Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help removing SnapDo/WebSearch. [Closed] [Solved]


  • This topic is locked This topic is locked

#16
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Admirgency

do this in all accounts and be sure to follow all instructions - also bing is a legit search engine and should be able to be changed in setting - combofix set things to default in the account that it was run in - so set the default browsers when we are done




We need to reset Chrome back to defaults to completely clear out what is going on.

We can keep the bookmarks by exporting them - Export Bookmarks


Then I need you to go Google Sync and sign into your account

scroll down untill you see the "Stop and Clear" button and click on button

At the prompt click on "Ok"

Now we need to uninstall chrome

I want you to uninstall Chrome and if asked about user data or settings then remove this also

restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome

After you have Chrome reinstalled please check things out and let me know how it is doing.

Gringo
  • 0

Advertisements


#17
Admirgency

Admirgency

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Hi Gringo.

IE/Bing : see ScrSh "25 mei 2013 - 10aII" in post # 8 of this thread, in Guest-acc Bing is listed twice among search engines. In both other computer-acc's it is listed once.

IE should be standard browser in all accounts of this comp. Besides i should be able to reset via MS IE pop-up message asking for reset to IE as standard. Somehow the "Yes i want IE to be standard" is ignored.
If Combofix reset to what is standard in Owner acc then malware or hacker has reset in Owner, & thus has elevated rights on this comp.


Google Chrome + Email : see PM i sent you.

Edited by Admirgency, 26 May 2013 - 02:15 AM.

  • 0

#18
Admirgency

Admirgency

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
I don't have a Google account. Can this be done with a random Google acc.? Can it be done with only the most/last used Google acc. or do all of the used google acc's need to be checked?

If not can't Revo Uninstaller or simular program at high sensitivity uninstall?
  • 0

#19
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Uninstall chrome and when you reinstall it and you open it on the right you will see were it says "sign in" don't sign in


gringo
  • 0

#20
Admirgency

Admirgency

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Uninstalled and re-installed Chrome.
  • In all accounts: At every reboot and/or login to another computer-acc Windows Security Center warns of MS SE not being enabled while MS SE itself shows green with realtime protection enabled. ;
  • in Owner-acc, : Avira startpage remains though be it as 2nd tab. 1st tab is for Google login. ;
  • In User acc : SnapDo remains among search engines. ;
  • in Guest acc. : Isearch.AVG remains among search engines. ;
  • for guest acc. : (external) coördinator will not log in to chrome (i hope).


  • [edit] in all acc's : IE = standard browser again.
  • in all accounts : new tab pages for chrome are OK.
  • [2nd edit] i forgot to mention Ask, it's still in all acc's

Edited by Admirgency, 27 May 2013 - 11:07 AM.

  • 0

#21
Admirgency

Admirgency

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Hi Gringo.

3 out of 5 times since last friday, when i booted this computer into Guest-acc. at the beginning of the workingday, MS SE Realtime prot. was disabled and i could not update MS SE. Systemtray did not give a message for Windows Security Center, though sys.tray messages were enabled how they should be. Once i briefly did get a message that there was no firewall enabled without the message about Security Essentials. Then firewall came online and the message dissapeared.
I rebooted offline and then MS SE realtime prot. was enabled (or so it seemed?). At reboots there-after at the same days MS SE behaved like normal.

Message in Start for not having enough room for all items in Start-menu sometimes appears again though Taskbar -> properties show there should be room for some more items then shown in Start-menu.

Windows Search (often but not always) and Open Office Sofice Bin (sometimes) stall closing off the computer.

(And be assured the Windows XP-computers still in use here - incl. thisone - are all legit).

[edit] I updated Windows (today) and Firefox (yesterday). Languagepack for .NET Framework 3.0 still does not update [endEdit]

Hope to hear from you soon,
Admirgency.

Edited by Admirgency, 05 June 2013 - 01:19 PM.

  • 0

#22
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Admirgency



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Gringo
  • 0

#23
Admirgency

Admirgency

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
When trying to use FRST, I got message it was outdated and option to download latest version fr Bleepingcomputers. i clicked yes but got to what looked as the exact same page.
  • 1st time i downloaded FRST i only got FF-message to accept being directed to another page. 2nd time i got 4 warnings of being directed to less secure pages with one message of others being able to read my info.
  • 1st time i downloaded FRST it would not download immediatly and i had to use the "If download does not start within x time click here"-button. 2nd time it downloaded without that.
  • 2nd download looked exactly the same as the 1st, compairing mouse-over properties as well as richtclick properties.
  • FF Bookmarks for GeeksToGo, made before downloading FRST, did not show the GeeksToGo Icon buta dotted outlined square. (I think that's FF standard for an unknown icon? Hotmail-icon in YahooToolbar for FF looked like that too - don't have hotmail pinned to Yahoo toolbar in Guest-account so i can not compaire).
I used the 1st download clicking "No" to download the latest version. Logfiles given below and in attachement as requested.

FRST.txt :


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-06-2013 01
Ran by Eigenaar (administrator) on 06-06-2013 19:58:35
Running from C:\Documents and Settings\Eigenaar\Bureaublad
Microsoft Windows XP Service Pack 3 (X86) OS Language: Dutch Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
(Wireless) C:\Program Files\Wireless\WPS\jswpbapi.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
() C:\Program Files\Wireless\WPS\jswtrayutil.exe
( ) C:\Program Files\TSST Korea\FW LiveUpdate\FWManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.exe
(Farbar) C:\Documents and Settings\Eigenaar\Bureaublad\7aFRST.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [jswtrayutil] "C:\Program Files\Wireless\WPS\jswtrayutil.exe" [32873 2009-09-24] ()
HKLM\...\Run: [Name of App] C:\Program Files\TSST Korea\FW LiveUpdate\FWManager.exe r [708721 2013-03-08] ( )
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" [74752 2012-06-28] (Nullsoft, Inc.)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1505144 2009-11-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxsrvc.dll (Intel Corporation)
HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-06-16] (Google Inc.)
HKU\Gast\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2008-04-14] (Microsoft Corporation)
HKU\Gast\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
BootExecute: autocheck autochk * pgdfgsvc C 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU -&Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU -&Koppelingen - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
PDF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
PDF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
PDF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1271944706703
PDF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.micr...loadManager.cab
PDF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.11.0.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 195.241.77.55 195.241.77.58

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\bjvlnrw9.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\bjvlnrw9.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi

Chrome:
=======

========================== Services (Whitelisted) =================

R2 jswpbapi; C:\Program Files\Wireless\WPS\jswpbapi.exe [188416 2009-09-21] (Wireless)
S3 jswpsapi; C:\Program Files\Wireless\WPS\jswpsapi.exe [360529 2009-09-21] (wireless)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia)
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

S3 AR9271; C:\Windows\System32\DRIVERS\athuw.sys [1668352 2009-09-16] (Atheros Communications, Inc.)
R2 BrPar; C:\Windows\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R2 fssfltr; C:\Windows\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [807998 2005-06-21] (Intel Corporation)
R3 JSWSCIMD; C:\Windows\System32\DRIVERS\jswscimd.sys [57440 2009-09-21] (Atheros Communications, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R3 STAC97NA; C:\Windows\System32\drivers\stac97na.sys [296179 2002-07-07] (SigmaTel Inc.)
R3 STAC97NH; C:\Windows\System32\drivers\stac97nh.sys [231983 2002-07-07] (SigmaTel Inc.)
S3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\Windows\System32\drivers\ialmsbw.sys [108480 2002-12-30] (Intel Corporation)
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\Windows\System32\drivers\ialmkchw.sys [78144 2002-12-30] (Intel Corporation)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S3 catchme; \??\C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\catchme.sys [x]
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
U3 TlntSvr;
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-06 19:58 - 2013-06-06 19:58 - 00000000 ___DC C:\FRST
2013-06-04 09:27 - 2013-06-04 09:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-26 01:05 - 2013-05-26 01:05 - 00000000 ___DC C:\_OTL
2013-05-25 12:07 - 2013-05-25 12:07 - 00012473 ___AC C:\ComboFix.txt
2013-05-25 02:35 - 2013-05-25 02:35 - 00000000 RASHDC C:\cmdcons
2013-05-25 02:35 - 2013-03-26 15:52 - 00000211 ___AC C:\Boot.bak
2013-05-25 02:35 - 2004-08-03 23:00 - 00261936 RASHC C:\cmldr
2013-05-25 02:30 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-05-25 02:30 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-05-25 02:30 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-05-25 02:30 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-05-25 02:30 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-05-25 02:30 - 2000-08-31 02:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2013-05-25 02:30 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-05-25 02:30 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-05-25 02:30 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-05-25 02:28 - 2013-05-25 12:07 - 00000000 ___DC C:\Qoobox
2013-05-25 02:28 - 2013-05-25 02:54 - 00000000 ____D C:\Windows\erdnt
2013-05-24 16:44 - 2013-05-24 16:44 - 00000000 ____D C:\Windows\ERUNT
2013-05-24 16:43 - 2013-05-24 16:43 - 00000000 ___DC C:\JRT
2013-05-24 16:24 - 2013-05-24 16:24 - 00010933 ___AC C:\AdwCleaner[S1].txt
2013-05-23 19:06 - 2013-05-23 19:06 - 00000000 ____D C:\Documents and Settings\Gast\Local Settings\Application Data\Sun
2013-05-23 19:06 - 2013-05-23 19:06 - 00000000 ____D C:\Documents and Settings\Gast\Application Data\Sun
2013-05-16 09:44 - 2013-05-22 21:37 - 00000000 ____D C:\Documents and Settings\Eigenaar\Application Data\vlc
2013-05-16 09:42 - 2013-05-16 09:42 - 00000000 ____D C:\Program Files\VideoLAN
2013-05-15 09:26 - 2013-05-15 09:28 - 00011968 ____A C:\Windows\KB2829530-IE8.log
2013-05-15 09:04 - 2013-05-15 09:04 - 00005340 ____A C:\Windows\KB2847204-IE8.log
2013-05-15 09:02 - 2013-05-15 09:02 - 00006403 ____A C:\Windows\KB2820197.log
2013-05-15 09:02 - 2013-05-15 09:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-05-15 08:58 - 2013-05-15 08:58 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-05-15 08:53 - 2013-05-15 08:58 - 00009613 ____A C:\Windows\KB2829361.log
2013-05-14 16:39 - 2013-05-14 16:39 - 00000664 ____A C:\Documents and Settings\Werkaccount\Local Settings\Application Data\d3d9caps.tmp
2013-05-14 15:26 - 2013-05-14 15:26 - 00000000 ____D C:\Documents and Settings\Werkaccount\Application Data\Macromedia
2013-05-14 15:26 - 2013-05-14 15:26 - 00000000 ____D C:\Documents and Settings\Werkaccount\Application Data\Adobe
2013-05-14 15:20 - 2013-05-14 15:20 - 00000000 ____D C:\Documents and Settings\Werkaccount\Local Settings\Application Data\Mozilla
2013-05-14 15:20 - 2013-05-14 15:20 - 00000000 ____D C:\Documents and Settings\Werkaccount\Application Data\Mozilla
2013-05-14 15:09 - 2013-05-14 15:33 - 00000000 ____D C:\Documents and Settings\Werkaccount\Application Data\Winamp
2013-05-14 15:04 - 2013-05-14 15:04 - 00000000 ___RD C:\Documents and Settings\Werkaccount\Application Data\Brother
2013-05-14 14:56 - 2013-05-14 16:39 - 00000000 ____D C:\Documents and Settings\Werkaccount\Local Settings\Application Data\Google
2013-05-14 14:50 - 2013-05-14 14:50 - 00000000 __SHD C:\Documents and Settings\Werkaccount\IECompatCache
2013-05-14 14:48 - 2013-05-14 14:48 - 00000000 __SHD C:\Documents and Settings\Werkaccount\PrivacIE
2013-05-14 14:47 - 2013-05-27 18:05 - 00000196 ____A C:\Documents and Settings\Werkaccount\Application Data\TSSTLiveUpdateConfig.ini
2013-05-14 14:47 - 2013-05-14 14:48 - 00029600 ____A C:\Documents and Settings\Werkaccount\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-05-14 14:47 - 2013-05-14 14:47 - 00000000 ____D C:\Documents and Settings\Werkaccount\Application Data\Windows Desktop Search
2013-05-14 14:46 - 2013-05-27 18:07 - 00000188 __ASH C:\Documents and Settings\Werkaccount\ntuser.ini
2013-05-14 14:46 - 2013-05-27 18:06 - 00000000 __RHD C:\Documents and Settings\Werkaccount\Onlangs geopend
2013-05-14 14:46 - 2013-05-27 18:05 - 00000062 __ASH C:\Documents and Settings\Werkaccount\Local Settings\desktop.ini
2013-05-14 14:46 - 2013-05-16 13:13 - 00000000 ____D C:\Documents and Settings\Werkaccount\Bureaublad
2013-05-14 14:46 - 2013-05-14 14:46 - 00000000 __SHD C:\Documents and Settings\Werkaccount\IETldCache
2013-05-14 14:46 - 2010-04-22 15:33 - 00000062 __ASH C:\Documents and Settings\Werkaccount\Application Data\desktop.ini
2013-05-14 14:46 - 2010-04-22 15:33 - 00000000 __SHD C:\Documents and Settings\Werkaccount\Local Settings\Geschiedenis
2013-05-14 14:46 - 2010-04-22 15:33 - 00000000 ___RD C:\Documents and Settings\Werkaccount\Menu Start
2013-05-14 14:46 - 2010-04-22 15:33 - 00000000 ___HD C:\Documents and Settings\Werkaccount\Netwerkprinteromgeving
2013-05-12 11:25 - 2013-06-06 19:56 - 00000940 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-12 11:25 - 2013-05-16 13:56 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-12 11:25 - 2013-05-16 13:56 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-12 10:56 - 2013-05-12 10:56 - 00000000 ____D C:\Program Files\Common Files\Java
2013-05-12 10:55 - 2013-05-12 10:55 - 00263584 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-05-12 10:55 - 2013-05-12 10:55 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-12 10:55 - 2013-05-12 10:55 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-12 10:55 - 2013-05-12 10:55 - 00144896 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl
2013-05-12 10:55 - 2013-05-12 10:55 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-05-07 12:42 - 2010-06-02 04:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-05-07 12:42 - 2010-06-02 04:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2013-05-07 12:42 - 2010-06-02 04:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-05-07 12:42 - 2010-05-26 11:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-05-07 12:41 - 2010-05-26 11:41 - 01998168 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2013-05-07 12:41 - 2010-05-26 11:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2013-05-07 12:41 - 2010-05-26 11:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2013-05-07 12:41 - 2010-05-26 11:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-05-07 12:41 - 2010-02-04 10:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2013-05-07 12:41 - 2010-02-04 10:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2013-05-07 12:41 - 2010-02-04 10:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2013-05-07 12:41 - 2010-02-04 10:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2013-05-07 12:41 - 2009-09-04 17:44 - 00515416 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2013-05-07 12:41 - 2009-09-04 17:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2013-05-07 12:41 - 2009-09-04 17:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2013-05-07 12:41 - 2009-09-04 17:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2013-05-07 12:41 - 2009-09-04 17:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2013-05-07 12:41 - 2009-09-04 17:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2013-05-07 12:41 - 2009-03-09 15:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2013-05-07 12:41 - 2009-03-09 15:27 - 01846632 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
2013-05-07 12:41 - 2009-03-09 15:27 - 00453456 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
2013-05-07 12:40 - 2009-09-04 17:44 - 00069464 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2013-05-07 12:40 - 2009-03-16 14:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2013-05-07 12:40 - 2009-03-16 14:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2013-05-07 12:40 - 2009-03-16 14:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2013-05-07 12:40 - 2008-10-27 10:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2013-05-07 12:40 - 2008-10-27 10:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2013-05-07 12:40 - 2008-10-27 10:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2013-05-07 12:40 - 2008-10-27 10:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2013-05-07 12:40 - 2008-10-10 04:52 - 04379984 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2013-05-07 12:40 - 2008-10-10 04:52 - 02036576 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2013-05-07 12:40 - 2008-10-10 04:52 - 00452440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2013-05-07 12:40 - 2008-07-31 10:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2013-05-07 12:40 - 2008-07-31 10:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2013-05-07 12:40 - 2008-07-31 10:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2013-05-07 12:40 - 2008-07-10 11:01 - 00467984 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2013-05-07 12:40 - 2008-07-10 11:00 - 03851784 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2013-05-07 12:40 - 2008-07-10 11:00 - 01493528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2013-05-07 12:39 - 2008-05-30 14:19 - 00507400 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
2013-05-07 12:39 - 2008-05-30 14:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
2013-05-07 12:39 - 2008-05-30 14:17 - 00065032 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
2013-05-07 12:39 - 2008-05-30 14:17 - 00025608 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
2013-05-07 12:39 - 2008-05-30 14:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
2013-05-07 12:39 - 2008-05-30 14:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
2013-05-07 12:39 - 2008-05-30 14:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
2013-05-07 12:39 - 2008-03-05 16:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
2013-05-07 12:39 - 2008-03-05 16:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
2013-05-07 12:39 - 2008-03-05 16:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
2013-05-07 12:39 - 2008-03-05 15:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
2013-05-07 12:39 - 2008-03-05 15:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
2013-05-07 12:39 - 2008-02-05 23:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
2013-05-07 12:39 - 2007-10-22 03:39 - 00267272 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
2013-05-07 12:39 - 2007-10-12 15:14 - 03734536 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
2013-05-07 12:39 - 2007-10-12 15:14 - 01374232 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
2013-05-07 12:39 - 2007-10-02 09:56 - 00444776 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
2013-05-07 12:39 - 2007-07-20 00:57 - 00267112 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
2013-05-07 12:39 - 2007-07-19 18:14 - 03727720 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
2013-05-07 12:39 - 2007-07-19 18:14 - 01358192 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
2013-05-07 12:39 - 2007-07-19 18:14 - 00444776 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
2013-05-07 12:38 - 2007-10-22 03:37 - 00017928 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
2013-05-07 12:38 - 2007-06-20 20:46 - 00266088 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
2013-05-07 12:38 - 2007-05-16 16:45 - 03497832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
2013-05-07 12:38 - 2007-05-16 16:45 - 01124720 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
2013-05-07 12:38 - 2007-05-16 16:45 - 00443752 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
2013-05-07 12:38 - 2007-04-04 18:55 - 00261480 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
2013-05-07 12:38 - 2007-04-04 18:53 - 00081768 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
2013-05-07 12:38 - 2007-03-15 16:57 - 00443752 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
2013-05-07 12:38 - 2007-03-12 16:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
2013-05-07 12:38 - 2007-03-12 16:42 - 01123696 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
2013-05-07 12:38 - 2007-03-05 12:42 - 00015128 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
2013-05-07 12:38 - 2007-01-24 15:27 - 00255848 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
2013-05-07 12:38 - 2006-12-08 12:02 - 00251672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
2013-05-07 12:38 - 2006-09-28 16:05 - 00237848 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
2013-05-07 12:38 - 2006-07-28 09:30 - 00236824 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
2013-05-07 12:38 - 2006-07-28 09:30 - 00062744 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
2013-05-07 12:38 - 2006-05-31 07:24 - 00230168 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
2013-05-07 12:38 - 2006-03-31 12:40 - 02388176 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
2013-05-07 12:38 - 2006-03-31 12:39 - 00229584 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
2013-05-07 12:38 - 2006-03-31 12:39 - 00062672 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
2013-05-07 12:38 - 2006-02-03 08:43 - 02332368 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
2013-05-07 12:38 - 2006-02-03 08:42 - 00230096 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
2013-05-07 12:38 - 2006-02-03 08:41 - 00014032 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
2013-05-07 12:38 - 2005-12-05 18:09 - 02323664 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
2013-05-07 12:38 - 2005-12-05 18:07 - 00061136 ____A (Microsoft Corporation) C:\Windows\System32\xinput9_1_0.dll
2013-05-07 12:38 - 2005-07-22 19:59 - 02319568 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
2013-05-07 12:38 - 2005-05-26 15:34 - 02297552 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
2013-05-07 12:38 - 2005-03-18 17:19 - 02337488 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
2013-05-07 12:38 - 2005-02-05 19:45 - 02222800 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
2013-05-07 12:34 - 2013-05-07 12:36 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-05-07 12:13 - 2013-05-07 12:14 - 00003874 ____A C:\Windows\System32\jupdate-1.7.0_21-b11.log
2013-05-07 12:11 - 2013-05-07 12:11 - 00000000 ____D C:\Documents and Settings\Eigenaar\Application Data\Oracle

==================== One Month Modified Files and Folders ========

2013-06-06 19:58 - 2013-06-06 19:58 - 00000000 ___DC C:\FRST
2013-06-06 19:56 - 2013-05-12 11:25 - 00000940 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-06 19:55 - 2012-07-08 02:12 - 01624795 ____A C:\Windows\pfirewall.log
2013-06-06 19:54 - 2013-04-03 16:37 - 00000000 __RHD C:\Documents and Settings\Eigenaar\Onlangs geopend
2013-06-06 19:51 - 2010-04-22 13:46 - 00000000 ____D C:\Documents and Settings\Eigenaar\Bureaublad
2013-06-06 19:43 - 2013-04-14 12:54 - 00000159 ____A C:\Windows\wiadebug.log
2013-06-06 19:43 - 2013-04-14 12:54 - 00000048 ____A C:\Windows\wiaservc.log
2013-06-06 19:33 - 2011-06-16 12:39 - 00001048 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-06 19:29 - 2011-01-17 19:41 - 00000460 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{19634F2B-6041-4CFB-B933-71C9576E8275}.job
2013-06-06 19:28 - 2013-03-06 11:12 - 00000386 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-06-06 19:26 - 2013-03-13 11:46 - 00000479 ____A C:\Documents and Settings\Eigenaar\Application Data\TSSTLiveUpdateConfig.ini
2013-06-06 19:25 - 2011-06-16 12:39 - 00001044 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-06 19:25 - 2010-04-22 13:46 - 00000062 __ASH C:\Documents and Settings\Eigenaar\Local Settings\desktop.ini
2013-06-06 19:19 - 2013-03-13 14:26 - 00000196 ____A C:\Documents and Settings\Gast\Application Data\TSSTLiveUpdateConfig.ini
2013-06-06 19:19 - 2012-11-24 17:00 - 01880022 ____A C:\Windows\WindowsUpdate.log
2013-06-06 19:18 - 2012-07-17 06:46 - 00000062 __ASH C:\Documents and Settings\Gast\Local Settings\desktop.ini
2013-06-06 19:18 - 2010-04-22 13:46 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-06 19:18 - 2010-04-22 13:46 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-06 19:17 - 2010-04-22 13:46 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-06 16:17 - 2012-11-24 17:01 - 00032600 ____A C:\Windows\SchedLgU.Txt
2013-06-06 16:16 - 2013-03-18 16:13 - 00000000 __RHD C:\Documents and Settings\Gast\Onlangs geopend
2013-06-06 16:16 - 2013-03-14 11:27 - 00000283 ____A C:\Windows\Brownie.ini
2013-06-05 19:54 - 2010-04-22 13:46 - 00000288 ___SH C:\Documents and Settings\Eigenaar\ntuser.ini
2013-06-05 19:50 - 2010-04-22 15:26 - 00013646 ____A C:\Windows\System32\wpa.dbl
2013-06-05 09:44 - 2012-07-08 11:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-04 09:31 - 2013-06-04 09:27 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-27 18:07 - 2013-05-14 14:46 - 00000188 __ASH C:\Documents and Settings\Werkaccount\ntuser.ini
2013-05-27 18:06 - 2013-05-14 14:46 - 00000000 __RHD C:\Documents and Settings\Werkaccount\Onlangs geopend
2013-05-27 18:05 - 2013-05-14 14:47 - 00000196 ____A C:\Documents and Settings\Werkaccount\Application Data\TSSTLiveUpdateConfig.ini
2013-05-27 18:05 - 2013-05-14 14:46 - 00000062 __ASH C:\Documents and Settings\Werkaccount\Local Settings\desktop.ini
2013-05-27 11:46 - 2010-04-22 15:33 - 00000000 ____D C:\Documents and Settings\All Users\Bureaublad
2013-05-27 11:45 - 2011-06-16 12:27 - 00000000 ____D C:\Program Files\Google
2013-05-26 23:22 - 2012-07-08 02:12 - 04086141 ____A C:\Windows\pfirewall.log.old
2013-05-26 22:12 - 2012-07-17 17:26 - 00000664 ____A C:\Documents and Settings\Gast\Local Settings\Application Data\d3d9caps.tmp
2013-05-26 01:05 - 2013-05-26 01:05 - 00000000 ___DC C:\_OTL
2013-05-25 12:07 - 2013-05-25 12:07 - 00012473 ___AC C:\ComboFix.txt
2013-05-25 12:07 - 2013-05-25 02:28 - 00000000 ___DC C:\Qoobox
2013-05-25 12:03 - 2010-04-22 15:26 - 00000227 ___AC C:\Windows\system.ini
2013-05-25 02:54 - 2013-05-25 02:28 - 00000000 ____D C:\Windows\erdnt
2013-05-25 02:35 - 2013-05-25 02:35 - 00000000 RASHDC C:\cmdcons
2013-05-25 02:35 - 2010-04-22 15:26 - 00000327 RASHC C:\boot.ini
2013-05-24 16:44 - 2013-05-24 16:44 - 00000000 ____D C:\Windows\ERUNT
2013-05-24 16:43 - 2013-05-24 16:43 - 00000000 ___DC C:\JRT
2013-05-24 16:24 - 2013-05-24 16:24 - 00010933 ___AC C:\AdwCleaner[S1].txt
2013-05-24 15:40 - 2012-07-17 06:46 - 00000000 ____D C:\Documents and Settings\Gast\Bureaublad
2013-05-24 15:13 - 2013-04-12 11:11 - 00067998 ____A C:\Windows\setupapi.log
2013-05-23 19:06 - 2013-05-23 19:06 - 00000000 ____D C:\Documents and Settings\Gast\Local Settings\Application Data\Sun
2013-05-23 19:06 - 2013-05-23 19:06 - 00000000 ____D C:\Documents and Settings\Gast\Application Data\Sun
2013-05-22 23:53 - 2011-03-30 19:18 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2013-05-22 21:37 - 2013-05-16 09:44 - 00000000 ____D C:\Documents and Settings\Eigenaar\Application Data\vlc
2013-05-16 13:56 - 2013-05-12 11:25 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-16 13:56 - 2013-05-12 11:25 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-16 13:13 - 2013-05-14 14:46 - 00000000 ____D C:\Documents and Settings\Werkaccount\Bureaublad
2013-05-16 09:42 - 2013-05-16 09:42 - 00000000 ____D C:\Program Files\VideoLAN
2013-05-15 09:44 - 2011-03-24 11:49 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-15 09:30 - 2013-04-03 16:39 - 00168304 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-15 09:28 - 2013-05-15 09:26 - 00011968 ____A C:\Windows\KB2829530-IE8.log
2013-05-15 09:28 - 2013-04-12 11:11 - 00055649 ____A C:\Windows\FaxSetup.log
2013-05-15 09:28 - 2013-04-12 11:11 - 00026604 ____A C:\Windows\ocgen.log
2013-05-15 09:28 - 2013-04-12 11:11 - 00021231 ____A C:\Windows\tsoc.log
2013-05-15 09:28 - 2013-04-12 11:11 - 00018579 ____A C:\Windows\comsetup.log
2013-05-15 09:28 - 2013-04-12 11:11 - 00011264 ____A C:\Windows\ntdtcsetup.log
2013-05-15 09:28 - 2013-04-12 11:11 - 00008842 ____A C:\Windows\iis6.log
2013-05-15 09:28 - 2013-04-12 11:11 - 00003474 ____A C:\Windows\ocmsn.log
2013-05-15 09:28 - 2013-04-12 11:11 - 00002781 ____A C:\Windows\msgsocm.log
2013-05-15 09:28 - 2013-04-12 11:11 - 00001374 ____A C:\Windows\imsins.log
2013-05-15 09:27 - 2013-04-12 11:22 - 00008625 ____A C:\Windows\updspapi.log
2013-05-15 09:23 - 2010-04-22 15:34 - 01279806 ___AC C:\Windows\System32\PerfStringBackup.INI
2013-05-15 09:23 - 2010-04-22 15:26 - 00598768 ____A C:\Windows\System32\perfh013.dat
2013-05-15 09:23 - 2010-04-22 15:26 - 00120562 ____A C:\Windows\System32\perfc013.dat
2013-05-15 09:04 - 2013-05-15 09:04 - 00005340 ____A C:\Windows\KB2847204-IE8.log
2013-05-15 09:04 - 2013-04-12 11:11 - 00001374 ____A C:\Windows\imsins.BAK
2013-05-15 09:04 - 2010-05-11 14:42 - 00000000 ____D C:\Windows\ie8updates
2013-05-15 09:02 - 2013-05-15 09:02 - 00006403 ____A C:\Windows\KB2820197.log
2013-05-15 09:02 - 2013-05-15 09:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-05-15 09:02 - 2010-04-22 16:00 - 00000000 ___HD C:\Windows\$hf_mig$
2013-05-15 08:58 - 2013-05-15 08:58 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-05-15 08:58 - 2013-05-15 08:53 - 00009613 ____A C:\Windows\KB2829361.log
2013-05-15 08:58 - 2010-05-11 14:49 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-14 16:39 - 2013-05-14 16:39 - 00000664 ____A C:\Documents and Settings\Werkaccount\Local Settings\Application Data\d3d9caps.tmp
2013-05-14 16:39 - 2013-05-14 14:56 - 00000000 ____D C:\Documents and Settings\Werkaccount\Local Settings\Application Data\Google
2013-05-14 15:33 - 2013-05-14 15:09 - 00000000 ____D C:\Documents and Settings\Werkaccount\Application Data\Winamp
2013-05-14 15:26 - 2013-05-14 15:26 - 00000000 ____D C:\Documents and Settings\Werkaccount\Application Data\Macromedia
2013-05-14 15:26 - 2013-05-14 15:26 - 00000000 ____D C:\Documents and Settings\Werkaccount\Application Data\Adobe
2013-05-14 15:20 - 2013-05-14 15:20 - 00000000 ____D C:\Documents and Settings\Werkaccount\Local Settings\Application Data\Mozilla
2013-05-14 15:20 - 2013-05-14 15:20 - 00000000 ____D C:\Documents and Settings\Werkaccount\Application Data\Mozilla
2013-05-14 15:04 - 2013-05-14 15:04 - 00000000 ___RD C:\Documents and Settings\Werkaccount\Application Data\Brother
2013-05-14 14:50 - 2013-05-14 14:50 - 00000000 __SHD C:\Documents and Settings\Werkaccount\IECompatCache
2013-05-14 14:48 - 2013-05-14 14:48 - 00000000 __SHD C:\Documents and Settings\Werkaccount\PrivacIE
2013-05-14 14:48 - 2013-05-14 14:47 - 00029600 ____A C:\Documents and Settings\Werkaccount\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-05-14 14:47 - 2013-05-14 14:47 - 00000000 ____D C:\Documents and Settings\Werkaccount\Application Data\Windows Desktop Search
2013-05-14 14:46 - 2013-05-14 14:46 - 00000000 __SHD C:\Documents and Settings\Werkaccount\IETldCache
2013-05-12 15:44 - 2010-05-11 15:16 - 00000000 ____D C:\Program Files\Windows Live
2013-05-12 15:40 - 2011-06-16 12:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google
2013-05-12 15:40 - 2011-06-16 12:31 - 00000000 ____D C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google
2013-05-12 15:39 - 2011-01-12 13:41 - 00000000 ____D C:\Program Files\Uniblue
2013-05-12 15:39 - 2011-01-12 13:41 - 00000000 ____D C:\Documents and Settings\Eigenaar\Application Data\Uniblue
2013-05-12 12:04 - 2010-05-11 14:22 - 00000000 ____D C:\Windows\System32\Adobe
2013-05-12 11:47 - 2011-03-14 15:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2013-05-12 10:56 - 2013-05-12 10:56 - 00000000 ____D C:\Program Files\Common Files\Java
2013-05-12 10:55 - 2013-05-12 10:55 - 00263584 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-05-12 10:55 - 2013-05-12 10:55 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-12 10:55 - 2013-05-12 10:55 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-12 10:55 - 2013-05-12 10:55 - 00144896 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl
2013-05-12 10:55 - 2013-05-12 10:55 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-05-12 10:55 - 2013-03-14 11:07 - 00866720 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2013-05-12 10:55 - 2013-03-14 11:07 - 00000000 ____D C:\Program Files\Java
2013-05-12 10:55 - 2010-05-11 14:21 - 00788896 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-05-12 10:33 - 2010-05-11 14:25 - 00000000 ____D C:\Documents and Settings\Eigenaar\Application Data\Adobe
2013-05-07 12:42 - 2010-04-22 13:40 - 00000000 ____D C:\Windows\System32\DirectX
2013-05-07 12:36 - 2013-05-07 12:34 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-05-07 12:14 - 2013-05-07 12:13 - 00003874 ____A C:\Windows\System32\jupdate-1.7.0_21-b11.log
2013-05-07 12:11 - 2013-05-07 12:11 - 00000000 ____D C:\Documents and Settings\Eigenaar\Application Data\Oracle
2013-05-07 06:22 - 2010-04-22 15:25 - 06015488 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2013-05-07 06:22 - 2010-04-22 15:25 - 06015488 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2010-04-22 15:25] - [2008-04-15 02:33] - 1037312 ____A (Microsoft Corporation) aa04f042a820bf1868e643575887e1a6

C:\Windows\System32\winlogon.exe
[2010-04-22 15:26] - [2008-04-15 02:33] - 0510464 ____A (Microsoft Corporation) 1247d4d5444e28519bbe31be8ab4c029

C:\Windows\System32\svchost.exe
[2010-04-22 15:26] - [2008-04-15 02:33] - 0014336 ____A (Microsoft Corporation) e410ec73e2be2a41d923b006f51c8427

C:\Windows\System32\services.exe
[2010-04-22 15:26] - [2009-02-09 13:27] - 0111104 ____A (Microsoft Corporation) 657b69389b893f440b07590c9e963f23

C:\Windows\System32\User32.dll
[2010-04-22 15:26] - [2008-04-15 02:32] - 0580096 ____A (Microsoft Corporation) 4cf588d2f2363b73eb4af57967d46dff

C:\Windows\System32\userinit.exe
[2010-04-22 15:26] - [2008-04-15 02:33] - 0026112 ____A (Microsoft Corporation) 6818a533ed3b2fa9936df3daf45352df

C:\Windows\System32\Drivers\volsnap.sys
[2010-04-22 15:26] - [2008-04-15 02:03] - 0053504 ____A (Microsoft Corporation) 8ab662b3c4691e6ddf61c96bb5b7d103


==================== End Of Log ============================


Attached Files


  • 0

#24
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Admirgency

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#25
Admirgency

Admirgency

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
1 Did GeeksToGo have Servertroubles in the Netherlands yesterday? I could not get to your site from any of the computers here at work, until i reset the modem and routers. (owners of the sites were reminded to check a faq at developers.google.com)

2 Today i had (double underlined links in green) mouse-over pop-up ads in the OTL logfiles, at least in the new thread http://www.geekstogo...ssibly-conduit/ by Smily90 and here in my own thread. These ads all seem to be from AdChoises + another ad-company i don't know, also a triangle logo but multi-collored. The ones i got on screen were all ads for Royal Shell oil company. This occured when i was not logged in to this site and before the combofix-scan. I do not see them anymore now i am logged in.

[edit] These mouse-over pop-up-links do not appear now i've logged out, closed FF and re-opened FF to check without being logged in. [endEdit]

3 In FRST Addition and now with Combofix i notice the Languigepack for .NET Framework 3.0 being listed as installed. However when i get to Microsoft Updates it is offered but always fails to install (Does download and initiate with no error). It is about KB928416, errorcode 0x13EC (on our public computers the same goes for languagepack for .NET Framework 3.5).


Combofix :

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-06-2013 01
Ran by Eigenaar at 2013-06-06 19:59:53 Run:
Running from C:\Documents and Settings\Eigenaar\Bureaublad
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader XI (11.0.03) - Nederlands (Version: 11.0.03)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Beveiligingsupdate voor Microsoft Windows (KB2564958)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2183461) (Version: 1)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2360131) (Version: 1)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2416400) (Version: 1)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2482017) (Version: 1)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2497640) (Version: 1)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2510531) (Version: 1)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2530548) (Version: 1)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2544521) (Version: 1)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2559049) (Version: 1)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2586448) (Version: 1)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2618444) (Version: 1)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2699988) (Version: 1)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2722913) (Version: 1)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2744842) (Version: 1)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2761465) (Version: 1)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2792100) (Version: 1)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2797052) (Version: 1)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2799329) (Version: 1)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2809289) (Version: 1)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2817183) (Version: 1)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2829530) (Version: 1)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2847204) (Version: 1)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961) (Version: 1)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB981332) (Version: 1)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB982381) (Version: 1)
Beveiligingsupdate voor Windows Media Player (KB2378111)
Beveiligingsupdate voor Windows Media Player (KB975558)
Beveiligingsupdate voor Windows XP (KB2121546) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2259922) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2279986) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2296011) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2296199) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2347290) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2360937) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2387149) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2393802) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2412687) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2419632) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2423089) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2436673) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2440591) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2443105) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2476490) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2476687) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2478960) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2478971) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2479628) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2479943) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2481109) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2483185) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2485376) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2485663) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2503658) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2503665) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2506212) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2506223) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2507618) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2507938) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2508272) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2508429) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2509553) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2511455) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2524375) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2535512) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2536276) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2536276-v2) (Version: 2)
Beveiligingsupdate voor Windows XP (KB2544893) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2544893-v2) (Version: 2)
Beveiligingsupdate voor Windows XP (KB2555917) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2562937) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2566454) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2567053) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2567680) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2570222) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2570947) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2584146) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2585542) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2592799) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2598479) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2603381) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2618451) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2619339) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2620712) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2624667) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2631813) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2633171) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2639417) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2646524) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2653956) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2655992) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2659262) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2661637) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2676562) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2685939) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2686509) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2691442) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2695962) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2698365) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2705219) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2707511) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2709162) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2712808) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2718523) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2719985) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2723135) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2724197) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2727528) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2731847) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2753842) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2753842-v2) (Version: 2)
Beveiligingsupdate voor Windows XP (KB2757638) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2758857) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2761226) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2770660) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2778344) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2779030) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2780091) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2799494) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2802968) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2807986) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2808735) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2813170) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2813345) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2820197) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2820917) (Version: 1)
Beveiligingsupdate voor Windows XP (KB2829361) (Version: 1)
Beveiligingsupdate voor Windows XP (KB979687) (Version: 1)
Beveiligingsupdate voor Windows XP (KB981322) (Version: 1)
Beveiligingsupdate voor Windows XP (KB981957) (Version: 1)
Beveiligingsupdate voor Windows XP (KB982132) (Version: 1)
Bing Bar (Version: 7.2.233.0)
Brother HL-5240 (Version: 1.00)
CCleaner (Version: 4.00)
Compatibiliteitspakket voor het 2007 Microsoft Office system (Version: 12.0.6612.1000)
Defraggler (Version: 2.13)
FW LiveUpdate (Version: 2.0.7.2)
Google Apps (Version: 1.2.279.2381)
Google Chrome (Version: 27.0.1453.110)
Google Earth (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.145)
Google Updater (Version: 2.4.2166.3772)
Hotfix voor Windows XP (KB2158563) (Version: 1)
Hotfix voor Windows XP (KB2443685) (Version: 1)
Hotfix voor Windows XP (KB2570791) (Version: 1)
Hotfix voor Windows XP (KB2633952) (Version: 1)
Hotfix voor Windows XP (KB2756822) (Version: 1)
Hotfix voor Windows XP (KB2779562) (Version: 1)
Hotfix voor Windows XP (KB961118) (Version: 1)
Intel® PRO Ethernet Adapter and Software
Internet Explorer (Enable DEP)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Dutch Language Pack (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD (Version: 3.2.30729)
Microsoft .NET Framework 3.5 Language Pack SP1 - nld (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile NLD Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Download Manager (Version: 1.2.1)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft IntelliType Pro 7.1 (Version: 7.10.344.0)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Basic Editie 2003 (Version: 11.0.8173.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office Outlook Connector (Version: 12.0.6423.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 21.0 (x86 nl) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Pakket voor de provider van Microsoft Base-smartcardcryptografieservice
Picasa 3 (Version: 3.9)
Secunia PSI (3.0.0.3001) (Version: 3.0.0.3001)
Segoe UI (Version: 14.0.4327.805)
SigmaTel C-Major Audio
Skype™ 6.3 (Version: 6.3.105)
Speccy (Version: 1.17)
Spybot - Search & Destroy (Version: 1.6.2)
swMSM (Version: 12.0.0.1)
System Requirements Lab for Intel (Version: 4.5.11.0)
Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (Version: 4.0.30319)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update voor Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update voor Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update voor Windows Internet Explorer 8 (KB976662) (Version: 1)
Update voor Windows Internet Explorer 8 (KB980182) (Version: 1)
Update voor Windows XP (KB2141007) (Version: 1)
Update voor Windows XP (KB2345886) (Version: 1)
Update voor Windows XP (KB2467659) (Version: 1)
Update voor Windows XP (KB2492386) (Version: 1)
Update voor Windows XP (KB2541763) (Version: 1)
Update voor Windows XP (KB2616676) (Version: 1)
Update voor Windows XP (KB2616676-v2) (Version: 2)
Update voor Windows XP (KB2641690) (Version: 1)
Update voor Windows XP (KB2661254-v2) (Version: 2)
Update voor Windows XP (KB2718704) (Version: 1)
Update voor Windows XP (KB2736233) (Version: 1)
Update voor Windows XP (KB2749655) (Version: 1)
Update voor Windows XP (KB971029) (Version: 1)
VLC media player 2.0.6 (Version: 2.0.6)
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.63 )
Winamp Applicatie Detect (Version: 1.0.0.1)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live - Hulpprogramma voor uploaden (Version: 14.0.8014.1029)
Windows Live aanmeldhulp (Version: 5.000.818.5)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Search 4.0 (Version: 04.00.6001.503)
WinRAR
WPS Installation Program
WPS Installation Program (Version: 7.0)
XML Paper Specification Shared Components Language Pack 1.0

==================== Restore Points =========================

24-04-2013 07:23:53 Software Distribution Service 3.0
24-04-2013 13:38:46 Software Distribution Service 3.0
25-04-2013 14:30:49 Software Distribution Service 3.0
28-04-2013 08:18:44 Software Distribution Service 3.0
29-04-2013 07:25:29 Software Distribution Service 3.0
01-05-2013 08:39:12 Software Distribution Service 3.0
02-05-2013 08:56:20 Software Distribution Service 3.0
06-05-2013 06:09:26 Software Distribution Service 3.0
07-05-2013 10:00:37 Software Distribution Service 3.0
07-05-2013 10:13:02 Installed Java 7 Update 21
07-05-2013 10:37:21 Software Distribution Service 3.0
08-05-2013 11:47:49 Controlepunt van systeem
12-05-2013 07:52:46 Software Distribution Service 3.0
12-05-2013 08:48:25 Removed Java 7 Update 17
12-05-2013 08:55:02 Installed Java 7 Update 21
12-05-2013 13:51:17 Software Distribution Service 3.0
13-05-2013 18:22:37 Software Distribution Service 3.0
14-05-2013 10:14:57 Software Distribution Service 3.0
15-05-2013 06:57:22 Software Distribution Service 3.0
16-05-2013 07:21:00 Software Distribution Service 3.0
17-05-2013 08:11:01 Software Distribution Service 3.0
21-05-2013 10:08:06 Software Distribution Service 3.0
22-05-2013 21:06:15 Software Distribution Service 3.0
24-05-2013 07:56:43 Software Distribution Service 3.0
24-05-2013 14:41:54 Software Distribution Service 3.0
25-05-2013 19:43:45 Software Distribution Service 3.0
27-05-2013 09:34:48 Software Distribution Service 3.0
29-05-2013 07:34:59 Software Distribution Service 3.0
30-05-2013 08:00:37 Controlepunt van systeem
31-05-2013 08:27:21 Software Distribution Service 3.0
01-06-2013 08:15:50 Software Distribution Service 3.0
03-06-2013 08:48:11 Software Distribution Service 3.0
03-06-2013 12:34:37 Software Distribution Service 3.0
04-06-2013 07:23:46 Software Distribution Service 3.0
05-06-2013 07:54:13 Software Distribution Service 3.0
05-06-2013 17:46:07 Software Distribution Service 3.0
05-06-2013 17:51:40 Software Distribution Service 3.0

==================== Faulty Device Manager Devices =============

Name: Videocontroller (VGA-compatibel)
Description: Videocontroller (VGA-compatibel)
Class Guid: {00000000-0000-0000-0000-000000000000}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2013 11:43:03 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (05/25/2013 02:27:15 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (05/24/2013 04:43:03 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (05/16/2013 01:14:14 PM) (Source: MsiInstaller) (User: POWERMATE)
Description: Product: Microsoft Office Basic Editie 2003 -- Fout 1309. Fout bij het lezen van bestand D:\SKU113.CAB. Systeemfout 21. Controleer of het bestand bestaat en of u toegang hebt tot het bestand.

Error: (05/16/2013 01:14:02 PM) (Source: MsiInstaller) (User: POWERMATE)
Description: Product: Microsoft Office Basic Editie 2003 -- Fout 1309. Fout bij het lezen van bestand D:\SKU113.CAB. Systeemfout 21. Controleer of het bestand bestaat en of u toegang hebt tot het bestand.

Error: (05/16/2013 09:32:52 AM) (Source: MsiInstaller) (User: POWERMATE)
Description: Product: Adobe Reader XI (11.0.03) - Nederlands - Update 'Adobe Reader XI (11.0.03)' kan niet worden geïnstalleerd. Foutcode: 1603. Windows Installer kan logboekbestanden maken om te helpen bij het oplossen van problemen tijdens het installeren van softwarepakketten. Raadpleeg de volgende koppeling voor aanwijzingen over het inschakelen van ondersteuning via logboekregistratie: http://go.microsoft....k/?LinkId=23127

Error: (05/16/2013 09:32:49 AM) (Source: MsiInstaller) (User: POWERMATE)
Description: Product: Adobe Reader XI (11.0.03) - Nederlands -- Fout 1321. Installer heeft niet de juiste rechten om het bestand C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe te kunnen wijzigen.

Error: (05/16/2013 09:20:18 AM) (Source: MsiInstaller) (User: POWERMATE)
Description: Product: Snap.Do -- Error 1304. Error writing to file: Interop.SHDocVw.dll. Verify that you have access to that directory.

Error: (05/16/2013 09:08:53 AM) (Source: Windows Search Service) (User: )
Description: De update kan niet worden gestart omdat er geen toegang kan worden verkregen tot de inhoudsbronnen. Herstel de fouten en probeer de update opnieuw uit te voeren.

Context: toepassing , catalogus SystemIndex

Error: (05/15/2013 09:32:59 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown


System errors:
=============
Error: (06/06/2013 01:39:32 PM) (Source: DCOM) (User: POWERMATE)
Description: De machtigingsinstellingen (toepassingsspecifiek) verlenen geen machtiging aan Activeren (Lokaal) voor de COM-servertoepassing met CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
aan de gebruiker POWERMATE\Gast SID (S-1-5-21-1606980848-1788223648-2146830767-501). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerdershulpprogramma van Component Services.

Error: (06/06/2013 01:39:24 PM) (Source: DCOM) (User: POWERMATE)
Description: De machtigingsinstellingen (toepassingsspecifiek) verlenen geen machtiging aan Activeren (Lokaal) voor de COM-servertoepassing met CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
aan de gebruiker POWERMATE\Gast SID (S-1-5-21-1606980848-1788223648-2146830767-501). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerdershulpprogramma van Component Services.

Error: (06/06/2013 01:39:00 PM) (Source: DCOM) (User: POWERMATE)
Description: De machtigingsinstellingen (toepassingsspecifiek) verlenen geen machtiging aan Activeren (Lokaal) voor de COM-servertoepassing met CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
aan de gebruiker POWERMATE\Gast SID (S-1-5-21-1606980848-1788223648-2146830767-501). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerdershulpprogramma van Component Services.

Error: (06/06/2013 11:32:26 AM) (Source: DCOM) (User: POWERMATE)
Description: De machtigingsinstellingen (toepassingsspecifiek) verlenen geen machtiging aan Activeren (Lokaal) voor de COM-servertoepassing met CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
aan de gebruiker POWERMATE\Gast SID (S-1-5-21-1606980848-1788223648-2146830767-501). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerdershulpprogramma van Component Services.

Error: (06/06/2013 11:32:09 AM) (Source: DCOM) (User: POWERMATE)
Description: De machtigingsinstellingen (toepassingsspecifiek) verlenen geen machtiging aan Activeren (Lokaal) voor de COM-servertoepassing met CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
aan de gebruiker POWERMATE\Gast SID (S-1-5-21-1606980848-1788223648-2146830767-501). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerdershulpprogramma van Component Services.

Error: (06/06/2013 11:32:05 AM) (Source: DCOM) (User: POWERMATE)
Description: De machtigingsinstellingen (toepassingsspecifiek) verlenen geen machtiging aan Activeren (Lokaal) voor de COM-servertoepassing met CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
aan de gebruiker POWERMATE\Gast SID (S-1-5-21-1606980848-1788223648-2146830767-501). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerdershulpprogramma van Component Services.

Error: (06/06/2013 11:30:41 AM) (Source: DCOM) (User: POWERMATE)
Description: De machtigingsinstellingen (toepassingsspecifiek) verlenen geen machtiging aan Activeren (Lokaal) voor de COM-servertoepassing met CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
aan de gebruiker POWERMATE\Gast SID (S-1-5-21-1606980848-1788223648-2146830767-501). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerdershulpprogramma van Component Services.

Error: (06/05/2013 07:48:03 PM) (Source: Windows Update Agent) (User: )
Description: Installatiefout: de volgende update kan niet worden geïnstalleerd, foutcode 0x80070643: KB928416: Taalpakket voor Microsoft .NET Framework 3.0: x86.

Error: (06/05/2013 10:19:46 AM) (Source: DCOM) (User: POWERMATE)
Description: De machtigingsinstellingen (toepassingsspecifiek) verlenen geen machtiging aan Activeren (Lokaal) voor de COM-servertoepassing met CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
aan de gebruiker POWERMATE\Gast SID (S-1-5-21-1606980848-1788223648-2146830767-501). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerdershulpprogramma van Component Services.

Error: (06/05/2013 10:10:59 AM) (Source: DCOM) (User: POWERMATE)
Description: De machtigingsinstellingen (toepassingsspecifiek) verlenen geen machtiging aan Activeren (Lokaal) voor de COM-servertoepassing met CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
aan de gebruiker POWERMATE\Gast SID (S-1-5-21-1606980848-1788223648-2146830767-501). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerdershulpprogramma van Component Services.


Microsoft Office Sessions:
=========================
Error: (05/25/2013 11:43:03 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.2.223.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (05/25/2013 02:27:15 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.2.223.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (05/24/2013 04:43:03 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.2.223.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (05/16/2013 01:14:14 PM) (Source: MsiInstaller)(User: POWERMATE)
Description: Product: Microsoft Office Basic Editie 2003 -- Fout 1309. Fout bij het lezen van bestand D:\SKU113.CAB. Systeemfout 21. Controleer of het bestand bestaat en of u toegang hebt tot het bestand.(NULL)(NULL)(NULL)

Error: (05/16/2013 01:14:02 PM) (Source: MsiInstaller)(User: POWERMATE)
Description: Product: Microsoft Office Basic Editie 2003 -- Fout 1309. Fout bij het lezen van bestand D:\SKU113.CAB. Systeemfout 21. Controleer of het bestand bestaat en of u toegang hebt tot het bestand.(NULL)(NULL)(NULL)

Error: (05/16/2013 09:32:52 AM) (Source: MsiInstaller)(User: POWERMATE)
Description: Adobe Reader XI (11.0.03) - NederlandsAdobe Reader XI (11.0.03)1603(NULL)

Error: (05/16/2013 09:32:49 AM) (Source: MsiInstaller)(User: POWERMATE)
Description: Product: Adobe Reader XI (11.0.03) - Nederlands -- Fout 1321. Installer heeft niet de juiste rechten om het bestand C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe te kunnen wijzigen.(NULL)(NULL)(NULL)

Error: (05/16/2013 09:20:18 AM) (Source: MsiInstaller)(User: POWERMATE)
Description: Product: Snap.Do -- Error 1304. Error writing to file: Interop.SHDocVw.dll. Verify that you have access to that directory.(NULL)(NULL)(NULL)

Error: (05/16/2013 09:08:53 AM) (Source: Windows Search Service)(User: )
Description: Context: toepassing , catalogus SystemIndex

Error: (05/15/2013 09:32:59 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown


==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 759.48 MB
Available physical RAM: 336.4 MB
Total Pagefile: 1858.09 MB
Available Pagefile: 1504.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1958.65 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:37.27 GB) (Free:21.88 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 37 GB) (Disk ID: 987245D0)
Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Edited by Admirgency, 08 June 2013 - 03:47 AM.

  • 0

Advertisements


#26
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

.NET is very good about giving errors and the best way I found to fix it is to uninstall all of and run the cleanup here http://blogs.msdn.co...28/8904493.aspx and then install them in order one at a time

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. default settings are fine
  • Click Run Cleaner.
  • Close CCleaner.

Run Malwarebytes

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic


"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

  • 0

#27
Admirgency

Admirgency

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Hello again Gringo.


(Guest acc., Firefox) Before i red your new post, i was on microsoft technet forums, logged in. For one answer i had to check my adresses for Reatogo miniXP and Hirrens Bootcd. Also i viewed some threads on Trend Micro and Norton fora. The yahoo-search for Norton remained visible in the new tabs as shown in Screenshot 8 june 2013 - 1aIII, below with the Malware Bites downloadproblem (Before running Ccleaner) (Took away the Reatogo-adress from social.technet, it can not be trusted like this, you''l see).



Ccleaner updated. Since i already use Ccleaner on this machine i did not have the default settings. see ScrSh 8 june 1bI for settings. Well, that is...... i get message "Block" from Adblock Plus above the "Click to attach files" button here on Geekstogo. Could not disable the block for this page or site, could make a rule for always blokking (parts of the) domain. Had to disable Adblock Plus in FF Addon-manager to upload. Even the upload failed 3 times thus i made a copy of it and uploaded that. Never had this problem with Ccleaner and Adblock.
8 juni 2013 - 1bII.JPG

(BTW i'll have to remove CCleaner fr Start Programs in Guest-accounts on our public computers. They can mess with the antimalware- and registry-cleaning in the latest 2 versions i noticed. And since one visitor already downloaded another registrycleaner from Softonics....... it did not install but Softonics mannaged to install a login for Facebook among Start-up Items..... but that's a guestcomputer, not this-one)



Malware Bites :
1st try for MBam-download resulted in being redirected within Bleepingcomputers to a page with all kinds of downloads. I thought to myself : "Hey, why does FF not ask to permit being redirected to another page?". I tried by typing the adress to Malware Bites dot org in the adressbar but twice i got redirected to factsearchguide dot com, with WOT--warning it is a dangerous site. see next screenshot (uploaded here without a glitch).
8 juni 2013 - 1aIII.JPG

I tried your link to Bleepingcomputers again and did get to the proper downloadpage but the download did not commence. I had to use the "restart download"link.
Ofcourse i renamed the 3 downloads for safety. I know for sure i set MBam to be in ENglish, for your convenience. Nevertheless it was Dutch-languaged.

(Can MBam and Spybot S&D run simultanious? Otherwise one needs to be uninstalled).



Then HiJackThis.
I don't remember anymore why i did not take the download on Cnet you gave, and have no screenshot for that. Then Trend Micro.com reverted automaticly to dot NL and only gave downloadlink for HiJackThis via Sourceforge. I went to Trend Micro Fora and got HiJackThis from Trend Micro via Malwareforum pinned post about the free TM-tools to use before posting.



Gees, 10 min. to 2 in the morning. In 10 hours it'll be another hectic day on our sities waters, but it'll be great and unforgettable. Brabant Cultural Capital of the World!




Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Databaseversie: v2013.06.08.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Eigenaar :: POWERMATE [administrator]

8-6-2013 23:59:46
mbam-log-2013-06-08 (23-59-46).txt

Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM | P2P
Uitgeschakelde scan opties:
Objecten gescand: 273550
Verstreken tijd: 13 minuut/minuten, 23 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:15:38, on 9-6-2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Wireless\WPS\jswpbapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Wireless\WPS\jswtrayutil.exe
C:\Program Files\TSST Korea\FW LiveUpdate\FWManager.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.exe
C:\Documents and Settings\Eigenaar\Bureaublad\10Hiackhis installer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Wireless\WPS\jswtrayutil.exe"
O4 - HKLM\..\Run: [Name of App] C:\Program Files\TSST Korea\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1271944706703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1341578474781
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.syste...el_4.5.11.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: JumpStart Push-Button Service (jswpbapi) - Wireless - C:\Program Files\Wireless\WPS\jswpbapi.exe
O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - wireless - C:\Program Files\Wireless\WPS\jswpsapi.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 8453 bytes

Edited by Admirgency, 08 June 2013 - 06:10 PM.

  • 0

#28
Admirgency

Admirgency

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Forgive me for my absence the last week. I've also been bussy elsewhere.

Since last scans i did not experience the problems with Windows Security Center anymore, save for a rare warning that there's no firewall just before the firewall comes online.

Snapdo still resides in werkaccount -> Chrome. F.y.i i'll give a list of the search engines as shown by options/settings in IE, Chrome and Firefox in the diferent user-accounts on this computer.
Guest-account still is the only account available to other employees. However until about 8 months ago employees and some trusted visitors used the owner-account with a very easy to crack password and no password on the Admin-account. I blocked Owner and Admin by difficult passwords and i am the only-one knowing these passwords (save for a passible hacker or botnet).

i added an "x" to the web-adresses (Chrome descriptions) so thay will not be working links.

Guest-acc :
Firefox is standard browser,
Yahoo toobar adon for firefox ;
us.data.toolbar.yahoo.com is standard startpage ;
Google search is standard search-engine ;
Bing ;
Bol.com ;
Marktplaats.nl ;
Wikipedia.nl.

IE, Bing.com is standard startpage and search-engine ;
Google search (toolbar recently removed)
Ask search ;
Bing (a 2nd Bing search-engine, i presume a left-over from IE 8 upgraded to 9 but i'm beginning to doubt that).

Google Chrome with Google Applications as standard startpage, as well as Google login and Marktplaats.nl for secondairy startpages ;
Google is standard search-engine ;
AVG Secure Search - isearch.com - htxtp://isearch.avg.com/search?cid={92235826-........ ;
Yahoo!NL - nl.yahoo.com ;
Bing - Bing.com ;
Ask.com Nederland - nl.ask.com - htxtp://nl.ask.com/web?q=%s.


Werkaccount :
Firefox is standard browser,
Standard startpages are Google Search and Google Accounts, this last page is sertainly not set by me ;
Google search is standard search-engine ;
Bing ;
Bol.com ;
Marktplaats.nl ;
Wikipedia.nl.

IE, Bing.com is standard startpage and search-engine ;
Google search ;

Google Chrome, Google Applications is standard startpage ;
Web - search.snapdo - htxtp://feed.snapdo/?publisher=SnapdoSofonic........ ;
Google = standard search-engine - google.nl ;
Yahoo!Nederland - nl.yahoo.com ;
Bing - bing.com ;
Ask.com Nederland - nl.ask.com - htxtp://nl.ask.com/web?q=%s.
note : SnapDo startpage was standard startpage when i opened Chrome the 1st time after this account was created.

Owner account :
IE = standard browser ;
Bing = standard startpage and search-engine ;
Live search.

Firefox, standard startpage is Google Search ;
Google.nl is standard search-engine ;
Bing ;
Bol.com ;
Marktplaats.nl ;
Wikipedia.nl.

Google Chrome, Standard startpage = Avira Search - htxtp://avira.search.ask.com ;
Google.nl is standard search-engine ;
Yahoo!Nederland ;
Bing ;
Ask.com Nederland.

[edit] Hey, where're my notes on Admin-acc? Guess i misplaced them somewhere, can't find them, i'll post tomorow. [endEdit]

Maybe avira.ask.com needs to be removed as well as passible remnants of Avira site-advisor and/or Avira toolbar and/or Avira Password-protection and/or AVG site-advisor and/or AVG toolbar and/or Avira Password-protection (if these exsist) as in my limited perception there could be an (infected?) conflict between one another and/or WOT adon for Firefox. Is that plausible?

Lastly, also forgive me for persuing the malwareBites-redirect to Factsearch.com a litle more. Yesterday i did get to an apparent Malware Bites site in Firefox, dot com as wel as dot org, they are the same (on my screen). Mildly untrustworthy according to WOT (i see now i review the screenshot ) (screenshot devided in 2 it was to big).
18 june 2013 - 1cI.JPG
18 june 2013 - 1cII.JPG

Links to specific subjects on the site led to dsparking.com. I did not follow them. However i did use Yahoo search from Yahoo-toolbar to get some info on dsparking. A dangerous site according to WOT site-advisor (FF-adon) as well as mcAfee site-advisor (search-result). With several untrustworthy sites on that domain, 1 result showed "IPadress dot dspark dot com" to be trustworthy according to WOT. Also i got a lot of results deemed more or less untrustworthy or unknown by WOT, which offered help with removal of dspark-related malware. Together with a few WOT-trusted results (non of which were known sites to me) the info ranged from virus and trojan to spyware, rogue-AV and spam. The mcAfee-result was the only-one i klicked, the rest gave info enough in the search-results-description of the tekst where dspark was mentioned.


Microsoft Security Essentials scheduled scan did not reveal anything.

Edited by Admirgency, 19 June 2013 - 02:10 PM.

  • 0

#29
Admirgency

Admirgency

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
On these fora, Firefox prevents being redirected to another page. Wished the FFmessage (on top of the browserscreen) could show where it leads before giving permission.

Got those mouse-over pop-up advertisements back in the OTL-logs of http://www.geekstogo...c/331054-virus/ and myself. I have been looking at 2 more logs before but they were not present there.

[edit] and again the pop-up ads disappear when being logged in.

Edited by Admirgency, 19 June 2013 - 03:33 PM.

  • 0

#30
Admirgency

Admirgency

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
The browsers in Administrator account :
IE is standard Browser ;
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP