View Full Version : EEK Please can somebody help?
hellocae
2011-08-29, 23:32
Hi - when I click on a link in a google search it only opens the last one on the page and I read up on it and it seems that I have a 'google redirect malware virus'
I tried updating my Mcafee but it doesnt detect it - I then downloaded STOPzilla and it found the nasties but I have to purchase the software to be able to remove them.
Is there any other freeware that could help? Please could you assist me.
Many thanks,
Hellocae
I've followed the instructions and here goes:
.
DDS (Ver_2011-08-26.01) - FAT32x86
Internet Explorer: 7.0.5730.11
Run by Hoofdgebruiker at 23:17:43 on 2011-08-29
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.767.173 [GMT 2:00]
.
AV: McAfeeAntivirus en antispyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfeeFirewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\iBurst Dashboard V2\DashboardLauncher.exe
C:\Program Files\iBurst Terminal\iBurst_Terminal_UTL.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MTN F@stLink\MTN F@stLink.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.unisa.ac.za/
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6261\SiteAdv.dll
BHO: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No File
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110819220952.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\sziebho.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6261\SiteAdv.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Mobile Partner] "c:\program files\mtn f@stlink\MTN F@stLink.exe"
mRun: [PCTVOICE] pctspk.exe
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [SiteAdvisor] c:\program files\siteadvisor\6253\SiteAdv.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\hoofdg~1\menust~1\progra~1\opstar~1\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\dashbo~1.lnk - c:\windows\installer\{797e599d-f9f7-4ca9-8323-79ba07e20cfd}\Icon797E599D.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\iburst~1.lnk - c:\program files\iburst terminal\iBurst_Terminal_UTL.EXE
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07}
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://spaces.msn.com//PhotoUpload/MsnPUpld.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} - hxxp://secure.ingbank.nl/download/DigiSign.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{5F5344DB-3D7A-4B51-99D7-D410CD31CA8C} : NameServer = 209.212.96.1 209.212.97.1
TCP: Interfaces\{7C368668-5C78-4A3A-B428-8210CB60FD91} : NameServer = 196.25.255.34,196.25.255.3
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6261\SiteAdv.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-4 459728]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-5-12 59280]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-4 89368]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-4 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-4 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-4 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-4 165000]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-4 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-4 148520]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-4 57432]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-4 179248]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-4 59288]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-4 337912]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-4 83688]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2003-4-8 820133]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloservicemanager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloservicemanager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S3 BulkUsb;VoIPUSBDriver.sys;c:\windows\system32\drivers\VoIPUSBDriver.sys [2005-10-12 149504]
S3 cpuz132;cpuz132;\??\c:\docume~1\hoofdg~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\hoofdg~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 iBurstu;iBurst Terminal;c:\windows\system32\drivers\iBurstu.sys [2011-7-23 37362]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-4 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-4 85984]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-08-29 19:50:49 -------- d-----w- c:\documents and settings\hoofdgebruiker\local settings\application data\PCHealth
2011-08-28 20:59:54 215920 ----a-w- c:\windows\system32\muweb.dll
2011-08-28 20:59:54 17776 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-08-28 20:59:53 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-08-28 19:58:13 -------- d-----w- c:\documents and settings\all users\Microsoft
2011-08-28 19:52:33 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-08-28 19:51:52 -------- d-----w- c:\documents and settings\hoofdgebruiker\local settings\application data\Microsoft Help
2011-08-28 19:38:53 -------- d-----w- c:\program files\STOPzilla!
2011-08-28 19:38:50 -------- d-----w- c:\program files\common files\iS3
2011-08-28 19:38:47 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2011-08-28 19:18:40 -------- d-----w- c:\program files\MSXML 6.0
2011-08-25 15:58:20 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-08-25 15:58:20 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-08-25 15:58:20 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-08-25 15:58:18 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-08-25 15:58:18 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-08-25 15:58:18 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-08-25 15:58:18 456144 ----a-r- c:\windows\system32\SZBase5.dll
2011-08-25 15:58:18 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-08-25 15:58:18 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-08-25 15:58:16 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-08-25 15:58:16 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-08-25 15:58:16 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-08-24 15:45:35 187392 ----a-r- c:\windows\system32\OLD3.tmp
2011-08-12 20:05:33 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-08-12 20:05:33 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-08-12 20:05:33 112640 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-08-12 20:05:33 102656 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2011-08-12 20:05:33 102400 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
.
==================== Find3M ====================
.
.
============= FINISH: 23:18:30.71 ===============
:welcome:
Nothing really bad jumping out at me on your DDS log. I would uninstall Stopzilla unless your planning on using it, but you dont need it
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Then lets check for a rootkit, these are responsible for browser redirects
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
hellocae
2011-09-01, 08:13
Thank you SO much for all your help attached please find the two logs: I will copy the contents as well:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7622
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
2011/08/31 10:43:17 PM
mbam-log-2011-08-31 (22-43-17).txt
Scan type: Quick scan
Objects scanned: 171051
Time elapsed: 18 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7622
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
2011/08/31 10:43:17 PM
mbam-log-2011-08-31 (22-43-17).txt
Scan type: Quick scan
Objects scanned: 171051
Time elapsed: 18 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Good Morning, no rootkit, lets check further
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
hellocae
2011-09-01, 22:16
OTL logfile created on: 2011/09/01 09:55:16 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Hoofdgebruiker\Bureaublad
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001C09 | Country: Zuid-Afrika | Language: ENS | Date Format: yyyy/MM/dd
767.48 Mb Total Physical Memory | 428.76 Mb Available Physical Memory | 55.87% Memory free
1.08 Gb Paging File | 0.63 Gb Available in Paging File | 57.79% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 5.37 Gb Free Space | 18.34% Space Free | Partition Type: FAT32
Drive D: | 1.55 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 10.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: DUPLESSI-DW702L | User Name: Hoofdgebruiker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Hoofdgebruiker\Bureaublad\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\MTN F@stLink\MTN F@stLink.exe ()
PRC - c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\slserv.exe (Smart Link)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\iBurst Dashboard V2\DashboardLauncher.exe (iBurst)
PRC - C:\Program Files\SiteAdvisor\6253\SiteAdv.exe (McAfee, Inc.)
PRC - C:\Program Files\iBurst Terminal\iBurst_Terminal_UTL.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Program Files\MTN F@stLink\MTN F@stLink.exe ()
MOD - C:\Program Files\MTN F@stLink\LocaleMgrPlugin.dll ()
MOD - C:\Program Files\MTN F@stLink\SMSPlugin.dll ()
MOD - C:\Program Files\MTN F@stLink\NotifyServicePlugin.dll ()
MOD - C:\Program Files\MTN F@stLink\ConfigFilePlugin.dll ()
MOD - C:\Program Files\MTN F@stLink\DeviceMgrPlugin.dll ()
MOD - C:\Program Files\MTN F@stLink\NetInfoPlugin.dll ()
MOD - C:\Program Files\MTN F@stLink\DialUpPlugin.dll ()
MOD - C:\Program Files\MTN F@stLink\DeviceMgrUIPlugin.dll ()
MOD - C:\Program Files\MTN F@stLink\NDISAPI.dll ()
MOD - C:\Program Files\MTN F@stLink\atcomm.dll ()
MOD - C:\Program Files\MTN F@stLink\DetectDev.dll ()
MOD - C:\Program Files\MTN F@stLink\DeviceOperate.dll ()
MOD - C:\Program Files\MTN F@stLink\XCodec.dll ()
MOD - C:\Program Files\MTN F@stLink\FileManager.dll ()
MOD - C:\Program Files\MTN F@stLink\isaputrace.dll ()
MOD - C:\Program Files\SiteAdvisor\6253\saHook.dll ()
MOD - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll ()
MOD - C:\Program Files\iBurst Terminal\iBurst_Terminal_UTL.exe ()
MOD - c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_nl_b77a5c561934e089\mscorlib.resources.dll ()
MOD - c:\windows\assembly\gac\system.drawing.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\system.drawing.resources.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll ()
========== Win32 Services (SafeList) ==========
SRV - (ioloSystemService) -- File not found
SRV - (ioloFileInfoList) -- File not found
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe (Smart Link)
========== Driver Services (SafeList) ==========
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (iBurstu) -- C:\WINDOWS\system32\drivers\iBurstu.sys (KYOCERA CORPORATION)
DRV - (BulkUsb) -- C:\WINDOWS\system32\drivers\VoIPUSBDriver.sys (Windows (R) Server 2003 DDK provider)
DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Smart Link)
DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys (Smart Link)
DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys (Smart Link)
DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys (Smart Link)
DRV - (RecAgent) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys (Smart Link)
DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys (Smart Link)
DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys (Smart Link)
DRV - (rtl8139) NT-stuurprogramma voor Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (SiS7012) Service for AC'97 Sample Driver (WDM) -- C:\WINDOWS\system32\drivers\sis7012.sys (Silicon Integrated Systems Corporation)
DRV - (Ptserial) -- C:\WINDOWS\system32\drivers\ptserial.sys (PCTEL, INC.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (NETMDUSB) -- C:\WINDOWS\system32\drivers\NETMDUSB.sys (Sony Corporation)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (Vpctcom) -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys (PCtel, Inc.)
DRV - (Vvoice) -- C:\WINDOWS\System32\DRIVERS\vvoice.sys (PCtel, Inc.)
DRV - (Vmodem) -- C:\WINDOWS\System32\DRIVERS\vmodem.sys (PCTEL, INC.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/intl/searchpane/en-au/prov2.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/intl/searchpane/en-au/prov2.htm
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-776561741-1229272821-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.unisa.ac.za/
IE - HKU\S-1-5-21-776561741-1229272821-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Hoofdgebruiker\Application Data\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6261\FF\ [2008/05/22 14:17:22 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2003/04/08 12:00:00 | 000,000,776 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No CLSID value found.
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110819220952.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O3 - HKU\S-1-5-21-776561741-1229272821-725345543-1004\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-776561741-1229272821-725345543-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-776561741-1229272821-725345543-1004\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCTVOICE] C:\WINDOWS\System32\pctspk.exe (PCtel, Inc.)
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe (McAfee, Inc.)
O4 - HKU\S-1-5-21-776561741-1229272821-725345543-1004..\Run: [Mobile Partner] C:\Program Files\MTN F@stLink\MTN F@stLink.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Dashboard Launcher.lnk = C:\WINDOWS\Installer\{797E599D-F9F7-4CA9-8323-79BA07E20CFD}\Icon797E599D.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\iBurst_Terminal UTL.lnk = C:\Program Files\iBurst Terminal\iBurst_Terminal_UTL.exe ()
O4 - Startup: C:\Documents and Settings\Hoofdgebruiker\Menu Start\Programma's\Opstarten\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-1229272821-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776561741-1229272821-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-776561741-1229272821-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-1229272821-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-776561741-1229272821-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - Reg Error: Key error. File not found
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-776561741-1229272821-725345543-1004\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} http://secure.ingbank.nl/download/DigiSign.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F5344DB-3D7A-4B51-99D7-D410CD31CA8C}: NameServer = 209.212.96.1 209.212.97.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C368668-5C78-4A3A-B428-8210CB60FD91}: NameServer = 196.25.255.34,196.25.255.3
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Hoofdgebruiker\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hoofdgebruiker\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/06/22 10:15:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/06/09 03:25:10 | 000,000,175 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/11/07 17:41:52 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3fd27404-c51e-11e0-b0d1-0020edb86747}\Shell - "" = AutoRun
O33 - MountPoints2\{3fd27404-c51e-11e0-b0d1-0020edb86747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{3fd27405-c51e-11e0-b0d1-0020edb86747}\Shell - "" = AutoRun
O33 - MountPoints2\{3fd27405-c51e-11e0-b0d1-0020edb86747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{642e897c-c57e-11e0-b0d2-0020edb86747}\Shell - "" = AutoRun
O33 - MountPoints2\{642e897c-c57e-11e0-b0d2-0020edb86747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{642e897d-c57e-11e0-b0d2-0020edb86747}\Shell - "" = AutoRun
O33 - MountPoints2\{642e897d-c57e-11e0-b0d2-0020edb86747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d188eac0-c115-11e0-b0c8-0020edb86747}\Shell - "" = AutoRun
O33 - MountPoints2\{d188eac0-c115-11e0-b0c8-0020edb86747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dbc369de-beae-11e0-b0c4-0020edb86747}\Shell - "" = AutoRun
O33 - MountPoints2\{dbc369de-beae-11e0-b0c4-0020edb86747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dbc369df-beae-11e0-b0c4-0020edb86747}\Shell - "" = AutoRun
O33 - MountPoints2\{dbc369df-beae-11e0-b0c4-0020edb86747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e1bf8e64-bdda-11e0-b0c3-0020edb86747}\Shell - "" = AutoRun
O33 - MountPoints2\{e1bf8e64-bdda-11e0-b0c3-0020edb86747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e1bf8e65-bdda-11e0-b0c3-0020edb86747}\Shell - "" = AutoRun
O33 - MountPoints2\{e1bf8e65-bdda-11e0-b0c3-0020edb86747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ef200b6e-2868-11df-af50-0020edb86747}\Shell - "" = AutoRun
O33 - MountPoints2\{ef200b6e-2868-11df-af50-0020edb86747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ef200b6f-2868-11df-af50-0020edb86747}\Shell - "" = AutoRun
O33 - MountPoints2\{ef200b6f-2868-11df-af50-0020edb86747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ef200b71-2868-11df-af50-0020edb86747}\Shell - "" = AutoRun
O33 - MountPoints2\{ef200b71-2868-11df-af50-0020edb86747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-776561741-1229272821-725345543-1004\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2011/09/01 21:54:13 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\OTL.exe
[2011/09/01 21:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\McAfee
[2011/08/31 22:26:39 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\aswMBR.exe
[2011/08/31 22:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hoofdgebruiker\Application Data\Malwarebytes
[2011/08/31 22:16:27 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/31 22:16:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware
[2011/08/31 22:16:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/31 22:16:18 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/31 22:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/29 23:14:28 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\dds.scr
[2011/08/29 23:13:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/29 23:12:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\ERUNT
[2011/08/29 23:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/08/29 23:11:13 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\erunt-setup.exe
[2011/08/29 21:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hoofdgebruiker\Local Settings\Application Data\PCHealth
[2011/08/28 22:59:54 | 000,017,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011/08/28 22:59:53 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011/08/28 22:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office
[2011/08/28 21:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2011/08/28 21:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/08/28 21:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/08/28 21:51:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hoofdgebruiker\Local Settings\Application Data\Microsoft Help
[2011/08/28 21:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/08/28 21:42:44 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/08/28 21:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/08/28 21:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011/08/19 21:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Norton Security Scan
[2011/08/17 19:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\cae - DONT DELETE VELVET!!!!
[2011/08/12 22:05:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\MTN F@stLink
[2011/08/12 22:05:33 | 000,621,056 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2011/08/12 22:05:33 | 000,112,640 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2011/08/12 22:05:33 | 000,102,656 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbfake.sys
[2011/08/12 22:05:33 | 000,102,400 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2011/08/12 22:05:33 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2011/08/03 15:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hoofdgebruiker\Mijn documenten\My Digital Editions
[2004/09/08 09:47:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/09/01 21:54:08 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\OTL.exe
[2011/09/01 21:11:10 | 000,002,331 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Dashboard Launcher.lnk
[2011/09/01 21:11:08 | 000,003,873 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/09/01 21:10:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/01 09:09:54 | 000,079,881 | ---- | M] () -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\306267_10150356375324328_571409327_9747480_5148532_n.jpg
[2011/09/01 08:09:10 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\MBR.dat
[2011/09/01 06:40:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/31 22:26:32 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\aswMBR.exe
[2011/08/31 22:16:30 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2011/08/31 21:15:32 | 000,018,424 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/08/29 23:21:22 | 000,002,006 | ---- | M] () -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\attach.zip
[2011/08/29 23:14:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\dds.scr
[2011/08/29 23:12:40 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\Hoofdgebruiker\Menu Start\Programma's\Opstarten\ERUNT AutoBackup.lnk
[2011/08/29 23:12:34 | 000,000,496 | ---- | M] () -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\ERUNT.lnk
[2011/08/29 23:11:14 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\erunt-setup.exe
[2011/08/28 22:35:46 | 000,280,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/28 19:19:22 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Hoofdgebruiker\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/24 18:00:04 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Hoofdgebruiker.job
[2011/08/10 22:02:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/03 16:00:06 | 000,016,384 | -H-- | M] () -- C:\WINDOWS\$NtUninstallKB2423089$
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/09/01 09:10:17 | 000,079,881 | ---- | C] () -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\306267_10150356375324328_571409327_9747480_5148532_n.jpg
[2011/09/01 08:09:09 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\MBR.dat
[2011/08/31 22:16:28 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2011/08/31 20:54:50 | 000,018,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/08/29 23:21:21 | 000,002,006 | ---- | C] () -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\attach.zip
[2011/08/29 23:12:39 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Hoofdgebruiker\Menu Start\Programma's\Opstarten\ERUNT AutoBackup.lnk
[2011/08/29 23:12:32 | 000,000,496 | ---- | C] () -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\ERUNT.lnk
[2011/08/19 21:56:34 | 000,000,426 | ---- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for Hoofdgebruiker.job
[2011/08/03 16:00:05 | 000,016,384 | -H-- | C] () -- C:\WINDOWS\$NtUninstallKB2423089$
[2010/07/22 20:01:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Barbie Magic Hair Styler.INI
[2010/07/02 20:12:03 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/10 16:37:11 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cgminivw.ini
[2009/08/10 16:31:05 | 000,000,103 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2009/08/10 16:30:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\GSP_APRG.INI
[2009/01/05 12:21:00 | 000,000,578 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/12/29 20:21:15 | 000,000,101 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/12/29 19:35:39 | 000,000,730 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI
[2008/03/08 11:19:05 | 000,000,369 | ---- | C] () -- C:\WINDOWS\capture.ini
[2008/01/28 17:30:12 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/01/13 16:51:27 | 000,428,904 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2007/10/17 16:01:43 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/10/05 13:29:46 | 000,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/10/05 13:29:46 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/10/05 13:29:26 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2007/10/05 13:29:26 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2007/01/18 18:17:16 | 000,000,115 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/01/15 14:51:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/01/04 09:11:32 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Hoofdgebruiker\Local Settings\Application Data\fusioncache.dat
[2006/07/23 11:07:02 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/07/23 11:06:56 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/18 19:21:12 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/03/20 20:08:38 | 000,000,674 | ---- | C] () -- C:\WINDOWS\CheckIt.INI
[2005/12/10 09:52:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/11/06 15:17:25 | 000,000,150 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2005/07/23 17:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/07/14 00:33:16 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/05/29 20:17:28 | 000,000,481 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/03/12 12:15:22 | 000,000,419 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2005/02/26 11:38:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\syscheck.INI
[2005/02/21 16:33:21 | 000,000,043 | ---- | C] () -- C:\WINDOWS\CDSEUNST.INI
[2004/12/07 16:29:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2004/10/21 01:26:34 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/05 14:35:04 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\Asfv2.dll
[2004/08/03 17:19:52 | 000,000,609 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2004/07/23 18:10:41 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Hoofdgebruiker\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/06/25 15:42:47 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/06/23 12:21:38 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/23 08:52:21 | 000,000,456 | R--- | C] () -- C:\WINDOWS\System32\pthsp.dat
[2004/06/22 10:18:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/06/22 10:12:32 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/06/22 09:04:01 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/06/22 09:03:00 | 000,280,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/04/08 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/04/08 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/04/08 12:00:00 | 000,508,910 | ---- | C] () -- C:\WINDOWS\System32\perfh013.dat
[2003/04/08 12:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/04/08 12:00:00 | 000,318,670 | ---- | C] () -- C:\WINDOWS\System32\perfi013.dat
[2003/04/08 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/04/08 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/04/08 12:00:00 | 000,090,586 | ---- | C] () -- C:\WINDOWS\System32\perfc013.dat
[2003/04/08 12:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/04/08 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/04/08 12:00:00 | 000,039,178 | ---- | C] () -- C:\WINDOWS\System32\perfd013.dat
[2003/04/08 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/04/08 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/04/08 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2003/04/08 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/07/05 12:00:00 | 000,065,890 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
========== LOP Check ==========
[2005/02/16 11:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/07/22 11:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quantum Intech
[2007/10/05 12:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/09/12 08:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/05/08 16:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/05/08 16:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/28 20:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/09/02 20:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2011/08/28 21:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2007/10/05 13:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2011/07/23 11:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hoofdgebruiker\Application Data\iBurst
[2005/07/30 15:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hoofdgebruiker\Application Data\Leadertech
[2005/12/10 10:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hoofdgebruiker\Application Data\Canon
[2006/02/13 09:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hoofdgebruiker\Application Data\SmartDraw
[2006/04/28 14:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hoofdgebruiker\Application Data\HTML Executable
[2006/05/04 21:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hoofdgebruiker\Application Data\Tele2
[2007/10/05 12:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hoofdgebruiker\Application Data\iolo
[2007/12/17 09:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hoofdgebruiker\Application Data\Macroworks
[2010/05/08 16:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hoofdgebruiker\Application Data\PC Suite
[2010/05/08 16:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hoofdgebruiker\Application Data\Nokia
[2010/05/08 16:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hoofdgebruiker\Application Data\Datalayer
========== Purity Check ==========
< End of report >
hellocae
2011-09-01, 22:17
OTL Extras logfile created on: 2011/09/01 09:55:19 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Hoofdgebruiker\Bureaublad
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001C09 | Country: Zuid-Afrika | Language: ENS | Date Format: yyyy/MM/dd
767.48 Mb Total Physical Memory | 428.76 Mb Available Physical Memory | 55.87% Memory free
1.08 Gb Paging File | 0.63 Gb Available in Paging File | 57.79% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 5.37 Gb Free Space | 18.34% Space Free | Partition Type: FAT32
Drive D: | 1.55 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 10.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: DUPLESSI-DW702L | User Name: Hoofdgebruiker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-776561741-1229272821-725345543-1004\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5
"C:\Program Files\Parlino\Parlino.exe" = C:\Program Files\Parlino\Parlino.exe:*:Enabled:Parlino
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}" = Microsoft .NET Framework 1.1 Dutch Language Pack
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{47E09785-B2FB-11D5-B8EE-00B0D0D26B88}" = Net MD Simple Burner
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{797E599D-F9F7-4CA9-8323-79BA07E20CFD}" = iBurst Dashboard V2
"{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}" = Camera Window DS
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90133000-1F11-4819-B708-9DF0870A9C54}" = iBurst Terminal
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A6B0E526-D1E8-11D5-AA2E-0008C760B784}" = Disney's Peter Pan Avonturen in Nooitgedachtland
"{A6FFB28C-D49B-4538-B3A7-9783A5C771DD}" = Norton Security Scan
"{A70D14C6-FF2C-4B8E-A643-7E74EC607614}" = Camera Window DVC
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E73534D5-CC93-4C63-9072-5A9734255C74}" = Camera Window MC
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-uitbreiding voor de wizard Cd branden van Microsoft Windows XP
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"ERUNT_is1" = ERUNT 1.1j
"HTMLExecutableHVRuntimeSetup67" = HTML Executable HTML Viewer Runtime
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Installing HSP56 MicroModem Drivers" = HSP56 MR Drivers
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{A70D14C6-FF2C-4B8E-A643-7E74EC607614}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{E73534D5-CC93-4C63-9072-5A9734255C74}" = Canon Camera Window for ZoomBrowser EX
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"McAfee Uninstall Utility" = McAfee Uninstall Wizard
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee Internet Security
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MTN F@stLink" = MTN F@stLink
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSSSetup.{A6FFB28C-D49B-4538-B3A7-9783A5C771DD}" = Norton Security Scan (Symantec Corporation)
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"SiS7012" = SiS Audio Driver
"ToolBand.SkypeIEToolbarToolbar" = Skype add-on for IE
"Video Player1.0" = Video Player1.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2011/08/28 07:19:55 PM | Computer Name = DUPLESSI-DW702L | Source = .NET Runtime | ID = 1023
Description = .NET Runtime version 2.0.50727.3603 - Fatal Execution Engine Error
(7A09795E) (80131506)
Error - 2011/08/28 07:19:59 PM | Computer Name = DUPLESSI-DW702L | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application mscorsvw.exe, version 2.0.50727.3053, stamp 4889dc4b,
faulting module mscorwks.dll, version 2.0.50727.3603, stamp 4a7cd88e, debug? 0,
fault address 0x00003ed4.
Error - 2011/08/28 07:20:01 PM | Computer Name = DUPLESSI-DW702L | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.IdentityModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
. Error code = 0x800706be
Error - 2011/08/29 03:46:51 PM | Computer Name = DUPLESSI-DW702L | Source = PctSpk | ID = 0
Description =
Error - 2011/08/30 02:07:52 PM | Computer Name = DUPLESSI-DW702L | Source = PctSpk | ID = 0
Description =
Error - 2011/08/30 03:28:29 PM | Computer Name = DUPLESSI-DW702L | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: iexplore.exe, versie: 7.0.6000.17099, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.
Error - 2011/08/31 02:51:19 PM | Computer Name = DUPLESSI-DW702L | Source = PctSpk | ID = 0
Description =
Error - 2011/08/31 04:46:44 PM | Computer Name = DUPLESSI-DW702L | Source = PctSpk | ID = 0
Description =
Error - 2011/09/01 12:40:16 AM | Computer Name = DUPLESSI-DW702L | Source = PctSpk | ID = 0
Description =
Error - 2011/09/01 03:11:17 PM | Computer Name = DUPLESSI-DW702L | Source = PctSpk | ID = 0
Description =
[ System Events ]
Error - 2011/09/01 12:42:48 AM | Computer Name = DUPLESSI-DW702L | Source = Windows Update Agent | ID = 20
Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
foutcode 0x80070003: KB2418241: Beveiligingsupdate voor Microsoft .NET Framework
2.0 SP2 en 3.5 SP1 op Windows Server 2003 en Windows XP x86.
Error - 2011/09/01 12:42:48 AM | Computer Name = DUPLESSI-DW702L | Source = Windows Update Agent | ID = 20
Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
foutcode 0x80070003: KB2416473: Beveiligingsupdate voor Microsoft .NET Framework
3.5 SP1 op Windows XP, Windows Server 2003, Windows Vista en Windows Server 2008
x86.
Error - 2011/09/01 12:42:48 AM | Computer Name = DUPLESSI-DW702L | Source = Windows Update Agent | ID = 20
Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
foutcode 0x80070003: Security Update for CAPICOM (KB931906).
Error - 2011/09/01 12:42:48 AM | Computer Name = DUPLESSI-DW702L | Source = Windows Update Agent | ID = 20
Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
foutcode 0x80070003: Beveiligingsupdate voor Microsoft Silverlight (KB2512827).
Error - 2011/09/01 12:42:48 AM | Computer Name = DUPLESSI-DW702L | Source = Windows Update Agent | ID = 20
Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
foutcode 0x80070003: Beveiligingsupdate voor Microsoft .NET Framework 2.0 SP2 op
Windows Server 2003 en Windows XP x86 (KB2539631).
Error - 2011/09/01 12:42:48 AM | Computer Name = DUPLESSI-DW702L | Source = Windows Update Agent | ID = 20
Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
foutcode 0x80070003: KB2518864: Beveiligingsupdate voor .NET Framework 2.0 SP2
en 3.5 SP1 op Windows Server 2003 en Windows XP x86.
Error - 2011/09/01 03:11:14 PM | Computer Name = DUPLESSI-DW702L | Source = Service Control Manager | ID = 7000
Description = De iolo FileInfoList Service-service kan vanwege de volgende fout
niet worden gestart: %%2
Error - 2011/09/01 03:11:14 PM | Computer Name = DUPLESSI-DW702L | Source = Service Control Manager | ID = 7000
Description = De iolo System Service-service kan vanwege de volgende fout niet worden
gestart: %%2
Error - 2011/09/01 03:12:30 PM | Computer Name = DUPLESSI-DW702L | Source = Service Control Manager | ID = 7022
Description = De McAfee VirusScan Announcer-service is bij het starten vastgelopen.
Error - 2011/09/01 03:12:30 PM | Computer Name = DUPLESSI-DW702L | Source = Service Control Manager | ID = 7026
Description = De volgende opstartstuurprogramma's zijn niet geladen: szkg5 szkgfs
< End of report >
Thanks so much
Hellocae
:thanks:
Hi,
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
:Services
:Reg
:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
hellocae
2011-09-02, 09:25
:thanks:
All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Windows IP-configuratie
Er kan geen enkele bewerking op LAN-verbinding worden uitgevoerd als het medium ervan niet
is aangesloten.
C:\Documents and Settings\Hoofdgebruiker\Bureaublad\cmd.bat deleted successfully.
C:\Documents and Settings\Hoofdgebruiker\Bureaublad\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP-configuratie
Er kan geen enkele bewerking op LAN-verbinding worden uitgevoerd als het medium ervan niet
is aangesloten.
C:\Documents and Settings\Hoofdgebruiker\Bureaublad\cmd.bat deleted successfully.
C:\Documents and Settings\Hoofdgebruiker\Bureaublad\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP-configuratie
De DNS-omzettingscache is leeggemaakt.
C:\Documents and Settings\Hoofdgebruiker\Bureaublad\cmd.bat deleted successfully.
C:\Documents and Settings\Hoofdgebruiker\Bureaublad\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 83 bytes
User: All Users
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 420240 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 10278 bytes
User: Hoofdgebruiker
->Temp folder emptied: 547605 bytes
->Temporary Internet Files folder emptied: 11244090 bytes
->Java cache emptied: 21034810 bytes
->Flash cache emptied: 4852120 bytes
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1100105 bytes
%systemroot%\System32 .tmp files removed: 187392 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2173128 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64761194 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33237 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 102.00 mb
OTL by OldTimer - Version 3.2.27.0 log created on 09022011_091018
Files\Folders moved on Reboot...
C:\Documents and Settings\Hoofdgebruiker\Local Settings\Temp\~DF6DC5.tmp moved successfully.
C:\Documents and Settings\Hoofdgebruiker\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
C:\Documents and Settings\Hoofdgebruiker\Local Settings\Temporary Internet Files\Content.IE5\4C7A5EI0\showthread[1].htm moved successfully.
Registry entries deleted on Reboot...
hellocae
2011-09-02, 09:34
OTL logfile created on: 2011/09/02 09:25:40 AM - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Hoofdgebruiker\Bureaublad
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001C09 | Country: Zuid-Afrika | Language: ENS | Date Format: yyyy/MM/dd
767.48 Mb Total Physical Memory | 456.70 Mb Available Physical Memory | 59.51% Memory free
1.08 Gb Paging File | 0.64 Gb Available in Paging File | 59.41% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 5.42 Gb Free Space | 18.52% Space Free | Partition Type: FAT32
Drive D: | 1.55 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 10.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: DUPLESSI-DW702L | User Name: Hoofdgebruiker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Hoofdgebruiker\Bureaublad\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\MTN F@stLink\MTN F@stLink.exe ()
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\slserv.exe (Smart Link)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\iBurst Dashboard V2\DashboardLauncher.exe (iBurst)
PRC - C:\Program Files\SiteAdvisor\6253\SiteAdv.exe (McAfee, Inc.)
PRC - C:\Program Files\iBurst Terminal\iBurst_Terminal_UTL.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Program Files\MTN F@stLink\MTN F@stLink.exe ()
MOD - C:\Program Files\MTN F@stLink\LocaleMgrPlugin.dll ()
MOD - C:\Program Files\MTN F@stLink\SMSPlugin.dll ()
MOD - C:\Program Files\MTN F@stLink\NotifyServicePlugin.dll ()
MOD - C:\Program Files\MTN F@stLink\ConfigFilePlugin.dll ()
MOD - C:\Program Files\MTN F@stLink\DeviceMgrPlugin.dll ()
MOD - C:\Program Files\MTN F@stLink\NetInfoPlugin.dll ()
MOD - C:\Program Files\MTN F@stLink\DialUpPlugin.dll ()
MOD - C:\Program Files\MTN F@stLink\DeviceMgrUIPlugin.dll ()
MOD - C:\Program Files\MTN F@stLink\NDISAPI.dll ()
MOD - C:\Program Files\MTN F@stLink\atcomm.dll ()
MOD - C:\Program Files\MTN F@stLink\DetectDev.dll ()
MOD - C:\Program Files\MTN F@stLink\DeviceOperate.dll ()
MOD - C:\Program Files\MTN F@stLink\XCodec.dll ()
MOD - C:\Program Files\MTN F@stLink\FileManager.dll ()
MOD - C:\Program Files\MTN F@stLink\isaputrace.dll ()
MOD - C:\Program Files\SiteAdvisor\6253\saHook.dll ()
MOD - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll ()
MOD - C:\Program Files\iBurst Terminal\iBurst_Terminal_UTL.exe ()
MOD - c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_nl_b77a5c561934e089\mscorlib.resources.dll ()
MOD - c:\windows\assembly\gac\system.drawing.resources\1.0.5000.0_nl_b03f5f7f11d50a3a\system.drawing.resources.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll ()
========== Win32 Services (SafeList) ==========
SRV - (ioloSystemService) -- File not found
SRV - (ioloFileInfoList) -- File not found
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe (Smart Link)
========== Driver Services (SafeList) ==========
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (iBurstu) -- C:\WINDOWS\system32\drivers\iBurstu.sys (KYOCERA CORPORATION)
DRV - (BulkUsb) -- C:\WINDOWS\system32\drivers\VoIPUSBDriver.sys (Windows (R) Server 2003 DDK provider)
DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Smart Link)
DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys (Smart Link)
DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys (Smart Link)
DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys (Smart Link)
DRV - (RecAgent) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys (Smart Link)
DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys (Smart Link)
DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys (Smart Link)
DRV - (rtl8139) NT-stuurprogramma voor Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (SiS7012) Service for AC'97 Sample Driver (WDM) -- C:\WINDOWS\system32\drivers\sis7012.sys (Silicon Integrated Systems Corporation)
DRV - (Ptserial) -- C:\WINDOWS\system32\drivers\ptserial.sys (PCTEL, INC.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (NETMDUSB) -- C:\WINDOWS\system32\drivers\NETMDUSB.sys (Sony Corporation)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (Vpctcom) -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys (PCtel, Inc.)
DRV - (Vvoice) -- C:\WINDOWS\System32\DRIVERS\vvoice.sys (PCtel, Inc.)
DRV - (Vmodem) -- C:\WINDOWS\System32\DRIVERS\vmodem.sys (PCTEL, INC.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.unisa.ac.za/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Hoofdgebruiker\Application Data\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6261\FF\ [2008/05/22 14:17:22 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2011/09/02 09:10:24 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No CLSID value found.
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110819220952.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCTVOICE] C:\WINDOWS\System32\pctspk.exe (PCtel, Inc.)
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe (McAfee, Inc.)
O4 - HKCU..\Run: [Mobile Partner] C:\Program Files\MTN F@stLink\MTN F@stLink.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Dashboard Launcher.lnk = C:\WINDOWS\Installer\{797E599D-F9F7-4CA9-8323-79BA07E20CFD}\Icon797E599D.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\iBurst_Terminal UTL.lnk = C:\Program Files\iBurst Terminal\iBurst_Terminal_UTL.exe ()
O4 - Startup: C:\Documents and Settings\Hoofdgebruiker\Menu Start\Programma's\Opstarten\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - Reg Error: Key error. File not found
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} http://secure.ingbank.nl/download/DigiSign.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F5344DB-3D7A-4B51-99D7-D410CD31CA8C}: NameServer = 209.212.96.1 209.212.97.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C368668-5C78-4A3A-B428-8210CB60FD91}: NameServer = 196.25.255.34,196.25.255.3
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Hoofdgebruiker\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hoofdgebruiker\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/06/22 10:15:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/06/09 03:25:10 | 000,000,175 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/11/07 17:41:52 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3fd27404-c51e-11e0-b0d1-0020edb86747}\Shell - "" = AutoRun
O33 - MountPoints2\{3fd27404-c51e-11e0-b0d1-0020edb86747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{3fd27405-c51e-11e0-b0d1-0020edb86747}\Shell - "" = AutoRun
O33 - MountPoints2\{3fd27405-c51e-11e0-b0d1-0020edb86747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{642e897c-c57e-11e0-b0d2-0020edb86747}\Shell - "" = AutoRun
O33 - MountPoints2\{642e897c-c57e-11e0-b0d2-0020edb86747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d188eac0-c115-11e0-b0c8-0020edb86747}\Shell - "" = AutoRun
O33 - MountPoints2\{d188eac0-c115-11e0-b0c8-0020edb86747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dbc369de-beae-11e0-b0c4-0020edb86747}\Shell - "" = AutoRun
O33 - MountPoints2\{dbc369de-beae-11e0-b0c4-0020edb86747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dbc369df-beae-11e0-b0c4-0020edb86747}\Shell - "" = AutoRun
O33 - MountPoints2\{dbc369df-beae-11e0-b0c4-0020edb86747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e1bf8e64-bdda-11e0-b0c3-0020edb86747}\Shell - "" = AutoRun
O33 - MountPoints2\{e1bf8e64-bdda-11e0-b0c3-0020edb86747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e1bf8e65-bdda-11e0-b0c3-0020edb86747}\Shell - "" = AutoRun
O33 - MountPoints2\{e1bf8e65-bdda-11e0-b0c3-0020edb86747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ef200b6e-2868-11df-af50-0020edb86747}\Shell - "" = AutoRun
O33 - MountPoints2\{ef200b6e-2868-11df-af50-0020edb86747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ef200b6f-2868-11df-af50-0020edb86747}\Shell - "" = AutoRun
O33 - MountPoints2\{ef200b6f-2868-11df-af50-0020edb86747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ef200b71-2868-11df-af50-0020edb86747}\Shell - "" = AutoRun
O33 - MountPoints2\{ef200b71-2868-11df-af50-0020edb86747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2011/09/02 09:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\McAfee
[2011/09/02 09:10:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/01 21:54:13 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\OTL.exe
[2011/08/31 22:26:39 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\aswMBR.exe
[2011/08/31 22:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hoofdgebruiker\Application Data\Malwarebytes
[2011/08/31 22:16:27 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/31 22:16:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware
[2011/08/31 22:16:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/31 22:16:18 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/31 22:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/29 23:14:28 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\dds.scr
[2011/08/29 23:13:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/29 23:12:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\ERUNT
[2011/08/29 23:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/08/29 23:11:13 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\erunt-setup.exe
[2011/08/29 21:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hoofdgebruiker\Local Settings\Application Data\PCHealth
[2011/08/28 22:59:54 | 000,017,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011/08/28 22:59:53 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011/08/28 22:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office
[2011/08/28 21:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2011/08/28 21:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/08/28 21:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/08/28 21:51:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hoofdgebruiker\Local Settings\Application Data\Microsoft Help
[2011/08/28 21:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/08/28 21:42:44 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/08/28 21:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/08/28 21:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011/08/19 21:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Norton Security Scan
[2011/08/17 19:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\cae - DONT DELETE VELVET!!!!
[2011/08/12 22:05:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\MTN F@stLink
[2011/08/12 22:05:33 | 000,621,056 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2011/08/12 22:05:33 | 000,112,640 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2011/08/12 22:05:33 | 000,102,656 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbfake.sys
[2011/08/12 22:05:33 | 000,102,400 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2011/08/12 22:05:33 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2011/08/03 15:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hoofdgebruiker\Mijn documenten\My Digital Editions
[2004/09/08 09:47:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL
========== Files - Modified Within 30 Days ==========
[2011/09/02 09:14:26 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/02 09:14:20 | 000,003,873 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/09/02 09:14:16 | 000,002,331 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Dashboard Launcher.lnk
[2011/09/02 09:13:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/01 21:54:08 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\OTL.exe
[2011/09/01 09:09:54 | 000,079,881 | ---- | M] () -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\306267_10150356375324328_571409327_9747480_5148532_n.jpg
[2011/09/01 08:09:10 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\MBR.dat
[2011/08/31 22:26:32 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\aswMBR.exe
[2011/08/31 22:16:30 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2011/08/31 21:15:32 | 000,018,424 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/08/29 23:21:22 | 000,002,006 | ---- | M] () -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\attach.zip
[2011/08/29 23:14:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\dds.scr
[2011/08/29 23:12:40 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\Hoofdgebruiker\Menu Start\Programma's\Opstarten\ERUNT AutoBackup.lnk
[2011/08/29 23:12:34 | 000,000,496 | ---- | M] () -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\ERUNT.lnk
[2011/08/29 23:11:14 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\erunt-setup.exe
[2011/08/28 22:35:46 | 000,280,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/28 19:19:22 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Hoofdgebruiker\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/24 18:00:04 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Hoofdgebruiker.job
[2011/08/10 22:02:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/03 16:00:06 | 000,016,384 | -H-- | M] () -- C:\WINDOWS\$NtUninstallKB2423089$
========== Files Created - No Company Name ==========
[2011/09/01 09:10:17 | 000,079,881 | ---- | C] () -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\306267_10150356375324328_571409327_9747480_5148532_n.jpg
[2011/09/01 08:09:09 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\MBR.dat
[2011/08/31 22:16:28 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2011/08/31 20:54:50 | 000,018,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/08/29 23:21:21 | 000,002,006 | ---- | C] () -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\attach.zip
[2011/08/29 23:12:39 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Hoofdgebruiker\Menu Start\Programma's\Opstarten\ERUNT AutoBackup.lnk
[2011/08/29 23:12:32 | 000,000,496 | ---- | C] () -- C:\Documents and Settings\Hoofdgebruiker\Bureaublad\ERUNT.lnk
[2011/08/19 21:56:34 | 000,000,426 | ---- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for Hoofdgebruiker.job
[2011/08/03 16:00:05 | 000,016,384 | -H-- | C] () -- C:\WINDOWS\$NtUninstallKB2423089$
[2010/07/22 20:01:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Barbie Magic Hair Styler.INI
[2010/07/02 20:12:03 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/10 16:37:11 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cgminivw.ini
[2009/08/10 16:31:05 | 000,000,103 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2009/08/10 16:30:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\GSP_APRG.INI
[2009/01/05 12:21:00 | 000,000,578 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/12/29 20:21:15 | 000,000,101 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/12/29 19:35:39 | 000,000,730 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI
[2008/03/08 11:19:05 | 000,000,369 | ---- | C] () -- C:\WINDOWS\capture.ini
[2008/01/28 17:30:12 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/01/13 16:51:27 | 000,428,904 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2007/10/17 16:01:43 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/10/05 13:29:46 | 000,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/10/05 13:29:46 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/10/05 13:29:26 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2007/10/05 13:29:26 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2007/01/18 18:17:16 | 000,000,115 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/01/15 14:51:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/01/04 09:11:32 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Hoofdgebruiker\Local Settings\Application Data\fusioncache.dat
[2006/07/23 11:07:02 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/07/23 11:06:56 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/18 19:21:12 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/03/20 20:08:38 | 000,000,674 | ---- | C] () -- C:\WINDOWS\CheckIt.INI
[2005/12/10 09:52:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/11/06 15:17:25 | 000,000,150 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2005/07/23 17:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/07/14 00:33:16 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/05/29 20:17:28 | 000,000,481 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/03/12 12:15:22 | 000,000,419 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2005/02/26 11:38:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\syscheck.INI
[2005/02/21 16:33:21 | 000,000,043 | ---- | C] () -- C:\WINDOWS\CDSEUNST.INI
[2004/12/07 16:29:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2004/10/21 01:26:34 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/05 14:35:04 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\Asfv2.dll
[2004/08/03 17:19:52 | 000,000,609 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2004/07/23 18:10:41 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Hoofdgebruiker\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/06/25 15:42:47 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/06/23 12:21:38 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/23 08:52:21 | 000,000,456 | R--- | C] () -- C:\WINDOWS\System32\pthsp.dat
[2004/06/22 10:18:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/06/22 10:12:32 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/06/22 09:04:01 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/06/22 09:03:00 | 000,280,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/04/08 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/04/08 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/04/08 12:00:00 | 000,508,910 | ---- | C] () -- C:\WINDOWS\System32\perfh013.dat
[2003/04/08 12:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/04/08 12:00:00 | 000,318,670 | ---- | C] () -- C:\WINDOWS\System32\perfi013.dat
[2003/04/08 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/04/08 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/04/08 12:00:00 | 000,090,586 | ---- | C] () -- C:\WINDOWS\System32\perfc013.dat
[2003/04/08 12:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/04/08 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/04/08 12:00:00 | 000,039,178 | ---- | C] () -- C:\WINDOWS\System32\perfd013.dat
[2003/04/08 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/04/08 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/04/08 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2003/04/08 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/07/05 12:00:00 | 000,065,890 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
< End of report >
:thanks:
Hi,
There is a leftover entry for Norton that we need to fix, I am also seeing that your Internet Explorer start page is locked and you have no access to the IE options setting, did you set these ? Looks like you also have no access to the windows control panel. We can fix these unless you set them yourself, let me know
How are the redirects, have they stopped ??
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
hellocae
2011-09-06, 09:24
Hi there - sorry for the late reply I ran that software and it found nothing this was the result...
When I try google sometimes it does open the link and other times not - puzzling :) :confused:
:thanks:
Hi, lets try this
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
hellocae
2011-09-06, 12:13
:thanks:
ComboFix 11-09-06.01 - Hoofdgebruiker 2011/09/06 11:41:17.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.27.1043.18.767.471 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Hoofdgebruiker\Bureaublad\ComboFix.exe
AV: McAfeeAntivirus en antispyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfeeFirewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Nieuw herstelpunt werd aangemaakt
* Aanwezig AV is actief
.
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Hoofdgebruiker\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Hoofdgebruiker\Local Settings\Application Data\ApplicationHistory\Dashboard.4c4b5647.ini
c:\documents and settings\Hoofdgebruiker\Local Settings\Application Data\ApplicationHistory\Dashboard.4c4b5647.ini.inuse
c:\documents and settings\Hoofdgebruiker\Local Settings\Application Data\ApplicationHistory\DashboardLauncher.exe.4c4b5647.ini
c:\documents and settings\Hoofdgebruiker\Local Settings\Application Data\ApplicationHistory\DashboardLauncher.exe.4c4b5647.ini.inuse
c:\documents and settings\Hoofdgebruiker\Local Settings\Application Data\ApplicationHistory\mcshell.exe.9039d39.ini
c:\documents and settings\Hoofdgebruiker\Local Settings\Application Data\ApplicationHistory\SL233.tmp.22ce4ae2.ini
c:\documents and settings\Hoofdgebruiker\Local Settings\Application Data\ApplicationHistory\SL3D.tmp.95f7b153.ini
c:\documents and settings\Hoofdgebruiker\Local Settings\Application Data\ApplicationHistory\SL52.tmp.7e25e59f.ini
c:\documents and settings\Hoofdgebruiker\Local Settings\Application Data\ApplicationHistory\SL7.tmp.b9d195a7.ini
c:\documents and settings\Hoofdgebruiker\Local Settings\Application Data\ApplicationHistory\UnamePassModule.exe.a84f0928.ini
c:\documents and settings\Hoofdgebruiker\Onlangs geopend\Thumbs.db
c:\documents and settings\Hoofdgebruiker\System
c:\documents and settings\Hoofdgebruiker\System\win_qs7.jqx
c:\documents and settings\Hoofdgebruiker\WINDOWS
c:\windows\IsUn0413.exe
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\unin0413.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-08-06 to 2011-09-06 ))))))))))))))))))))))))))))))
.
.
2011-09-06 09:55 . 2011-09-06 09:55 -------- d-----w- c:\documents and settings\Hoofdgebruiker\Local Settings\Application Data\ApplicationHistory
2011-09-06 07:20 . 2011-09-06 07:20 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee
2011-09-02 20:53 . 2011-09-02 20:53 -------- d-----w- c:\program files\ESET
2011-09-02 07:10 . 2011-09-02 07:10 -------- d-----w- C:\_OTL
2011-08-31 20:16 . 2011-08-31 20:16 -------- d-----w- c:\documents and settings\Hoofdgebruiker\Application Data\Malwarebytes
2011-08-31 20:16 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-31 20:16 . 2011-08-31 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-31 20:16 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 20:16 . 2011-08-31 20:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-29 21:12 . 2011-08-29 21:12 -------- d-----w- c:\program files\ERUNT
2011-08-29 19:50 . 2011-08-29 19:50 -------- d-----w- c:\documents and settings\Hoofdgebruiker\Local Settings\Application Data\PCHealth
2011-08-28 20:59 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-08-28 20:59 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-08-28 19:58 . 2011-08-28 19:58 -------- d-----w- c:\documents and settings\All Users\Microsoft
2011-08-28 19:58 . 2011-08-28 19:58 -------- d-----w- c:\program files\Microsoft.NET
2011-08-28 19:52 . 2011-08-28 19:52 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-08-28 19:51 . 2011-08-28 19:51 -------- d-----w- c:\documents and settings\Hoofdgebruiker\Local Settings\Application Data\Microsoft Help
2011-08-28 19:48 . 2011-08-28 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2011-08-28 19:42 . 2011-08-28 19:42 -------- d-----r- C:\MSOCache
2011-08-28 19:38 . 2011-08-28 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-08-28 19:18 . 2011-08-28 19:18 -------- d-----w- c:\program files\MSXML 6.0
2011-08-12 20:05 . 2009-02-17 18:34 112640 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-08-12 20:05 . 2008-12-30 09:55 102656 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2011-08-12 20:05 . 2008-12-13 09:26 102400 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-08-12 20:05 . 2008-04-14 07:36 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-08-12 20:05 . 2007-08-09 02:13 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2003-04-08 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2003-04-08 10:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2004-06-22 08:11 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:37 . 2004-08-23 18:35 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:37 . 2004-08-04 08:03 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:37 . 2003-04-08 10:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:37 . 2003-04-08 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-06-21 11:47 . 2004-08-04 07:55 389120 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2003-04-08 10:00 293888 ----a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mobile Partner"="c:\program files\MTN F@stLink\MTN F@stLink.exe" [2011-08-12 110592]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCTVOICE"="pctspk.exe" [2002-11-04 86016]
"NeroCheck"="c:\windows\System32\NeroCheck.exe" [2001-08-06 155648]
"SiteAdvisor"="c:\program files\SiteAdvisor\6253\SiteAdv.exe" [2006-12-20 36952]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-04-23 3756032]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-07-13 1312384]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Hoofdgebruiker\Menu Start\Programma's\Opstarten\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Dashboard Launcher.lnk - c:\windows\Installer\{797E599D-F9F7-4CA9-8323-79BA07E20CFD}\Icon797E599D.exe [2011-7-23 8192]
iBurst_Terminal UTL.lnk - c:\program files\iBurst Terminal\iBurst_Terminal_UTL.EXE [2011-7-23 311296]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010/08/04 04:10 PM 89368]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010/08/04 04:10 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010/08/04 04:10 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [2010/08/04 04:11 PM 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010/08/04 04:10 PM 148520]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010/08/04 04:10 PM 57432]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010/08/04 04:10 PM 337912]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010/08/04 04:10 PM 83688]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2003/04/08 09:56 AM 820133]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S2 0234911315301155mcinstcleanup;McAfee Application Installer Cleanup (0234911315301155);c:\windows\TEMP\023491~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\023491~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S3 BulkUsb;VoIPUSBDriver.sys;c:\windows\system32\drivers\VoIPUSBDriver.sys [2005/10/12 08:22 AM 149504]
S3 iBurstu;iBurst Terminal;c:\windows\system32\drivers\iBurstu.sys [2011/07/23 12:02 PM 37362]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011/08/31 10:16 PM 41272]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010/01/15 02:49 PM 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010/08/04 04:10 PM 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010/08/04 04:10 PM 85984]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010/01/09 09:37 PM 4640000]
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - 0234911315301155MCINSTCLEANUP
*Deregistered* - mfeavfk01
.
Inhoud van de 'Gedeelde Taken' map
.
2011-08-24 c:\windows\Tasks\Norton Security Scan for Hoofdgebruiker.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 02:18]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://my.unisa.ac.za/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: Interfaces\{5F5344DB-3D7A-4B51-99D7-D410CD31CA8C}: NameServer = 209.212.96.1 209.212.97.1
TCP: Interfaces\{7C368668-5C78-4A3A-B428-8210CB60FD91}: NameServer = 196.25.255.34,196.25.255.3
DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} - hxxp://secure.ingbank.nl/download/DigiSign.cab
.
.
------- Bestandsassociaties -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS VERWIJDERD - - - -
.
Notify-TPSvc - TPSvc.dll
AddRemove-McAfee Uninstall Utility - c:\progra~1\McAfee.com\Shared\mcappins.exe
AddRemove-SiS7012 - c:\program files\SiS7012\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7012
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-06 11:54
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-776561741-1229272821-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(2980)
c:\program files\SiteAdvisor\6253\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\iBurst Dashboard V2\DashboardLauncher.exe
.
**************************************************************************
.
Voltooingstijd: 2011-09-06 12:01:06 - machine werd herstart
ComboFix-quarantined-files.txt 2011-09-06 10:01
.
Pre-Run: 5,109,202,944 bytes beschikbaar
Post-Run: 5,182,685,184 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 65799D43CEDD4DEF5CA3D446E863E57F
Hi,
You need to help me out here.
Andere Verwijderingen <--I assume this means these have been deleted ??
hellocae
2011-09-06, 21:30
Yes I suppose thats the crux of it - DUTCH?!? :confused::laugh:
A friend of mine gave me the pc, loosely translated to other and removed
Been trying to google a way to change the language settings :S
:thanks: for all your help thus far.
When where done I will link you to a windows forum for help converting to English.
How are the redirects ?
hellocae
2011-09-07, 10:09
Hi I've just tried google a few times and it seems to be working normally again, thank you so much!
Great, glad things are back to normal
Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
hellocae
2011-09-09, 10:13
:bigthumb:Perfect, thanks Ken :) great to be :spider:-free
Please could you send me the link you mentioned that could help me with my Dutch/English problem? I don't have the windows disk anymore - and I thought you could only change it with the disk.
It will certainly help having it all in English :D
Many Thanks
Cae
Good Morning,
You could try one of these sites
http://forums.whatthetech.com/index.php?showforum=119
http://forums.pcpitstop.com/index.php?/forum/3-user-to-user-help/
Good Luck
Ken :)
hellocae
2011-09-09, 22:20
Thanks so much :)