Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Another computer needs to be checked, spyware and doubtfull software/d


  • This topic is locked This topic is locked

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
This error is not good and indicates a problem with the hard drive:

Error: (10/14/2013 05:35:59 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0


1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

The disk check will run and will probably take an hour or more to finish.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

All other errors (unit.exe) are caused by Comodo not working correctly.

FRST shows two toolbar Extensions without files in IE.

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Can you remove them using Tools, Manage Add-ons?

I see a recent driver in FRST that I do not recognize.
R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14272 2013-10-04] ()
Can you submit it to virustotal.com?


Easiest way to submit a file is to copy the path:

C:\Windows\System32\DRIVERS\hmd.sys

Then
Go to virustotal.com with your browser. Click on Choose File then when the file chooser window opens, move down to the File Name: box and then Ctrl + v and the path should appear. Hit Open and it should return to the main page with spoolsv.exe chosen. Click on Scan it. If it knows the file already it will tell you it's already been analyzed and offer you a choice of Reanalyze and View Last Analysis. In that case click on View Last Analysis. If it doesn't know the file it will take a minute to query 47 different anti-virus companies. In either case, If the Detection ratio: is not 0 / 47 then copy the Analysis page and paste it into the forum. You can just hit Ctrl + a then Ctrl + c to copy the page then go to a reply and Ctrl + v.


Wasn't aware that Avast had changed to 2014 already. Sorry if the instructions didn't work for you but it looks like you found out how to run it. Normally you can go into the chest and permanently delete anything that is there. On my version of Avast it's: Click on the Avast ball, Maintenance, Virus Chest. Then I think you just highlight or click on the things you want to remove. I think when you uninstall Avast it will also ask you if you want to remove the items in the chest. For the Adwcleaner files you can run it and look under Tools, Quarantine Manager where it should allow you to get rid of the stuff it found or you can just Uninstall it which should remove the Quarantine stuff too. If it doesn't you can just delete the folder C:\AdwCleaner.

I usually wait to clean out System Restore until we are done but we can do it now if you like:

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.
  • 0

Advertisements


#17
Admirgency

Admirgency

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
  • Scheduled chkdsk via your directions ;
  • Checked error-events in Events → Sytem and Events → Applications : no info available ;
  • Cleared Events → Sytem and Events → Applications ;
  • Reboot : computer did not run chkdsk ;
  • Avast did not start anymore and no systemtray warning-message from Windows Security Center ;
  • Opened Configurtation Screen : Configuration Screen crashed ;
  • CTRL-ALT-DEL did not work ;
  • Taskbar rightclick to open Taskmanager did not work ;
  • Windows-button on keyboard didn't work ;
5. => Hard shut-down of computer ;


6. Took Modem & Router offline and off electricity (router for Public computers already without electricity) ;
7. Restart offline ;
  • Avast showed again ;
  • Scheduled another chkdsk according to your directions
8. Reboot (offline) : chldsk now worked well ;

9. VEW worked OK offline ;

10. I Could not find the given toolbar-extensions ;
  • Avast is listed twice in IE Invoegtoepassingen → Werkbalken en existenties, in Owner, User and Admin alike ;
[/list] 11. Reboot (from hidden Admin, Safe Modus to Owner Regular Modus) (still offline);
  • Plugged in Router and Modem to electrra and phoneline ;
  • Waited untill they were fully functional ;
  • Plugged in computer to the Net ;
[/list] 12. VirusTotal could not find the file, i searched with variations in capitals and lower case lettersigns ;
  • Went to Configscreen → Files and Folders, Ticked "Verborgen mappen en bestanden weergeven", unticked "Beveiligde besturingssysteembestanden verbergen (aanbevolen)" and ticked "De inhoud van systeemmappen weergeven" aThere-after i repeated the search via VirusTotal without a result ;
  • repeated search via My Computer without a result ;
  • Restored Default options for Files and Folders and checked if they realy were restored, yes they are ;
  • Searched with VirusTotal onsite search-engine without a result ;

13. When i began writing this report, Java needed update according to Avast Updater Service. Java RE is up to date, Java SE needs to be activated. Wanted to uninstall SE but it's not visible in Configscreen → Software. It's only visible as a Firefox- extension.


14. Wrote the bulk of this report, i wish i had MS Office, Open Office acts inconvenient for making this listing. I hope this mess copy/pastes about right unto the GtG-forum (i expect the tabs won't). (Only a few tabs didn't).


15. Went to GeeksToGo, saw i forgot to clean out the restorepoints and cleaned them.

Vino's Event Viewer v01c run on Windows XP in Dutch
Report run at 20/10/2013 17:16:43

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Fout Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/10/2013 14:24:08
Type: Fout Category: 0
Event: 7031 Source: Service Control Manager
De avast! Antivirus-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 5000 milliseconden worden uitgevoerd: Service opnieuw starten.

Log: 'System' Date/Time: 20/10/2013 14:22:58
Type: Fout Category: 0
Event: 1 Source: sr
Tijdens de verwerking van het bestand op het volume HarddiskVolume1 is de fout 0xC0000001 opgetreden in het filter van Systeemherstel. Controle van dit volume is gestopt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Waarschuwing Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/10/2013 14:34:31
Type: Waarschuwing Category: 0
Event: 4 Source: E100B
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down


Vino's Event Viewer v01c run on Windows XP in Dutch
Report run at 20/10/2013 17:19:57

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Fout Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Waarschuwing Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by Admirgency, 20 October 2013 - 12:29 PM.

  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Looks like the chkdsk cleared up the problem.

I see Avast had a problem. Is it running OK now?

Also System Restore is complaining about something:

Event: 1 Source: sr
Tijdens de verwerking van het bestand op het volume HarddiskVolume1 is de fout 0xC0000001 opgetreden in het filter van Systeemherstel. Controle van dit volume is gestopt.


Sometimes this is just because it is trying to do more than make copies of the the C:\ drive. IF you go into Control Panel, System, System Restore, it should say under Status that it is monitoring C:\. Should not be anything else there.


I found that hmd.sys is part of Comodo so we don't need to worry about it.

Run OTL, Quickscan and post the log. If the extensions are still there I can have OTL remove them.

How is it running now?

Since you don't like Open Office have you tried Wordpad?

Start, Run, wordpad, OK
  • 0

#19
Admirgency

Admirgency

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Can't realy tell you how this computer is doing, it's almost never used. I can say : this computer is quicker then the Vista Laptop. The responsable employees use the Vista-laptop or their own handheld or tablet. The less responsable employees use the public computers.

Since next month is comming up, i had to install printer-drivers + Firmware (note, i forgot about firmware with the previous office-computer), plain black'nwhite laser. Installation of Brother Printer-drivers went fairly well exept for "DLL load Failure : The DLL C:\WINDOWS\System32\brwebins.dll failed to load. Returned -1."
For the first prints i had to convert MS Office Excel files to ODF, Open Office Format, besides changing some data on the pages. That didn't pose any problem.
To answer your remark on using Wordpad, that has it's limitations just as well. If it'ld be up to me i'ld get back to MS Word (or Office or what was it called back then) from the early 90's, not to any version since Windows '98. But it's not up to me and they're just small nuisences, i go with the flow.

Don't know exactly how Avast is doing, again, this computer isn't in use exept for GtG-forum and now for printing a few blank ID-cards for our street-vendors.

Configurationscreen -> Systeem -> Syteem Herstel -> Status says "Windows (C:) controle", i recon that's the Dutch version of what you say should be the status.

The OTL.txt :
OTL logfile created on: 24-10-2013 18:05:38 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Eigenaar\Bureaublad
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

759,48 Mb Total Physical Memory | 475,37 Mb Available Physical Memory | 62,59% Memory free
1,81 Gb Paging File | 1,53 Gb Available in Paging File | 84,45% Paging File free
Paging file location(s): C:\pagefile.sys 1140 1140 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,27 Gb Total Space | 23,01 Gb Free Space | 61,74% Space Free | Partition Type: NTFS

Computer Name: KANTOOR2 | User Name: Eigenaar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-10-20 14:01:17 | 003,567,800 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2013-10-15 18:38:53 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013-10-09 19:33:16 | 002,104,968 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe
PRC - [2013-10-09 15:01:40 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013-10-08 07:48:23 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013-10-06 14:16:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\6okt2013-6-OTL.exe
PRC - [2013-03-12 15:01:38 | 000,559,168 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Online Games Manager\ogmservice.exe
PRC - [2008-04-15 02:33:00 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013-10-23 21:58:12 | 002,136,576 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13102301\algo.dll
MOD - [2013-10-15 18:39:21 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013-10-09 19:33:16 | 002,104,968 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013-10-15 18:38:53 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013-10-11 15:52:48 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-10-09 19:33:16 | 002,104,968 | ---- | M] () [Auto | Running] -- C:\Program Files\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2013-10-08 07:48:23 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013-09-11 04:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-03-12 15:01:38 | 000,559,168 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- C:\Program Files\Online Games Manager\ogmservice.exe -- (ogmservice)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\8okt2013-9-ComboFix\catchme.sys -- (catchme)
DRV - [2013-10-15 18:39:31 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013-10-15 18:39:31 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2013-10-15 18:39:31 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013-10-15 18:39:31 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013-10-15 18:39:31 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013-10-15 18:39:30 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013-10-15 18:39:30 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013-10-15 18:39:29 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2002-07-07 13:53:32 | 000,296,179 | ---- | M] (SigmaTel Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97na.sys -- (STAC97NA)
DRV - [2002-07-07 13:52:46 | 000,231,983 | ---- | M] (SigmaTel Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97nh.sys -- (STAC97NH)
DRV - [2001-08-17 22:04:08 | 000,173,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\philcam2.sys -- (phil2vid)
DRV - [2000-07-24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BRPAR.SYS -- (BrPar)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 10 1F A3 DC BD CE 01 [binary data]
IE - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://nl.start3.moz...la:nl:official"
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.12
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2006.53
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {bff6b2ca-366c-4a90-b685-d87776deb0d2}:1.0.0.12
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-15 18:39:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-10-08 15:39:16 | 000,000,000 | ---D | M]

[2013-09-24 12:44:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Extensions
[2013-10-06 17:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\bjvlnrw9.default\extensions
[2013-10-06 17:24:20 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\bjvlnrw9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013-10-06 14:04:35 | 000,282,570 | ---- | M] () (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\bjvlnrw9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2011-03-25 11:06:09 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\bjvlnrw9.default\searchplugins\bing.xml
[2013-10-06 14:49:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013-10-06 14:00:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013-10-06 14:00:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013-10-15 18:39:38 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - default_search_provider: Yahoo! Search (Enabled)
CHR - default_search_provider: search_url = http://nl.search.yah...p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://nl.yahoo.com?fr=fpc-comodo
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Zoeken = C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013-10-08 16:54:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1271944706703 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C14C12F-FE35-4086-8935-5AD09B3BDF73}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-04-22 13:42:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (pgdfgsvc C 1)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013-10-24 16:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Brother HL-5240
[2013-10-24 16:51:08 | 000,111,928 | ---- | C] (Brother Industries Ltd) -- C:\WINDOWS\System32\BRRBTOOL.EXE
[2013-10-24 16:51:06 | 000,019,537 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\drivers\BRPAR.SYS
[2013-10-24 16:51:05 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\brlmw03a.dll
[2013-10-24 16:51:05 | 000,024,223 | ---- | C] (Brother Industries, Ltd) -- C:\WINDOWS\System32\brlm03a.dll
[2013-10-24 16:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\Brownie
[2013-10-24 16:51:03 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BROSNMP.DLL
[2013-10-24 16:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2013-10-24 16:49:45 | 000,192,512 | ---- | C] (brother) -- C:\WINDOWS\System32\Pdrvinst.dll
[2013-10-24 16:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Bureaublad\Fonts
[2013-10-24 16:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Bureaublad\network
[2013-10-24 16:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Bureaublad\inthelp
[2013-10-24 16:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Bureaublad\driver
[2013-10-24 16:44:00 | 029,656,991 | ---- | C] (A.I.SOFT,INC.) -- C:\Documents and Settings\Eigenaar\Bureaublad\24okt-19-XPDriverHL5240_50-inst-C1-nl.EXE
[2013-10-20 19:05:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Java
[2013-10-15 18:47:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013-10-15 18:46:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Application Data\AVAST Software
[2013-10-15 18:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Avast
[2013-10-15 17:29:46 | 000,403,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013-10-15 17:29:46 | 000,035,656 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013-10-15 17:29:42 | 000,054,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013-10-15 17:29:40 | 000,057,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013-10-15 17:29:38 | 000,774,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013-10-15 17:29:25 | 000,070,384 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013-10-15 17:29:23 | 000,269,216 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013-10-15 17:20:46 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013-10-15 17:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013-10-15 17:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013-10-15 12:50:29 | 000,000,000 | ---D | C] -- C:\FRST
[2013-10-15 12:42:10 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Eigenaar\Bureaublad\15okt-17-UseInSafModus-aswclear.exe
[2013-10-15 12:26:50 | 001,087,213 | ---- | C] (Farbar) -- C:\Documents and Settings\Eigenaar\Bureaublad\15 okt2013-16-FRST.exe
[2013-10-14 18:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Application Data\OpenOffice
[2013-10-14 14:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013-10-11 16:34:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013-10-11 10:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO
[2013-10-11 10:04:08 | 000,048,392 | ---- | C] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll
[2013-10-09 14:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware
[2013-10-09 14:37:56 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013-10-09 14:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013-10-09 14:37:01 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Eigenaar\Bureaublad\9okt2013-11-mbam-setup-1.75.0.1300.exe
[2013-10-09 14:26:44 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Eigenaar\Bureaublad\9okt2013-10-tdsskiller.exe
[2013-10-08 16:28:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013-10-08 16:22:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013-10-08 16:22:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013-10-08 16:22:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013-10-08 16:22:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013-10-08 16:18:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013-10-08 16:16:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Eigenaar\Menu Start\Programma's\Systeembeheer
[2013-10-08 16:16:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013-10-08 15:59:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-10-08 15:53:29 | 005,132,072 | R--- | C] (Swearware) -- C:\Documents and Settings\Eigenaar\Bureaublad\8okt2013-9-ComboFix.exe
[2013-10-08 15:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013-10-08 15:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013-10-06 15:00:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013-10-06 14:28:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013-10-06 14:16:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\6okt2013-6-OTL.exe
[2013-10-06 14:16:03 | 005,552,488 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Eigenaar\Bureaublad\6okt2013-5-spsetup123.exe
[2013-10-06 14:15:23 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Eigenaar\Bureaublad\6okt2013-4-aswmbr.exe
[2013-10-06 14:14:59 | 001,032,220 | ---- | C] (Thisisu) -- C:\Documents and Settings\Eigenaar\Bureaublad\6okt2013-3-JRT.exe
[2013-10-06 14:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013-10-06 14:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013-10-02 09:18:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Sun
[2013-10-01 15:20:53 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\OpenOffice 4.0.1
[2013-10-01 15:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice 4
[2013-10-01 14:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013-10-01 14:26:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Bureaublad\Nieuwe map
[2013-10-01 11:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013-09-30 15:17:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\1-OTL.exe
[2013-09-30 11:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-10-24 18:09:07 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013-10-24 18:07:02 | 000,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013-10-24 18:04:12 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013-10-24 18:03:29 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2013-10-24 17:51:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013-10-24 16:57:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013-10-24 16:54:01 | 000,014,496 | ---- | M] () -- C:\WINDOWS\HL-5240.INI
[2013-10-24 16:54:01 | 000,000,145 | ---- | M] () -- C:\WINDOWS\BRVIDEO.INI
[2013-10-24 16:54:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\brmx2001.ini
[2013-10-24 16:50:27 | 000,000,425 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2013-10-24 16:50:27 | 000,000,110 | ---- | M] () -- C:\WINDOWS\System32\bd5240.dat
[2013-10-24 16:40:33 | 000,000,460 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{19634F2B-6041-4CFB-B933-71C9576E8275}.job
[2013-10-24 16:36:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013-10-20 14:17:57 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Eigenaar\Bureaublad\20okt2013-18-VEW.exe
[2013-10-15 18:40:53 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\avast! Free Antivirus.lnk
[2013-10-15 18:39:31 | 000,774,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013-10-15 18:39:31 | 000,403,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013-10-15 18:39:31 | 000,178,304 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013-10-15 18:39:31 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013-10-15 18:39:31 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013-10-15 18:39:30 | 000,070,384 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013-10-15 18:39:30 | 000,035,656 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013-10-15 18:39:29 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013-10-15 18:39:24 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013-10-15 18:39:23 | 000,269,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013-10-15 18:28:35 | 000,002,845 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013-10-15 18:21:51 | 108,763,792 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Bureaublad\15okt2013-17c-vpsupd.exe
[2013-10-15 12:41:51 | 000,377,920 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Eigenaar\Bureaublad\15okt-17-UseInSafModus-aswclear.exe
[2013-10-15 12:31:55 | 131,918,888 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Bureaublad\15okt2013-17-avast_free_antivirus_setup.exe
[2013-10-15 12:26:28 | 001,087,213 | ---- | M] (Farbar) -- C:\Documents and Settings\Eigenaar\Bureaublad\15 okt2013-16-FRST.exe
[2013-10-14 13:49:19 | 000,377,856 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Bureaublad\14okt-15-38ndcydo.exe
[2013-10-14 13:49:19 | 000,377,856 | ---- | M] () -- C:\14okt-15-38ndcydo.exe
[2013-10-14 13:47:48 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Eigenaar\Bureaublad\14okt2013-13VEW.exe
[2013-10-14 13:21:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013-10-11 17:29:02 | 000,577,438 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2013-10-11 17:29:02 | 000,481,352 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013-10-11 17:29:02 | 000,110,720 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2013-10-11 17:29:02 | 000,079,808 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013-10-11 16:52:46 | 000,126,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-10-11 16:44:01 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013-10-11 10:04:08 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll
[2013-10-09 14:36:49 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Eigenaar\Bureaublad\9okt2013-11-mbam-setup-1.75.0.1300.exe
[2013-10-09 14:27:00 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Eigenaar\Bureaublad\9okt2013-12-VEW.exe
[2013-10-09 14:26:14 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Eigenaar\Bureaublad\9okt2013-10-tdsskiller.exe
[2013-10-08 16:54:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013-10-08 16:28:11 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013-10-08 16:06:53 | 000,000,550 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Bureaublad\Snelkoppeling naar aReebok Maintenance.lnk
[2013-10-08 15:53:15 | 005,132,072 | R--- | M] (Swearware) -- C:\Documents and Settings\Eigenaar\Bureaublad\8okt2013-9-ComboFix.exe
[2013-10-08 15:39:17 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Adobe Reader XI.lnk
[2013-10-06 14:20:41 | 000,891,167 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Bureaublad\6okt2013-7-SecurityCheck.exe
[2013-10-06 14:16:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\6okt2013-6-OTL.exe
[2013-10-06 14:15:54 | 005,552,488 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Eigenaar\Bureaublad\6okt2013-5-spsetup123.exe
[2013-10-06 14:15:21 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Eigenaar\Bureaublad\6okt2013-4-aswmbr.exe
[2013-10-06 14:14:44 | 001,032,220 | ---- | M] (Thisisu) -- C:\Documents and Settings\Eigenaar\Bureaublad\6okt2013-3-JRT.exe
[2013-10-06 14:13:01 | 001,045,226 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Bureaublad\6okt2013-2-AdwCleaner.exe
[2013-10-06 14:01:04 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013-10-06 14:00:58 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Mozilla Firefox.lnk
[2013-09-30 15:17:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\1-OTL.exe
[2013-09-25 13:00:08 | 029,656,991 | ---- | M] (A.I.SOFT,INC.) -- C:\Documents and Settings\Eigenaar\Bureaublad\24okt-19-XPDriverHL5240_50-inst-C1-nl.EXE
[2013-09-25 12:54:00 | 000,924,173 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Bureaublad\24okt-19-FirmwareBrMain480.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-10-24 16:54:01 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2013-10-24 16:54:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2013-10-24 16:51:05 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2013-10-24 16:51:04 | 000,014,496 | ---- | C] () -- C:\WINDOWS\HL-5240.INI
[2013-10-24 16:50:27 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013-10-24 16:48:40 | 000,000,110 | ---- | C] () -- C:\WINDOWS\System32\bd5240.dat
[2013-10-24 16:47:14 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2013-10-24 16:44:10 | 000,924,173 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Bureaublad\24okt-19-FirmwareBrMain480.exe
[2013-10-20 14:17:57 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Eigenaar\Bureaublad\20okt2013-18-VEW.exe
[2013-10-15 18:19:42 | 108,763,792 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Bureaublad\15okt2013-17c-vpsupd.exe
[2013-10-15 17:29:51 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\avast! Free Antivirus.lnk
[2013-10-15 17:29:36 | 000,000,364 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013-10-15 17:29:33 | 000,178,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013-10-15 17:29:28 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013-10-15 12:29:35 | 131,918,888 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Bureaublad\15okt2013-17-avast_free_antivirus_setup.exe
[2013-10-14 17:12:24 | 000,377,856 | ---- | C] () -- C:\14okt-15-38ndcydo.exe
[2013-10-14 13:49:18 | 000,377,856 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Bureaublad\14okt-15-38ndcydo.exe
[2013-10-14 13:47:47 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Eigenaar\Bureaublad\14okt2013-13VEW.exe
[2013-10-14 13:21:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013-10-09 14:27:23 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Eigenaar\Bureaublad\9okt2013-12-VEW.exe
[2013-10-08 16:28:10 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013-10-08 16:28:06 | 000,261,936 | RHS- | C] () -- C:\cmldr
[2013-10-08 16:22:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013-10-08 16:22:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013-10-08 16:22:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013-10-08 16:22:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013-10-08 16:22:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013-10-08 16:06:53 | 000,000,550 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Bureaublad\Snelkoppeling naar aReebok Maintenance.lnk
[2013-10-08 15:39:17 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Adobe Reader XI.lnk
[2013-10-08 15:39:16 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Adobe Reader XI.lnk
[2013-10-06 14:20:59 | 000,891,167 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Bureaublad\6okt2013-7-SecurityCheck.exe
[2013-10-06 14:13:15 | 001,045,226 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Bureaublad\6okt2013-2-AdwCleaner.exe
[2013-10-06 14:00:58 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Mozilla Firefox.lnk
[2013-10-06 14:00:58 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Mozilla Firefox.lnk
[2013-09-24 18:10:12 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Local Settings\Application Data\fusioncache.dat
[2013-02-27 12:39:18 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2012-12-18 14:53:39 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-02-15 15:41:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011-09-15 10:10:34 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Eigenaar\.recently-used.xbel

========== ZeroAccess Check ==========

[2013-06-25 09:20:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-15 02:32:40 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-02-09 12:56:06 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008-04-15 02:32:46 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012-10-11 12:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\102CE
[2012-12-17 13:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013-10-15 18:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012-08-21 12:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F1F4
[2011-01-11 14:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2011-01-11 14:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2011-01-14 16:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photo Notifier and Animation Creator
[2011-05-30 15:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2013-02-01 11:04:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{106AF5DB-123A-4291-ABE3-2294A5CEE924}
[2013-10-15 18:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\AVAST Software
[2013-01-24 11:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\CallingID
[2013-04-18 14:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\CometNetwork
[2011-07-08 09:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\CometPlayer
[2011-11-22 11:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\DarkParablesBriarRose_BFG
[2011-11-22 14:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Funswitch
[2011-03-16 11:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\HTC
[2011-03-16 10:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012-10-12 11:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\imeshtoolbar2
[2011-11-23 10:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Jewel Match 3
[2011-11-03 20:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Mystery of Mortlake Mansion
[2013-10-14 18:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\OpenOffice
[2010-05-11 15:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\OpenOffice.org
[2011-11-15 17:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\PeaceCraft3
[2011-07-08 10:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Python-Eggs
[2011-07-05 09:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\tigerplayer
[2011-12-01 19:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\V-Games
[2013-09-24 17:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Windows Desktop Search
[2013-10-17 09:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zelfk®ant Kantoor\Application Data\AVAST Software
[2013-09-30 11:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zelfk®ant Kantoor\Application Data\imeshtoolbar2
[2013-10-02 09:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zelfk®ant Kantoor\Application Data\OpenOffice
[2013-09-25 09:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zelfk®ant Kantoor\Application Data\OpenOffice.org
[2013-09-25 09:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zelfk®ant Kantoor\Application Data\Windows Desktop Search

========== Purity Check ==========



< End of report >
  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c


:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\8okt2013-9-ComboFix\catchme.sys -- (catchme)
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {bff6b2ca-366c-4a90-b685-d87776deb0d2}:1.0.0.12
O3 - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

:files
C:\Program Files\Comodo\Dragon\dragon_updater.exe
sc config AppMgmt start= disabled /c
sc config DragonUpdater start= disabled /c
C:\Program Files\Java\jre6

:Commands
[EMPTYTEMP]
[Reboot]


then Double on OTL to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.

Get Speedyfox
http://www.crystalidea.com/speedyfox

Download, Save and Run it. Close Firefox and/or Chrome. Click on Optimize. Exit when it finishes. Firefox and Chrome should both load much faster than before.
  • 0

#21
Admirgency

Admirgency

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
OK, OTLfix and Speedyfox are done.
Note : (Next to FF) there's Google Chrome as well as Comodo Dragon - the Comodo-version of Chrome - present on this computer. Speedyfox UI showed only Chrome. Did it optimize both or just original Googles Chrome?

Firefox Greasemonky welcomed me as if it was installed anew.. We don't need Greasemonky, can i go ahead and remove it?


All processes killed
========== OTL ==========
Service USBAAPL stopped successfully!
Service USBAAPL deleted successfully!
File System32\Drivers\usbaapl.sys not found.
Service HTCAND32 stopped successfully!
Service HTCAND32 deleted successfully!
File System32\Drivers\ANDROIDUSB.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\8okt2013-9-ComboFix\catchme.sys not found.
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.11 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: {bff6b2ca-366c-4a90-b685-d87776deb0d2}:1.0.0.12 removed from extensions.enabledItems
Registry value HKEY_USERS\S-1-5-21-1606980848-1788223648-2146830767-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-1606980848-1788223648-2146830767-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
========== FILES ==========
C:\Program Files\Comodo\Dragon\dragon_updater.exe moved successfully.
< sc config AppMgmt start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Eigenaar\Bureaublad\cmd.bat deleted successfully.
C:\Documents and Settings\Eigenaar\Bureaublad\cmd.txt deleted successfully.
< sc config DragonUpdater start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Eigenaar\Bureaublad\cmd.bat deleted successfully.
C:\Documents and Settings\Eigenaar\Bureaublad\cmd.txt deleted successfully.
C:\Program Files\Java\jre6\lib\ext folder moved successfully.
C:\Program Files\Java\jre6\lib folder moved successfully.
C:\Program Files\Java\jre6\bin folder moved successfully.
C:\Program Files\Java\jre6 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Eigenaar
->Temp folder emptied: 70225956 bytes
->Temporary Internet Files folder emptied: 29956166 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 84578307 bytes
->Google Chrome cache emptied: 288457372 bytes
->Flash cache emptied: 492 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 40102231 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Zelfk®ant Kantoor
->Temp folder emptied: 2723 bytes
->Temporary Internet Files folder emptied: 49596859 bytes
->FireFox cache emptied: 55731145 bytes
->Google Chrome cache emptied: 20943670 bytes
->Flash cache emptied: 602 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 426 bytes
%systemroot%\System32 .tmp files removed: 2845 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 45011824 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 270336439 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 29955920 bytes

Total Files Cleaned = 939,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10272013_112112

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#22
Admirgency

Admirgency

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
I verified on Vista Laptop : Speedyfox did not recognize/optimize Comodo Dragon nor Ice Dragon as being Chrome and Firefox versions. Also, from within Owner-acc., it didn't recognize Skype wich is only installed in User-account and not in Owner acc..
  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Note : (Next to FF) there's Google Chrome as well as Comodo Dragon - the Comodo-version of Chrome - present on this computer. Speedyfox UI showed only Chrome. Did it optimize both or just original Googles Chrome?


I think it only works on the ones it says.

Firefox Greasemonky welcomed me as if it was installed anew.. We don't need Greasemonky, can i go ahead and remove it?


Remove it if you don't want it any more. Then run Speedy Fox again.

I think that's about all we can do with this one. Time to clean up:

You can uninstall or delete any tools we had you download and their logs.


If we ran Combofix: To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 45 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. If that is the case then you should go in to Control panels, Java, Security and set the slider to the highest level.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chrome then get the AdBlock Plus Add-on. Also now available for IE. adblockplus.org


If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.


XP does not automatically run defrag so it needs to be done manually every couple of months or it will slow down. http://support.microsoft.com/kb/314848


XP has been out a long time so most XP computers are starting to get clogged with dust. This makes them overheat which will also slow them down. To clean a desktop, shut it down but leave it plugged in. Remove the lid or open it up and use a vacuum cleaner hose and a small brush to clean the air vents in the front and back and the fins of the heatsink and of the fans - including the fan of the power supply. You may need to unscrew the four screws that hold the fan to the heatsink and lift the fan off to really clean the heatsink. Start it up while the lid is off and watch the fan (after screwing it back down again if you removed it). It should start up right away and be at full speed in no time (it may stop running shortly after starting - this is normal). A fan that is slow starting or which makes noise is worn out and needs to be replaced. If you think it might be running hot you can get speedfan

http://www.almico.com/sfdownload.php

Download, save and Install it then run it.

It will tell you your temps (if the PC is not too old). If they seem hot (over 50) then check Automatic Fan Speed.
Leave it running and see if the temps drop. If temps are over 80, the CPU will slow down to protect itself.

Make sure you have Windows update working and preferably on Automatic download and install. Go to Internet Explorer, Tools, (or Safety), Windows Updates, Express and see if it has any updates for you.
  • 0

#24
Admirgency

Admirgency

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
IN MEMORIAM : JAN BEUKENS.

Jan was one of leading employees amongst our towns homeless-projects. For citizens and illegal immigrants/refugees alike. To me he was one of 3 pillars i could always lean upon in the past decade when i received counter-productive medication from various psychiatrists. Without Jan i would not've been able to shed my psychiatrical problems & come clean of crackware on my computers nor come clean of drugs. I would not be able to do the work i do now. Without Jan Beukens i might not have lived anymore for without him the projects where i also encountered my other 2 pillars of moral & spiritual support might not have survived.

Sorry for the confusion, becouse of the time passed and the modem/router-passwords i'll write now about all 3 computers. I'll highlight in bold text that is specified for this computer and/or this thread. With this computer all went fairly well. And when i come around to it i'll copy/paste parts of this text to the threads for the other 2 computers.

Early sunday-evening last week i was almost ready updating the public computers when i got a phonecall from Spain, where my boss is on holyday. Our substitute payed coördinator doesn't know our town yet while i am familliar with clients, volunteers, payed employees and board-members. I had to phone the message about the demise of Jan Beukens around and make some quick prints.

With this death being the worst, every time in the past weeks where i thought i'ld have time to work on the computers something happened. F.e. our board-members forgot to tell the substitute payed coördinator she was hired again and likewise i heard the news of our boss going on a holiday via other ppl. We got assurance only on the very last workingday of our boss. While i came to work extra early to work on the computers, the boss had made a double appointment and was late for both. Furthermore the garden was made winter-ready (and i have 3 more gardens to work on), there were repairs to the building needed for the winter (homeless evening-shelter), extra repairs becouse of agression, multiple thefts from visitors amongst each-other and so on. These last weeks i did not have much time for the computers and the time i had planned went up on all kinds of extra events. (And i'm not so crazy anymore to flee into working a 100 to 120 hours a week).

3 weeks ago i opted to change the passwords on our routers (1 wireless and 1 wired). I found we have no installation-disks (with user-manuals) for the routers we use but for 1 diferent router. Thus i had to study on the manufacturers websites. I could not get in via the wired computers so i tried a hard reset. I had taken the wired router for the public computers offline but wile resetting the wireless router the somewhat less responsable employee plugged the wired router + public computers back in. Then only the office-laptop could get in via the routers pin-code (and not directly via password nor via IPadresses). The password i then recieved was not our own nor the manufacturers password. The manufacturers websites warned me against changing router-settings via a wireless connection but in hindsight i wished i'ld done so indeed. why you say?

1 of our visitors brought in a laptop he couldn't get in, together with a dongel (KPN prepaid Inet) that didn't work. My boss tried it on his Android and immediately lost Internet-connection instead of gaining another-one. I looked at the dongel on public computer no. 2 (sory for installing its software). Next day my boss had connection again most of the time, be it a very weak signal while right next to his Android the office-laptop had strong signal. Quick check of the visitors laptop learned me it wasn't taken hostage. And that visitor received a new Dongel from the KPN-shop because the shop where he bought it gave him an outdated Dongel. I took the visitors laptop home to work on it. His Windows needed repair and a lot of registry-scanners and AV (+ their start-pages + theirs & some more search-engines + theirs & some more toolbars) had to be uninstalled. Mbam as well as Eset and MS online scanners deemed it free of any malware. So malware from the visitors laptop most likely was not the reason the public computers lost LAN-connection for one day also.

On top of all that a prankster visitor messed with the screen-settings of public computer no. 1 so much that i couldn't get into the screens menu anymore. Not risking any employee or visitor plugging it in again, i took the cables (electric & Lan) from those computers + router and locked them up.

November Microsoft Security Updates, the office Computer updated everything as should be.

MS Updates went OK save for publ comp. no. 2, the .Net Framework v2.0 sp2 on XP and Server 2003. Now there's one more update (4 total) that keeps presenting itself for installation and then seemingly installes allright yet presents itself again after reboot. This is a non-essential update.

However the public computers – after Security Updates for Microsoft-software – could not update non-MS software from Filehippo. Public comp no. 2 has Secunia PSI installed but Filehippo is official mirror for Piriform Ccleaner and Defragler. Publ. comp. no 1 has Filehippo Update Checker installed and as far as it didn't need to update from the Filehippo website the updates roled in. I don't know why i could not update from Filehippo website.



Thursday evening i took another look at the router-passwords (had to, winter-evening-shelter for the homeless started earlyer then planned). I Still could not get in. Where after a hard reset i previously got a new password for the wireless router with its pincode - on the laptop - that option now could only be used for the modem. Despite the laptop recieving new connection to our wireless network.

I called in a friend (i'ld normaly hesitate to call him for he still uses crackware, but hey, that's another story, if it weren't for his financial and psychiatric caretakers i would've gotten him to use only legal software a few years ago). Via his Samsung Galaxy he found the IP's for modem the same as for the wireless router but changing the routers IP didn't work as expected either. We took the wireless (primary) router out of the equation for the modem has wireless connection also and no porn/pornchat/gambling-website using visitor gets to use wifi anyway (for now, but the password will be passed on, can't stop that) (the secondary router for the public computers is Lan only).

Friday i've been updating one of our reserve-computers for SMO (combined homeless shelters), who now coördinate our winter-evening shelter, wants a third public computer to be available. It doesn't look like there's malware present but i'll have to run something like Eset Online & Mbam or maybe i'll have time to run dr. Web from BootCD, to be sure before i let our visitors loose on it.

Working 12+ hours 4 days in a row, yesterday and today i took time for this computer, our office-computer. I did not yet remove/uninstall the tools used here on GeeksToGo. The Avira trial-license has expired, therefore i went on to installing Comodo IS again however since i want Comodo Dragon and Ice Dragon to go with CIS i had to uninstall regular FF and Chrome first. Manually i cleaned FF and Chrome (and Java) in all accounts and then installed & ran Ccleaner under minimal conditions, just for the browsers. (Ccleaner detects McAfee present, that'll be Stinger). Then i installed Revo Uninstaller to remove Java, Chrome and Firefox, after wich i installed Comodo Ice Dragon (Dragon already present) and Comodo IS. After reboot CIS quickscan ran immediatly without updating first. There-after i updated CIS and performed its cloudscan. Lastly i went offline to Safe Modus Admin acc. and ran a full scan, nothing malicious found. In Offline Safe Modus i searched the computer for files to throw away or to keep, and put the latter in Shared folder. Then i ran Ccleaner more extensively with overwriting free space 7 times to prepare the comp for better defragmentation. B.t.w., this computer is rigged to defragment at every start-up/reboot.

Are there any special instructions for removing the other tools ? On this computer we used : OTL & Combofix (instructions are already given), and

AdwareCleaner, JRT, Aswmbr, Speccy, Security Check, Kaspersky TDSSkiller, VEW, GMER, FRST, Avast ASWcleaner, Speedyfox. Furthermore McAfee Stinger needs to be uninstalled or removed, it doesn't show in the uninstall-fassilities in Windows, Ccleaner nor Revo Uninstaller freeware. From Revo i did not yet use the trial-PRO-version on this computer so if needed it can be forcibly uninstalled with that Revo-version.



Thank you for your efforts and again sorry it took such a long time for me to resume the 3 threads i have opened.
  • 0

#25
Admirgency

Admirgency

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Extra Essential Microsoft Update for .Net Framework 2.0 sp2 (19th of dec for XP, 16th for Vista) installed OK.

Repeated question :
Are there any special instructions for removing the other tools ? On this computer we used : OTL & Combofix (instructions are already given), and furthermore
AdwareCleaner, JRT, Aswmbr, Speccy, Security Check, Kaspersky TDSSkiller, VEW, GMER, FRST, Avast ASWcleaner, Speedyfox. Furthermore McAfee Stinger needs to be uninstalled or removed, it doesn't show in the uninstall-fassilities in Windows, Ccleaner nor Revo Uninstaller freeware. From Revo i did not yet use the trial-PRO-version on this computer so if needed it can be forcibly uninstalled with that Revo-version.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP