July 18_19
th 2013
19˝ hours of work today..... Another of our "responsable" employees suddenly quit. Now i realy have to do most everything here exept for cleaning and making coffee/thee/limonade. Well, that's to be expected in an aid-organisation who draws personel from it's target-group. Luckily i had company from visitors and our Polish employees all night. Besides i'm in a position to buy food and juice with petty cash.
I downloaded more passible needed files then i actually used. I downloaded from this computer Guest-account → Firefox.
There was no option for repairing .NET Framework 1.1 via Configurationscreen. I did not try the repair-tool, thought it was a .cab-file which i can not open with damaged or missing MSDT. I uninstalled .Net FrWs via Configscreen. Starting with languige pack for 4.0 and 3.5, in that order. Then .Net FrW 4 Client Profile, .NET FrW 3.5, 3.0, 2.0 and 1.1 with respective Service Packs. No problems there. I did not use the Uninstall Tool for in all .NET FrW blogs from A. Stebner he warns it's a tool only to use as a last resort.
Installation of the .NET FrW's on itself was no problem either, however after installation of 4 Client profile the Windows Security Center started giving messages again at every reboot, for either MS SE or Firewall not being enabled though not at the same time (reboot). Mostly it was about firewall which enabled a few seconds later.
Among Security Updates (29 total) via Windows Update i noticed kb2564958, security update for Windows XP :
CVE-2011-1247, & Microsoft Security Bulletin MS11-075 - Important
Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699) Published: Tuesday, October 11, 2011 | Updated: Tuesday, October 25, 2011. I have to explain : When i got to work here a year ago, no computer was updated, exept for Google-services on this computer
(as well as Imesh, Isearch and Bearsearch on the public computers). There were various malware-families present at each computer. One public computer was taken hostage and it's acting up again now, can't get to MS Update-site manually but automatic updates do roll in on that public comp. This work-computer might have been without kb2564958 all this time. I'll check tomorrow or sometime this weekend.
With Optional updates (12 incl. MS SE defenitions), Languigepack for .NET FrW 3.0 didn't want to install, sorry i forgot to check what error-code.
Chekked at laptop (for i needed to copy transcripts from MS11-075 + some more, and OTL-download) with Avast freeware, and on this computer with Mbam and MS SE, this computers back-up files did not show an infection.
(I don't think our organisations will be unified under one administration to ask the new boardmembers to finally pay for more elaborate security software, in time for the publication of next years versions). OTL produced a Txt-file but not the Extras :
OTL logfile created on: 19-7-2013 3:11:25 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Eigenaar\Bureaublad
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
759.48 Mb Total Physical Memory | 387.42 Mb Available Physical Memory | 51.01% Memory free
2.11 Gb Paging File | 1.74 Gb Available in Paging File | 82.55% Paging File free
Paging file location(s): C:\pagefile.sys 1440 1440 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 22.10 Gb Free Space | 59.29% Space Free | Partition Type: NTFS
Computer Name: POWERMATE | User Name: Eigenaar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Eigenaar\Bureaublad\18july - OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe (Google Inc.)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Program Files\TSST Korea\FW LiveUpdate\FWManager.exe ( )
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files\Wireless\WPS\jswtrayutil.exe ()
PRC - C:\Program Files\Wireless\WPS\jswpbapi.exe (Wireless)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ========== MOD - C:\Program Files\TSST Korea\FW LiveUpdate\LiveUpdate.dat ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxslt.dll ()
MOD - C:\Program Files\Wireless\WPS\jswscapploc.dll ()
MOD - C:\Program Files\Wireless\WPS\jswtrayutil.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
========== Services (SafeList) ========== SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (jswpsapi) -- C:\Program Files\Wireless\WPS\jswpsapi.exe (wireless)
SRV - (jswpbapi) -- C:\Program Files\Wireless\WPS\jswpbapi.exe (Wireless)
========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\catchme.sys File not found
DRV - (dc3d) -- C:\WINDOWS\system32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (JSWSCIMD) -- C:\WINDOWS\system32\drivers\jswscimd.sys (Atheros Communications, Inc.)
DRV - (AR9271) -- C:\WINDOWS\system32\drivers\athuw.sys (Atheros Communications, Inc.)
DRV - (HTCAND32) -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (STAC97NA) -- C:\WINDOWS\system32\drivers\stac97na.sys (SigmaTel Inc.)
DRV - (STAC97NH) -- C:\WINDOWS\system32\drivers\stac97nh.sys (SigmaTel Inc.)
DRV - (BrPar) -- C:\WINDOWS\system32\drivers\BRPAR.SYS (Brother Industries Ltd.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/searchIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.bing.com/IE - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 48 20 B2 A1 5C CD 01 [binary data]
IE - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...Box&FORM=IE8SRCIE - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.6
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems:
[email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.5.0.2
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2013-07-19 01:19:59 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-07-05 13:13:51 | 000,000,000 | ---D | M]
[2010-05-11 15:00:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Extensions
[2013-07-05 13:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\bjvlnrw9.default\extensions
[2013-07-05 13:24:17 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\bjvlnrw9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013-07-05 13:24:20 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\bjvlnrw9.default\extensions\
[email protected][2013-07-05 13:24:20 | 000,116,577 | ---- | M] () (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\bjvlnrw9.default\extensions\
[email protected][2012-07-08 11:38:38 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\bjvlnrw9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013-07-05 13:23:23 | 000,870,680 | ---- | M] () (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\bjvlnrw9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013-07-05 13:24:17 | 000,138,614 | ---- | M] () (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\bjvlnrw9.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2011-04-01 11:10:10 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\bjvlnrw9.default\searchplugins\bing.xml
[2013-07-05 13:13:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013-07-05 13:15:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012-06-28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011-12-24 21:58:59 | 000,001,111 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\vandale-nl.xml
[2011-12-24 21:58:59 | 000,001,106 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-nl.xml
========== Chrome ========== O1 HOSTS File: ([2013-05-25 02:51:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [jswtrayutil] C:\Program Files\Wireless\WPS\jswtrayutil.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Name of App] C:\Program Files\TSST Korea\FW LiveUpdate\FWManager.exe ( )
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - Startup: C:\Documents and Settings\Eigenaar\Menu Start\Programma's\Opstarten\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Gast\Menu Start\Programma's\Opstarten\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258}
http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.micros...b?1271944706703 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://www.update.mi...b?1341578474781 (MUWebControl Class)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE}
http://download.micr...loadManager.cab (Microsoft Download Manager ActiveX control)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}
http://content.syste...el_4.5.11.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C14C12F-FE35-4086-8935-5AD09B3BDF73}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F414C247-0F38-435E-8997-36B5A343C769}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-04-22 13:42:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (pgdfgsvc C 1)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ========== [2013-07-19 03:06:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\18july - OTL.exe
[2013-07-18 22:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013-07-18 21:58:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2013-07-18 21:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013-07-18 21:58:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2013-07-18 21:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2013-07-18 21:44:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2013-07-10 13:01:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013-07-07 12:18:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Eigenaar\Onlangs geopend
[2013-07-05 13:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013-06-25 21:57:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Bureaublad\RK_Quarantine
[2013-06-25 16:15:31 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Eigenaar\Bureaublad\12-25junetdsskiller.exe
[2013-06-21 19:03:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\11-21juneOTL.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2013-07-19 03:01:13 | 000,000,460 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{19634F2B-6041-4CFB-B933-71C9576E8275}.job
[2013-07-19 02:56:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013-07-19 02:38:02 | 000,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013-07-19 02:34:35 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013-07-19 02:34:16 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013-07-19 02:26:24 | 000,000,479 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Application Data\TSSTLiveUpdateConfig.ini
[2013-07-19 02:24:58 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013-07-19 02:24:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013-07-19 02:17:07 | 000,600,062 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2013-07-19 02:17:07 | 000,501,462 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013-07-19 02:17:07 | 000,121,316 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2013-07-19 02:17:07 | 000,088,310 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013-07-18 23:08:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\18july - OTL.exe
[2013-07-18 22:05:55 | 000,168,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-07-18 20:54:14 | 000,000,283 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2013-07-16 12:06:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013-07-16 10:38:19 | 000,127,984 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Bureaublad\2windowsupdate.diagcab
[2013-07-10 14:58:31 | 000,127,984 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Bureaublad\14a-10july 2ndTuesday-windowsupdate.diagcab
[2013-07-10 12:26:51 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013-07-10 12:21:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013-06-25 16:17:17 | 000,911,360 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Bureaublad\13-25juneRogueKiller.exe
[2013-06-25 16:15:58 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Eigenaar\Bureaublad\12-25junetdsskiller.exe
[2013-06-21 18:54:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\11-21juneOTL.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ========== [2013-07-16 10:38:15 | 000,127,984 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Bureaublad\2windowsupdate.diagcab
[2013-07-10 14:58:27 | 000,127,984 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Bureaublad\14a-10july 2ndTuesday-windowsupdate.diagcab
[2013-07-10 12:46:24 | 000,000,386 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013-07-08 08:28:53 | 000,168,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-06-25 16:16:57 | 000,911,360 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Bureaublad\13-25juneRogueKiller.exe
[2013-05-25 02:30:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013-05-25 02:30:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013-05-25 02:30:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013-05-25 02:30:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013-05-25 02:30:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013-03-14 11:29:25 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2013-03-14 11:29:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2013-03-14 11:29:23 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2013-03-14 11:29:21 | 000,014,496 | ---- | C] () -- C:\WINDOWS\HL-5240.INI
[2013-03-14 11:28:40 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\bd5240.dat
[2013-03-14 11:27:45 | 000,000,283 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2013-03-13 11:46:36 | 000,000,479 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Application Data\TSSTLiveUpdateConfig.ini
[2012-09-12 15:43:07 | 000,004,706 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012-08-10 15:06:30 | 000,268,519 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Local Settings\Application Data\census.cache
[2012-08-10 15:05:52 | 000,180,312 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Local Settings\Application Data\ars.cache
[2012-08-10 12:48:24 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Local Settings\Application Data\housecall.guid.cache
[2012-07-07 23:13:52 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Local Settings\Application Data\fusioncache.dat
[2012-07-06 14:44:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-07-05 04:40:25 | 000,294,527 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2011-11-20 20:10:40 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
========== ZeroAccess Check ========== [2011-03-24 11:50:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-15 02:32:40 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-02-09 12:56:06 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008-04-15 02:32:46 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ========== [2012-07-08 18:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012-02-09 13:26:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012-08-10 12:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2010-11-10 13:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICIDU
[2012-08-07 15:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kingsoft
[2012-07-08 18:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011-11-14 18:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2012-07-09 22:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\ElevatedDiagnostics
[2012-08-07 15:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Foxit Software
[2010-11-15 14:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\ICAClient
[2012-08-07 15:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Kingsoft
[2010-05-11 15:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\OpenOffice.org
[2013-05-07 12:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Oracle
[2013-05-12 15:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Uniblue
[2012-07-07 21:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Windows Desktop Search
[2012-07-09 17:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Windows Search
[2012-07-25 15:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gast\Application Data\OpenOffice.org
[2012-11-26 11:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gast\Application Data\Uniblue
[2012-07-17 06:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gast\Application Data\Windows Desktop Search
[2013-02-19 13:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gast\Application Data\Windows Search
[2013-05-14 14:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Werkaccount\Application Data\Windows Desktop Search
========== Purity Check ========== < End of report >