.exe (Secunia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1322138425372 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7074664-653A-4FC4-95A1-C8E0CA1E1B96}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7074664-653A-4FC4-95A1-C8E0CA1E1B96}: NameServer = 8.26.56.26,156.154.70.22
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Ad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-11-24 14:56:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-03-29 19:08:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ad\Onlangs geopend
[2012-03-29 18:56:51 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ad\Bureaublad\OTL.exe
[2012-03-29 14:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012-03-28 22:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ad\Bureaublad\Drivers
[2012-03-28 20:48:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ad\Application Data\ImgBurn
[2012-03-28 20:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ad\Bureaublad\B_Dog
[2012-03-28 20:44:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\ImgBurn
[2012-03-28 20:43:53 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2012-03-28 14:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\7-Zip
[2012-03-28 14:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012-03-28 13:32:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ad\Application Data\Malwarebytes
[2012-03-28 13:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware
[2012-03-28 13:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012-03-28 13:31:55 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012-03-28 13:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-03-24 16:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ad\Local Settings\Application Data\Mozilla
[2012-03-24 16:04:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ad\Application Data\tor
[2012-03-24 16:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ad\Data
[2012-03-23 19:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ad\Application Data\Mozilla
[2012-03-23 18:59:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ad\Bureaublad\Tor Browser
[2012-03-23 18:55:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Privoxy
[2012-03-23 18:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\Privoxy
[2012-03-23 14:43:03 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2012-03-03 16:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012-03-03 16:13:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012-03-03 15:15:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Software
[2012-03-03 15:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ad\Local Settings\Application Data\Temp
[2012-03-03 15:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ad\Local Settings\Application Data\Adobe
[2012-03-03 15:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ad\Local Settings\Application Data\Secunia PSI
[2012-03-03 15:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia_PSI
[2012-03-03 14:57:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012-03-03 14:57:21 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012-03-03 14:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012-03-03 14:46:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2012-03-03 14:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012-03-03 14:46:02 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012-03-03 14:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2012-03-03 14:42:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ad\Application Data\.#
[2012-03-03 13:58:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2012-03-03 13:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-03-29 19:00:43 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012-03-29 19:00:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-03-29 19:00:31 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2012-03-29 18:56:42 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ad\Bureaublad\OTL.exe
[2012-03-28 20:44:17 | 000,001,535 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\ImgBurn.lnk
[2012-03-28 13:32:03 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\Ad\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012-03-28 13:16:17 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-03-28 12:48:00 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\wdl.trm
[2012-03-28 12:47:53 | 000,937,984 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.sve
[2012-03-28 12:47:32 | 001,630,208 | ---- | M] () -- C:\WINDOWS\System32\nwiz.exe
[2012-03-28 12:47:30 | 001,703,936 | ---- | M] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2012-03-28 12:47:30 | 001,019,904 | ---- | M] () -- C:\WINDOWS\System32\nvwimg.dll
[2012-03-28 12:47:29 | 000,466,944 | ---- | M] () -- C:\WINDOWS\System32\nvshell.dll
[2012-03-28 12:47:29 | 000,073,728 | ---- | M] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2012-03-28 12:47:27 | 000,286,720 | ---- | M] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2012-03-28 12:47:25 | 001,486,848 | ---- | M] () -- C:\WINDOWS\System32\nview.dll
[2012-03-28 12:47:24 | 001,339,392 | ---- | M] () -- C:\WINDOWS\System32\nvdspsch.exe
[2012-03-28 12:47:20 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\nvappbar.exe
[2012-03-28 12:47:20 | 000,126,976 | R--- | M] () -- C:\WINDOWS\System32\nv3drus.chm
[2012-03-28 12:47:07 | 000,425,984 | ---- | M] () -- C:\WINDOWS\System32\keystone.exe
[2012-03-28 12:47:03 | 000,139,264 | R--- | M] () -- C:\WINDOWS\System32\IDEproperty.dll
[2012-03-28 12:47:00 | 000,032,768 | R--- | M] (SiS Corporation) -- C:\WINDOWS\System32\drivers\sisnicxp.sys
[2012-03-28 12:46:46 | 000,040,960 | R--- | M] () -- C:\WINDOWS\System32\ChCfg.exe
[2012-03-27 12:55:42 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Ad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-03-25 03:36:23 | 000,542,340 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2012-03-25 03:36:23 | 000,472,808 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-03-25 03:36:23 | 000,095,728 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2012-03-25 03:36:23 | 000,075,520 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-03-23 19:10:59 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Ad\Menu Start\Programma's\Opstarten\SpeedFan.lnk
[2012-03-23 18:55:16 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Privoxy.lnk
[2012-03-23 14:44:42 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\Ad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012-03-23 13:37:20 | 000,000,513 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Secunia PSI Tray.lnk
[2012-03-11 23:13:46 | 000,097,760 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2012-03-11 23:13:45 | 000,031,704 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2012-03-11 23:13:44 | 000,494,968 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2012-03-11 23:13:43 | 000,018,056 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2012-03-11 23:13:19 | 000,033,984 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2012-03-11 23:13:18 | 000,301,224 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2012-03-03 16:17:44 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012-03-03 15:20:10 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Taakbeheer.lnk
[2012-03-03 13:40:36 | 000,002,845 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-03-28 20:44:17 | 000,001,535 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\ImgBurn.lnk
[2012-03-28 13:32:03 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Ad\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012-03-27 12:55:42 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Ad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-03-23 19:10:59 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Ad\Menu Start\Programma's\Opstarten\SpeedFan.lnk
[2012-03-23 18:55:16 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Privoxy.lnk
[2012-03-23 13:37:20 | 000,000,513 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Secunia PSI Tray.lnk
[2012-03-03 16:17:44 | 000,001,912 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012-03-03 16:17:10 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Security Essentials.lnk
[2012-03-03 15:18:33 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Taakbeheer.lnk
[2012-03-03 13:48:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-03-03 13:48:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2011-11-24 15:38:17 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011-11-24 14:59:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011-11-24 14:51:13 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011-11-24 14:26:35 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2011-11-24 14:26:27 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2011-11-24 14:26:27 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011-11-24 14:24:07 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll

========== LOP Check ==========

[2012-03-03 14:43:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Ad\Application Data\.#
[2012-03-28 20:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ad\Application Data\ImgBurn
[2012-03-29 18:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

< End of report >

Attached Files


  • 0

Advertisements

#2
Dad_man
Posted 02 April 2012 - 06:45 AM

Dad_man

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Update:

With the help of my neighbor, we completely re-formatted, re-partitioned and re-installed every system we have, and he also helped me install some features found in the various guides on this site, like a host file, pecunia psi, a sandbox and so on. It has been a major overhaul this weekend, but at least I feel safe again. Thank you for your time...!
  • 0

#3
Gammo
Posted 07 April 2012 - 08:38 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP