Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

slow internet browser after trojan infection [RESOLVED]


  • This topic is locked This topic is locked

#1
Dreagan

Dreagan

    Member

  • Member
  • PipPip
  • 10 posts
Hi,

About a month ago I got hit by a trojan. It rapidly infected my entire computer, when I had no luck removing it with avg 8.0 and Ad-aware SE Personal. It came to the point that everything browser related became extremely slow. IE opened without warning and gave pop-ups, firefox closed with errors after a few minutes, and opera was just slow. All three browsers became too slow to actually open a website.
Then a friend recommended installing Zone-alarm, which helped speed things up a bit, but it didn't help recover my initial speed.
later on I downloaded spybot - search and destroy, which I ran once every few days since about 2 weeks now. It always gives tracking cookies and a trojan, but everytime it is a different one..
The funny (but not really..) thing is that it has nothing to do with my internet connections, because once I get to a website and I (for example) download a file, it gets downloaded at maximum speed and doesn't have the delay as the problem is with the browser itself.
I have tried to re-install the browsers, but I guess that was too easy to be the answer.. -_-'

It would be great if anyone could figure out what is going on here..

Thank you in advance,


Dreagan


-------------------------------------------------------------------------------------------

hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:16:13, on 11/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Eigenaar\Bureaublad\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {91B4D338-BDF2-4690-87FD-A8FC7135C7FA} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O2 - BHO: (no name) - {FBD29C3C-C642-4843-A627-6E54A947B511} - (no file)
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.li...?v=13,0,1609,00
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lordmika.spac...ad/MsnPUpld.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-0000-0000-000000000000} - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0FAA0FA-6E97-4114-9468-32615484B153}: NameServer = 195.238.2.21,195.238.2.22
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10486 bytes



-------------------------------------------------------------------------------------------------

uninstall list:


2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Ableton Live v7.0.1
Ad-Aware SE Personal
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 7.0.9 - Nederlands
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe® Photoshop® Album Starter Edition 3.2
ASIO4ALL
ASUS WLAN Card Utilities/Driver
AVG 8.0
Beveiligingsupdate for Windows Media Player 10 (KB917734)
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615)
Beveiligingsupdate voor Windows Media Player (KB911564)
Beveiligingsupdate voor Windows Media Player 11 (KB936782)
Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)
Beveiligingsupdate voor Windows XP (KB890046)
Beveiligingsupdate voor Windows XP (KB893756)
Beveiligingsupdate voor Windows XP (KB896358)
Beveiligingsupdate voor Windows XP (KB896422)
Beveiligingsupdate voor Windows XP (KB896423)
Beveiligingsupdate voor Windows XP (KB896424)
Beveiligingsupdate voor Windows XP (KB896428)
Beveiligingsupdate voor Windows XP (KB899587)
Beveiligingsupdate voor Windows XP (KB899591)
Beveiligingsupdate voor Windows XP (KB900725)
Beveiligingsupdate voor Windows XP (KB901017)
Beveiligingsupdate voor Windows XP (KB901190)
Beveiligingsupdate voor Windows XP (KB901214)
Beveiligingsupdate voor Windows XP (KB902400)
Beveiligingsupdate voor Windows XP (KB903235)
Beveiligingsupdate voor Windows XP (KB904706)
Beveiligingsupdate voor Windows XP (KB905414)
Beveiligingsupdate voor Windows XP (KB905749)
Beveiligingsupdate voor Windows XP (KB905915)
Beveiligingsupdate voor Windows XP (KB908519)
Beveiligingsupdate voor Windows XP (KB911562)
Beveiligingsupdate voor Windows XP (KB911567)
Beveiligingsupdate voor Windows XP (KB911927)
Beveiligingsupdate voor Windows XP (KB912812)
Beveiligingsupdate voor Windows XP (KB912919)
Beveiligingsupdate voor Windows XP (KB913580)
Beveiligingsupdate voor Windows XP (KB914388)
Beveiligingsupdate voor Windows XP (KB914389)
Beveiligingsupdate voor Windows XP (KB916281)
Beveiligingsupdate voor Windows XP (KB917159)
Beveiligingsupdate voor Windows XP (KB917344)
Beveiligingsupdate voor Windows XP (KB917422)
Beveiligingsupdate voor Windows XP (KB917953)
Beveiligingsupdate voor Windows XP (KB918118)
Beveiligingsupdate voor Windows XP (KB918439)
Beveiligingsupdate voor Windows XP (KB918899)
Beveiligingsupdate voor Windows XP (KB919007)
Beveiligingsupdate voor Windows XP (KB920213)
Beveiligingsupdate voor Windows XP (KB920214)
Beveiligingsupdate voor Windows XP (KB920670)
Beveiligingsupdate voor Windows XP (KB920683)
Beveiligingsupdate voor Windows XP (KB920685)
Beveiligingsupdate voor Windows XP (KB921398)
Beveiligingsupdate voor Windows XP (KB921503)
Beveiligingsupdate voor Windows XP (KB921883)
Beveiligingsupdate voor Windows XP (KB922616)
Beveiligingsupdate voor Windows XP (KB922760)
Beveiligingsupdate voor Windows XP (KB922819)
Beveiligingsupdate voor Windows XP (KB923191)
Beveiligingsupdate voor Windows XP (KB923414)
Beveiligingsupdate voor Windows XP (KB923694)
Beveiligingsupdate voor Windows XP (KB923980)
Beveiligingsupdate voor Windows XP (KB924191)
Beveiligingsupdate voor Windows XP (KB924270)
Beveiligingsupdate voor Windows XP (KB924496)
Beveiligingsupdate voor Windows XP (KB924667)
Beveiligingsupdate voor Windows XP (KB925454)
Beveiligingsupdate voor Windows XP (KB925486)
Beveiligingsupdate voor Windows XP (KB925902)
Beveiligingsupdate voor Windows XP (KB926255)
Beveiligingsupdate voor Windows XP (KB926436)
Beveiligingsupdate voor Windows XP (KB927779)
Beveiligingsupdate voor Windows XP (KB927802)
Beveiligingsupdate voor Windows XP (KB928255)
Beveiligingsupdate voor Windows XP (KB928843)
Beveiligingsupdate voor Windows XP (KB929123)
Beveiligingsupdate voor Windows XP (KB930178)
Beveiligingsupdate voor Windows XP (KB931261)
Beveiligingsupdate voor Windows XP (KB931784)
Beveiligingsupdate voor Windows XP (KB932168)
Beveiligingsupdate voor Windows XP (KB933729)
Beveiligingsupdate voor Windows XP (KB935839)
Beveiligingsupdate voor Windows XP (KB935840)
Beveiligingsupdate voor Windows XP (KB936021)
Beveiligingsupdate voor Windows XP (KB938127)
Beveiligingsupdate voor Windows XP (KB938829)
Beveiligingsupdate voor Windows XP (KB941202)
Beveiligingsupdate voor Windows XP (KB941568)
Beveiligingsupdate voor Windows XP (KB941644)
Beveiligingsupdate voor Windows XP (KB941693)
Beveiligingsupdate voor Windows XP (KB943055)
Beveiligingsupdate voor Windows XP (KB943460)
Beveiligingsupdate voor Windows XP (KB943485)
Beveiligingsupdate voor Windows XP (KB944533)
Beveiligingsupdate voor Windows XP (KB944653)
Beveiligingsupdate voor Windows XP (KB945553)
Beveiligingsupdate voor Windows XP (KB946026)
Beveiligingsupdate voor Windows XP (KB948590)
Beveiligingsupdate voor Windows XP (KB948881)
Blaze Media Pro
CCleaner (remove only)
Comical 0.8
CoreAAC Audio Decoder (remove only)
Corona Visualization Plug-in for WMP
De klantenbelevenis verbeteren
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab Decrypter 3.0.9.6
Easy CD and DVD Cover Creator 4.0
Eenvoudige Internetaanmelding
Enhanced Multimedia Keyboard Solution
EvilLyrics
ffdshow [rev 1723] [2007-12-24]
Final Fantasy VII - Ultima Edition
getPlus®_ocx
Google Toolbar for Internet Explorer
GPL MPEG-1/2 DirectShow Decoder Filter
Guild Wars
Heroes of Might and Magic V Collector Edition
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix voor Windows Internet Explorer 7 (KB947864)
Hotfix voor Windows Media Player 11 (KB939683)
Hotfix voor Windows XP (KB893357)
Hotfix voor Windows XP (KB906569)
Hotfix voor Windows XP (KB914440)
HP Boot Optimizer
HP Deskjet Printer Preload
HP Document Viewer 5.3
HP DVD Play 1.0
HP Imaging Device Functions 6.0
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Premier Software 6.0
HP Photosmart-camera's 5.0
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
ideo v1.01
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1
JBrute
KB888111: High Definition Audio
KB898458: Beveiligingsupdate voor Step by Step Interactive Training
KB923723: Beveiligingsupdate voor Step by Step Interactive Training
Last.fm 1.4.2.58376
LightScribe System Software 1.12.29.2
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Dutch Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Language Pack - NLD
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0 Dutch Language Pack
Microsoft .NET Framework 3.0 Nederlands taalpakket
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.13)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Neopets
NoLimits Coasters 1.6 (remove only)
NVIDIA Drivers
oggcodecs 0.71.0946
Pakket voor de provider van Microsoft Base-smartcardcryptografieservice
PDF Settings
PowerCinema
PowerISO
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
RCT3 Soaked
RollerCoaster Tycoon 3
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Visio 2007 (KB947590)
SigmaTel MSCN Audio Player
SMPlayer 0.5.62
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SoulSeek Client 156c
Spybot - Search & Destroy
StuffPlug 3
StyleXP (remove only)
Switch Sound File Converter
Tag&Rename 3.4
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb949037)
Update voor Windows XP (KB898461)
Update voor Windows XP (KB900485)
Update voor Windows XP (KB904942)
Update voor Windows XP (KB908531)
Update voor Windows XP (KB910437)
Update voor Windows XP (KB911280)
Update voor Windows XP (KB916595)
Update voor Windows XP (KB920342)
Update voor Windows XP (KB920872)
Update voor Windows XP (KB922582)
Update voor Windows XP (KB925720)
Update voor Windows XP (KB925876)
Update voor Windows XP (KB927891)
Update voor Windows XP (KB929338)
Update voor Windows XP (KB930916)
Update voor Windows XP (KB931836)
Update voor Windows XP (KB933360)
Update voor Windows XP (KB938828)
Update voor Windows XP (KB942763)
Update voor Windows XP (KB942840)
VideoReady V0.5
Vista Visual Pack 7.0
WavePad Uninstall
Winamp
WindowBlinds
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (NLD)
Windows Workflow Foundation
Windows Workflow Foundation NL Language Pack
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
WinRAR archiver
XML Paper Specification Shared Components Language Pack 1.0
XviD MPEG-4 Video Codec
XviD MPEG4 Video Codec (remove only)
ZoneAlarm
Zoo Tycoon 2 - Dino Danger Pack

---------------------------------------------------------------------------
thank you for reading this at least.
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hi Dreagan and welcome to GTG.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O2 - BHO: (no name) - {91B4D338-BDF2-4690-87FD-A8FC7135C7FA} - (no file)
O2 - BHO: (no name) - {FBD29C3C-C642-4843-A627-6E54A947B511} - (no file)
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe


Locate the following Files/Fold

C:\Program Files\JavaCore\

Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
  • 0

#3
Dreagan

Dreagan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I followed your precise orders and will post the combofix log below, because you asked me to, and because it said so on the instruction page you gave me. Everything went fine and giving mozzilla firefox a first test run, it seems to be in pretty good shape again, which was the whole point I came here.
I don't know if it will stay this way, but I'll keep "testing" it all evening, if it goes wrong again, I will inform you immediately.

But for now, thank you very much, you saved me and my browsers a fight here.. ^^


Wishing you all the best,


Dreagan


------------------------------------------------------------------------------------------------

combofix log:

ComboFix 08-04-15.4 - HP_Eigenaar 2008-04-16 16:59:19.1 - NTFSx86
Gestart vanuit: C:\Documents and Settings\HP_Eigenaar\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\{09028~1
C:\Program Files\Common Files\{39028~1
C:\Program Files\JavaCore
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\nvcoi
C:\Program Files\nvcoi\mst.stt
C:\Program Files\Temporary
C:\WINDOWS\BM0a31bd52.xml
C:\WINDOWS\inf\uxgrafj.adm
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pskill.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICF
-------\Service_uxgrafj


(((((((((((((((((((( Bestanden Gemaakt van 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))
.

2008-04-14 19:33 . 2008-04-14 19:33 <DIR> d-------- C:\Program Files\Virtools
2008-04-07 18:12 . 2008-04-07 18:12 <DIR> d-------- C:\Program Files\NCH Software
2008-04-07 18:12 . 2008-04-07 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-04-07 18:10 . 2008-04-07 18:12 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-04-07 18:10 . 2008-04-07 18:12 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\NCH Swift Sound
2008-04-05 11:20 . 2008-03-13 23:11 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-04-04 22:06 . 2008-04-04 22:06 <DIR> d-------- C:\Program Files\Common Files\TiVo Shared
2008-04-04 22:04 . 2008-04-04 22:06 <DIR> d-------- C:\Program Files\Sonic
2008-04-04 22:04 . 2008-04-04 22:04 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2008-04-04 02:37 . 2008-04-04 02:37 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-04 02:21 . 2008-04-04 02:21 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-04-04 02:11 . 2008-04-04 02:20 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-04 02:10 . 2008-04-04 02:10 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-04 02:01 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-04 02:00 . 2008-04-09 23:24 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-04-04 01:00 . 2008-04-04 01:00 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\WinBatch
2008-04-02 21:30 . 2008-04-16 16:27 <DIR> dr-h----- C:\Documents and Settings\HP_Eigenaar\Onlangs geopend
2008-04-02 14:36 . 2008-04-16 16:03 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-02 14:36 . 2008-04-02 14:36 <DIR> d-------- C:\Program Files\AVG
2008-04-02 14:36 . 2008-04-02 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-02 14:36 . 2008-04-02 14:36 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-02 14:36 . 2008-04-02 14:36 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-04-02 14:36 . 2008-04-02 14:36 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-03-30 00:47 . 2008-04-16 10:04 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Tracing
2008-03-29 22:33 . 2008-03-29 22:33 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-20 19:29 . 2008-03-29 22:13 <DIR> d-------- C:\Program Files\Winamp
2008-03-20 19:29 . 2008-03-29 22:12 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\Winamp
2008-03-20 13:52 . 2008-03-20 13:52 11 -ra------ C:\WINDOWS\amunres.lsl
2008-03-17 18:35 . 2008-03-17 18:34 1,079,139 --a------ C:\WINDOWS\d361580ec4d1b490.jpg
2008-03-17 18:22 . 2008-03-17 18:21 8,726,263 --a------ C:\WINDOWS\EVERY_SINGLE_POKEMON_by_purplekecleon.png

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 15:18 2,639,904 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-16 15:10 31,748 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-15 20:02 --------- d-----w C:\Program Files\Blaze Media Pro
2008-04-14 20:53 --------- d-----w C:\Program Files\Soulseek
2008-04-10 21:04 --------- d-----w C:\Documents and Settings\HP_Eigenaar\Application Data\uTorrent
2008-04-09 21:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-04 20:04 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-04-04 20:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-04 00:15 --------- d-----w C:\Program Files\MSBuild
2008-04-01 18:02 --------- d-----w C:\Program Files\Java
2008-03-30 00:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-03-29 22:45 --------- d-----w C:\Program Files\MSN Messenger
2008-03-29 22:44 --------- d-----w C:\Program Files\Windows Live
2008-03-29 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-29 17:24 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-28 11:14 --------- d-----w C:\Program Files\utorrent
2008-03-25 18:02 --------- d-----w C:\Program Files\EvilLyrics
2008-03-16 16:32 --------- d-----w C:\Program Files\Final Fantasy VII
2008-03-13 21:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-03-13 12:55 --------- d-----w C:\Program Files\Gabest
2008-03-13 12:54 --------- d-----w C:\Program Files\Opera
2008-03-13 12:38 --------- d-----w C:\Program Files\CCleaner
2008-03-13 01:00 10,752 ----a-w C:\WINDOWS\DCEBoot.exe
2008-03-12 18:09 --------- d-----w C:\Program Files\Tales of Pirates Online
2008-03-12 18:09 --------- d-----w C:\Program Files\MastrScan
2008-03-12 18:09 --------- d-----w C:\Program Files\AviSynth 2.5
2008-03-12 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-12 18:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-10 22:45 --------- d-----w C:\Program Files\Zone Labs
2008-03-07 11:58 --------- d-----w C:\Program Files\Oberon Media
2008-03-07 10:28 --------- d-----w C:\Documents and Settings\HP_Eigenaar\Application Data\Microsoft Games
2008-03-01 23:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-29 19:50 --------- d-----w C:\Documents and Settings\HP_Eigenaar\Application Data\beid-cache
2007-04-08 14:44 87,608 ----a-w C:\Documents and Settings\HP_Eigenaar\Application Data\ezpinst.exe
2007-04-08 14:44 47,360 ----a-w C:\Documents and Settings\HP_Eigenaar\Application Data\pcouffin.sys
2006-11-25 20:50 1,886 ----a-w C:\Documents and Settings\HP_Eigenaar\usetup.exe
2005-09-23 22:49 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
.

------- Sigcheck -------

2005-03-02 20:14 2061312 c26d84b802567e629d42861a11c7ec04 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-19 20:47 2063744 4bf54c0431a9bb0bce6c821cd4018f7d C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 18:09 2063744 f51b8d8b0703518349096604e788b83e C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-04 06:00 2061184 e0399688d466b7c3afdffb5a2ed9f351 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:09 2061184 c6cf1974acdb8329daf9d001c0937cb0 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 20:25 2061952 6d080ddc482e83a69c9a862c247fa50d C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:05 2061952 57b09ad681c1d8db77ccc3e92d8f5d14 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:05 2071296 7c2cbe9daeec1c39f07db34346bc8007 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:05 2061952 57b09ad681c1d8db77ccc3e92d8f5d14 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-02-28 18:05 2061952 57b09ad681c1d8db77ccc3e92d8f5d14 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe

2005-03-02 20:15 2183936 5db3e8dec987b5d350e4a105dceaee6a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 20:47 2186368 4cb6c3b16587971c56aaa8a9b0511bc7 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 18:09 2186496 59dca97dc201792c1ccf9fe621ee5ed7 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-03 23:00 2185344 87aaea3908e069fb1be37380c895dfb8 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:09 2183680 281a1e82f5f8fc0b2f4b57ef296a4240 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 20:25 2184704 f609063bae4d058a4019c4d99a1fd8dd C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:05 2184704 caaa8fd3c034a227691a43b60873f097 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2003-05-30 21:23 2124032 52ddab8ea1f090ad419708709213f14e C:\WINDOWS\Resources\Boot\ntoskrnl.exe
2007-02-28 18:05 2194048 042b71f9d2821f5ebb7bcc522d99ba26 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:05 2184704 caaa8fd3c034a227691a43b60873f097 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-02-28 18:05 2184704 caaa8fd3c034a227691a43b60873f097 C:\WINDOWS\system32\VITrans\ntoskrnl.exe

2007-06-13 15:24 1427456 c17e18eb83c0e02fcf75c0593e1e32bb C:\WINDOWS\explorer.exe
2007-06-13 15:12 1036800 1d6245afbd3faabc16a885116be1874d C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-03 23:00 1035776 a1d7304a87fc3093150f5e3cc7b0f338 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:24 1036800 147e95a42a58ce99e403f7f57656bbeb C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:24 1036800 147e95a42a58ce99e403f7f57656bbeb C:\WINDOWS\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:00 15360]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31 1372160]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-05 21:21 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:53 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 01:35 49152]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 15:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 19:29 249856]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 19:23 663552]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2004-11-04 19:36 1569280]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-11 23:12 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-02 14:36 1177368]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]

C:\Documents and Settings\HP_Eigenaar\Menu Start\Programma's\Opstarten\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-07-01 21:12:14 106496]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-11-10 13:02 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Last.fm.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Last.fm.lnk
backup=C:\WINDOWS\pss\Last.fm.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Eigenaar^Menu Start^Programma's^Opstarten^Last.fm Helper.lnk]
path=C:\Documents and Settings\HP_Eigenaar\Menu Start\Programma's\Opstarten\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Eigenaar^Menu Start^Programma's^Opstarten^Thoosje Sidebar .lnk]
path=C:\Documents and Settings\HP_Eigenaar\Menu Start\Programma's\Opstarten\Thoosje Sidebar .lnk
backup=C:\WINDOWS\pss\Thoosje Sidebar .lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-22 16:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2006-02-24 19:46 147456 C:\Program Files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-05 21:21 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb]
C:\Program Files\ViOrb\ViOrb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\wianmpa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"C:\\Program Files\\Last.fm\\LastFM.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1024:TCP"= 1024:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 1
"1025:TCP"= 1025:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 2
"1026:TCP"= 1026:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 3
"1027:TCP"= 1027:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 4
"1028:TCP"= 1028:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 5
"1029:TCP"= 1029:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 6
"1030:TCP"= 1030:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 7
"1031:TCP"= 1031:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 8
"1032:TCP"= 1032:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 9
"1033:TCP"= 1033:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 10
"59:TCP"= 59:TCP:87.66.117.233/255.255.255.255:Enabled:poort 59 voor mirc
"54047:UDP"= 54047:UDP:utorrent poort

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-04-02 14:36]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-02 14:36]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-02 14:36]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]
S3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usb.sys [2006-03-24 20:14]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 17:14:32
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...


C:\WINDOWS\TEMP\6088f729-8453-42df-adb1-07d472340f4c.tmp 0 bytes


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
.
**************************************************************************
.
Voltooingstijd: 2008-04-16 17:38:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-16 15:36:43

Pre-Run: 99,743,211,520 bytes beschikbaar
Post-Run: 99,916,935,168 bytes beschikbaar
.
2008-04-09 21:25:53 --- E O F ---
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Almost there...just a little more fixing.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

File::
C:\WINDOWS\system32\spmsg2.dll
C:\WINDOWS\imsins.BAK
C:\StubInstaller.exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\StubInstaller.exe"=-

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#5
Dreagan

Dreagan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I think I followed the steps right.. It didn't prompt me anything when I dragged it onto the combofix.exe (it did install it), so I figured I'd have run it myself by clicking it..

anywho, here's the log that came out.


Dreagan


-------------------------------------------------------------------------------------------------------------------

combofix log #2:

ComboFix 08-04-15.4 - HP_Eigenaar 2008-04-16 18:42:12.2 - NTFSx86
Gestart vanuit: C:\Documents and Settings\HP_Eigenaar\Bureaublad\ComboFix.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))
.

2008-04-14 19:33 . 2008-04-14 19:33 <DIR> d-------- C:\Program Files\Virtools
2008-04-07 18:12 . 2008-04-07 18:12 <DIR> d-------- C:\Program Files\NCH Software
2008-04-07 18:12 . 2008-04-07 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-04-07 18:10 . 2008-04-07 18:12 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-04-07 18:10 . 2008-04-07 18:12 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\NCH Swift Sound
2008-04-05 11:20 . 2008-03-13 23:11 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-04-04 22:06 . 2008-04-04 22:06 <DIR> d-------- C:\Program Files\Common Files\TiVo Shared
2008-04-04 22:04 . 2008-04-04 22:06 <DIR> d-------- C:\Program Files\Sonic
2008-04-04 22:04 . 2008-04-04 22:04 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2008-04-04 02:37 . 2008-04-04 02:37 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-04 02:21 . 2008-04-04 02:21 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-04-04 02:11 . 2008-04-04 02:20 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-04 02:10 . 2008-04-04 02:10 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-04 02:01 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-04 02:00 . 2008-04-09 23:24 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-04-04 01:00 . 2008-04-04 01:00 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\WinBatch
2008-04-02 21:30 . 2008-04-16 18:39 <DIR> dr-h----- C:\Documents and Settings\HP_Eigenaar\Onlangs geopend
2008-04-02 14:36 . 2008-04-16 16:03 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-02 14:36 . 2008-04-02 14:36 <DIR> d-------- C:\Program Files\AVG
2008-04-02 14:36 . 2008-04-02 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-02 14:36 . 2008-04-02 14:36 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-02 14:36 . 2008-04-02 14:36 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-04-02 14:36 . 2008-04-02 14:36 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-03-30 00:47 . 2008-04-16 10:04 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Tracing
2008-03-29 22:33 . 2008-03-29 22:33 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-20 19:29 . 2008-03-29 22:13 <DIR> d-------- C:\Program Files\Winamp
2008-03-20 19:29 . 2008-03-29 22:12 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\Winamp
2008-03-20 13:52 . 2008-03-20 13:52 11 -ra------ C:\WINDOWS\amunres.lsl
2008-03-17 18:35 . 2008-03-17 18:34 1,079,139 --a------ C:\WINDOWS\d361580ec4d1b490.jpg
2008-03-17 18:22 . 2008-03-17 18:21 8,726,263 --a------ C:\WINDOWS\EVERY_SINGLE_POKEMON_by_purplekecleon.png

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 16:51 2,719,776 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-16 15:10 31,748 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-15 20:02 --------- d-----w C:\Program Files\Blaze Media Pro
2008-04-14 20:53 --------- d-----w C:\Program Files\Soulseek
2008-04-10 21:04 --------- d-----w C:\Documents and Settings\HP_Eigenaar\Application Data\uTorrent
2008-04-10 13:12 70,144 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-04-09 21:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-08 10:16 783,872 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-04-04 20:04 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-04-04 20:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-04 00:15 --------- d-----w C:\Program Files\MSBuild
2008-04-01 18:02 --------- d-----w C:\Program Files\Java
2008-03-30 00:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-03-29 22:45 --------- d-----w C:\Program Files\MSN Messenger
2008-03-29 22:44 --------- d-----w C:\Program Files\Windows Live
2008-03-29 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-29 17:24 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-28 11:14 --------- d-----w C:\Program Files\utorrent
2008-03-25 18:02 --------- d-----w C:\Program Files\EvilLyrics
2008-03-25 17:43 119,907 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_24_22_43_06_small.dmp.zip
2008-03-25 17:43 109,390 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_24_22_42_49_small.dmp.zip
2008-03-24 21:43 2,691,072 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-03-24 21:43 1,519,616 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-16 17:50 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-03-16 17:50 14,336 ----a-w C:\WINDOWS\system32\dllcache\svchost.exe
2008-03-16 16:32 --------- d-----w C:\Program Files\Final Fantasy VII
2008-03-13 22:55 2,726,912 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-03-13 22:55 1,449,472 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-03-13 21:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-03-13 12:55 --------- d-----w C:\Program Files\Gabest
2008-03-13 12:54 --------- d-----w C:\Program Files\Opera
2008-03-13 12:38 --------- d-----w C:\Program Files\CCleaner
2008-03-13 01:00 10,752 ----a-w C:\WINDOWS\DCEBoot.exe
2008-03-12 18:09 --------- d-----w C:\Program Files\Tales of Pirates Online
2008-03-12 18:09 --------- d-----w C:\Program Files\MastrScan
2008-03-12 18:09 --------- d-----w C:\Program Files\AviSynth 2.5
2008-03-12 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-12 18:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-12 17:55 105,611 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_12_18_43_53_small.dmp.zip
2008-03-12 17:42 1,408,512 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2008-03-11 23:41 2,424,832 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-03-10 22:45 --------- d-----w C:\Program Files\Zone Labs
2008-03-07 11:58 --------- d-----w C:\Program Files\Oberon Media
2008-03-07 10:28 --------- d-----w C:\Documents and Settings\HP_Eigenaar\Application Data\Microsoft Games
2008-03-01 23:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-03-01 16:35 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 19:50 --------- d-----w C:\Documents and Settings\HP_Eigenaar\Application Data\beid-cache
2008-02-29 08:58 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:58 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-04-08 14:44 87,608 ----a-w C:\Documents and Settings\HP_Eigenaar\Application Data\ezpinst.exe
2007-04-08 14:44 47,360 ----a-w C:\Documents and Settings\HP_Eigenaar\Application Data\pcouffin.sys
2006-11-25 20:50 1,886 ----a-w C:\Documents and Settings\HP_Eigenaar\usetup.exe
2005-09-23 22:49 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
.

------- Sigcheck -------

2005-03-02 20:14 2061312 c26d84b802567e629d42861a11c7ec04 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-19 20:47 2063744 4bf54c0431a9bb0bce6c821cd4018f7d C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 18:09 2063744 f51b8d8b0703518349096604e788b83e C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-04 06:00 2061184 e0399688d466b7c3afdffb5a2ed9f351 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:09 2061184 c6cf1974acdb8329daf9d001c0937cb0 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 20:25 2061952 6d080ddc482e83a69c9a862c247fa50d C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:05 2061952 57b09ad681c1d8db77ccc3e92d8f5d14 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:05 2071296 7c2cbe9daeec1c39f07db34346bc8007 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:05 2061952 57b09ad681c1d8db77ccc3e92d8f5d14 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-02-28 18:05 2061952 57b09ad681c1d8db77ccc3e92d8f5d14 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe

2005-03-02 20:15 2183936 5db3e8dec987b5d350e4a105dceaee6a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 20:47 2186368 4cb6c3b16587971c56aaa8a9b0511bc7 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 18:09 2186496 59dca97dc201792c1ccf9fe621ee5ed7 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-03 23:00 2185344 87aaea3908e069fb1be37380c895dfb8 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:09 2183680 281a1e82f5f8fc0b2f4b57ef296a4240 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 20:25 2184704 f609063bae4d058a4019c4d99a1fd8dd C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:05 2184704 caaa8fd3c034a227691a43b60873f097 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2003-05-30 21:23 2124032 52ddab8ea1f090ad419708709213f14e C:\WINDOWS\Resources\Boot\ntoskrnl.exe
2007-02-28 18:05 2194048 042b71f9d2821f5ebb7bcc522d99ba26 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:05 2184704 caaa8fd3c034a227691a43b60873f097 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-02-28 18:05 2184704 caaa8fd3c034a227691a43b60873f097 C:\WINDOWS\system32\VITrans\ntoskrnl.exe

2007-06-13 15:24 1427456 c17e18eb83c0e02fcf75c0593e1e32bb C:\WINDOWS\explorer.exe
2007-06-13 15:12 1036800 1d6245afbd3faabc16a885116be1874d C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-03 23:00 1035776 a1d7304a87fc3093150f5e3cc7b0f338 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:24 1036800 147e95a42a58ce99e403f7f57656bbeb C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:24 1036800 147e95a42a58ce99e403f7f57656bbeb C:\WINDOWS\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:00 15360]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31 1372160]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-05 21:21 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:53 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 01:35 49152]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 15:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 19:29 249856]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 19:23 663552]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2004-11-04 19:36 1569280]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-11 23:12 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-02 14:36 1177368]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]

C:\Documents and Settings\HP_Eigenaar\Menu Start\Programma's\Opstarten\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-07-01 21:12:14 106496]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-11-10 13:02 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Last.fm.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Last.fm.lnk
backup=C:\WINDOWS\pss\Last.fm.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Eigenaar^Menu Start^Programma's^Opstarten^Last.fm Helper.lnk]
path=C:\Documents and Settings\HP_Eigenaar\Menu Start\Programma's\Opstarten\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Eigenaar^Menu Start^Programma's^Opstarten^Thoosje Sidebar .lnk]
path=C:\Documents and Settings\HP_Eigenaar\Menu Start\Programma's\Opstarten\Thoosje Sidebar .lnk
backup=C:\WINDOWS\pss\Thoosje Sidebar .lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-22 16:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2006-02-24 19:46 147456 C:\Program Files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-05 21:21 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb]
C:\Program Files\ViOrb\ViOrb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\wianmpa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"C:\\Program Files\\Last.fm\\LastFM.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1024:TCP"= 1024:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 1
"1025:TCP"= 1025:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 2
"1026:TCP"= 1026:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 3
"1027:TCP"= 1027:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 4
"1028:TCP"= 1028:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 5
"1029:TCP"= 1029:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 6
"1030:TCP"= 1030:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 7
"1031:TCP"= 1031:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 8
"1032:TCP"= 1032:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 9
"1033:TCP"= 1033:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 10
"59:TCP"= 59:TCP:87.66.117.233/255.255.255.255:Enabled:poort 59 voor mirc
"54047:UDP"= 54047:UDP:utorrent poort

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-04-02 14:36]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-02 14:36]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-02 14:36]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]
S3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usb.sys [2006-03-24 20:14]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 18:52:14
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...


**************************************************************************
.
Voltooingstijd: 2008-04-16 19:08:46
ComboFix-quarantined-files.txt 2008-04-16 17:07:25
ComboFix2.txt 2008-04-16 15:38:01

Pre-Run: 100,437,676,032 bytes beschikbaar
Post-Run: 100,414,251,008 bytes beschikbaar
.
2008-04-09 21:25:53 --- E O F ---
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Nope....it should run automatically. You need to left click and drag the CFScript.txt and hover it over the combofix tool (it should turn blue). Then let go. Cancel that last fix I gave you. Do this instead (more updated):

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

DirLook::
C:\Documents and Settings\All Users\Application Data\Microsoft Help

File::
C:\WINDOWS\Internet Logs\xDB7.tmp
C:\WINDOWS\Internet Logs\xDB6.tmp
C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_24_22_43_06_small.dmp.zip
C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_24_22_42_49_small.dmp.zip
C:\WINDOWS\Internet Logs\xDB4.tmp
C:\WINDOWS\Internet Logs\xDB5.tmp
C:\WINDOWS\Internet Logs\xDB2.tmp
C:\WINDOWS\Internet Logs\xDB3.tmp
C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_12_18_43_53_small.dmp.zip
C:\WINDOWS\Internet Logs\xDB1F.tmp
C:\WINDOWS\Internet Logs\xDB1.tmp
C:\WINDOWS\system32\spmsg2.dll
C:\WINDOWS\imsins.BAK
C:\StubInstaller.exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\StubInstaller.exe"=-

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#7
Dreagan

Dreagan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
[bleep], I knew something would go wrong.. -_-'
I get that blue status bar when I drop it on combofix.exe, but when it is 'fully loaded', it doesn't do anything..
Any guess what could be wrong here..?


Dreagan
  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Does combofix open once you drop the text file into it? If so, let it run. Give it a bit more time to see if it's running in the background.
  • 0

#9
Dreagan

Dreagan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
No, it does not open, it seems like it is going to open, because when I drop the txt file onto combofix.exe, it gives a blue status/progress bar, and when that bar is full, it disappears and all the icons on my desktop flash once.
But that's it, I've been waiting for about 30 minutes now, but it doesn't start..


Dreagan
  • 0

#10
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Delete these manually in that case:

C:\WINDOWS\Internet Logs\xDB7.tmp
C:\WINDOWS\Internet Logs\xDB6.tmp
C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_24_22_43_06_small.dmp.zip
C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_24_22_42_49_small.dmp.zip
C:\WINDOWS\Internet Logs\xDB4.tmp
C:\WINDOWS\Internet Logs\xDB5.tmp
C:\WINDOWS\Internet Logs\xDB2.tmp
C:\WINDOWS\Internet Logs\xDB3.tmp
C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_12_18_43_53_small.dmp.zip
C:\WINDOWS\Internet Logs\xDB1F.tmp
C:\WINDOWS\Internet Logs\xDB1.tmp
C:\WINDOWS\system32\spmsg2.dll
C:\WINDOWS\imsins.BAK
C:\StubInstaller.exe


If any of them give you problems, try deleting them in Safe Mode.

Also look at this folder (C:\Documents and Settings\All Users\Application Data\Microsoft Help) and tell me what files/folders you have inside there.

Try running Combofix alone after you do all that and post the new log here.
  • 0

#11
Dreagan

Dreagan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I had no problem deleting those files.

I had no problem running combofix (the log will be posted at the end of this post).

And in the folder C:\Documents and Settings\All Users\Application Data\Microsoft Help, I found no other folders, but I did came accross these files:

Hx.hxn
Hx_2067_MKWD_K.HxW
Hx_2067_MKWD_NamedURL.HxW
Hx_2067_MTOC_Hx.HxH
Hx_2067_MValidator.HxD
Hx_2067_MValidator.Lck
MS.EXCEL.12.1043.hxn
MS.EXCEL.DEV.12.1043.hxn
MS.GRAPH.12.1043.hxn
MS.INFOPATH.12.1043.hxn
MS.INFOPATHEDITOR.12.1043.hxn
MS.MSACCESS.12.1043.hxn
MS.MSACCESS.DEV.12.1043.hxn
MS.MSE.12.1043.hxn
MS.MSE_LEGACY.12.1043.hxn
MS.MSPUB.12.1043.hxn
MS.MSPUB.DEV.12.1043.hxn
MS.MSTORE.12.1043.hxn
MS.OIS.12.1043.hxn
MS.OUTLOOK.12.1043.hxn
MS.OUTLOOK.DEV.12.1043.hxn
MS.POWERPNT.12.1043.hxn
MS.POWERPNT.DEV.12.1043.hxn
MS.RIBBON.12.1043.hxn
MS.SETLANG.12.1043.hxn
MS.VBE.DEV.12.1043.hxn
MS.WINWORD.12.1043.hxn
MS.WINWORD.DEV.12.1043.hxn
nslist.hxl




Dreagan

-------------------------------------------------------------------------------------------------------

Here's combofix log #3:

ComboFix 08-04-15.4 - HP_Eigenaar 2008-04-16 21:15:33.3 - NTFSx86
Gestart vanuit: C:\Documents and Settings\HP_Eigenaar\Bureaublad\ComboFix.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))
.

2008-04-14 19:33 . 2008-04-14 19:33 <DIR> d-------- C:\Program Files\Virtools
2008-04-07 18:12 . 2008-04-07 18:12 <DIR> d-------- C:\Program Files\NCH Software
2008-04-07 18:12 . 2008-04-07 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-04-07 18:10 . 2008-04-07 18:12 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-04-07 18:10 . 2008-04-07 18:12 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\NCH Swift Sound
2008-04-05 11:20 . 2008-03-13 23:11 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-04-04 22:06 . 2008-04-04 22:06 <DIR> d-------- C:\Program Files\Common Files\TiVo Shared
2008-04-04 22:04 . 2008-04-04 22:06 <DIR> d-------- C:\Program Files\Sonic
2008-04-04 22:04 . 2008-04-04 22:04 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2008-04-04 02:37 . 2008-04-04 02:37 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-04 02:21 . 2008-04-04 02:21 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-04-04 02:11 . 2008-04-04 02:20 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-04 02:10 . 2008-04-04 02:10 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-04 01:00 . 2008-04-04 01:00 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\WinBatch
2008-04-02 21:30 . 2008-04-16 19:24 <DIR> dr-h----- C:\Documents and Settings\HP_Eigenaar\Onlangs geopend
2008-04-02 14:36 . 2008-04-16 16:03 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-02 14:36 . 2008-04-02 14:36 <DIR> d-------- C:\Program Files\AVG
2008-04-02 14:36 . 2008-04-02 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-02 14:36 . 2008-04-02 14:36 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-02 14:36 . 2008-04-02 14:36 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-04-02 14:36 . 2008-04-02 14:36 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-03-30 00:47 . 2008-04-16 20:02 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Tracing
2008-03-29 22:33 . 2008-03-29 22:33 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-20 19:29 . 2008-03-29 22:13 <DIR> d-------- C:\Program Files\Winamp
2008-03-20 19:29 . 2008-03-29 22:12 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\Winamp
2008-03-20 13:52 . 2008-03-20 13:52 11 -ra------ C:\WINDOWS\amunres.lsl
2008-03-17 18:35 . 2008-03-17 18:34 1,079,139 --a------ C:\WINDOWS\d361580ec4d1b490.jpg
2008-03-17 18:22 . 2008-03-17 18:21 8,726,263 --a------ C:\WINDOWS\EVERY_SINGLE_POKEMON_by_purplekecleon.png

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 19:25 2,877,472 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-16 19:13 --------- d-----w C:\Program Files\Soulseek
2008-04-16 15:10 31,748 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-15 20:02 --------- d-----w C:\Program Files\Blaze Media Pro
2008-04-10 21:04 --------- d-----w C:\Documents and Settings\HP_Eigenaar\Application Data\uTorrent
2008-04-09 21:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-04 20:04 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-04-04 20:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-04 00:15 --------- d-----w C:\Program Files\MSBuild
2008-04-01 18:02 --------- d-----w C:\Program Files\Java
2008-03-30 00:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-03-29 22:45 --------- d-----w C:\Program Files\MSN Messenger
2008-03-29 22:44 --------- d-----w C:\Program Files\Windows Live
2008-03-29 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-29 17:24 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-28 11:14 --------- d-----w C:\Program Files\utorrent
2008-03-25 18:02 --------- d-----w C:\Program Files\EvilLyrics
2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-16 17:50 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-03-16 17:50 14,336 ----a-w C:\WINDOWS\system32\dllcache\svchost.exe
2008-03-16 16:32 --------- d-----w C:\Program Files\Final Fantasy VII
2008-03-13 21:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-03-13 12:55 --------- d-----w C:\Program Files\Gabest
2008-03-13 12:54 --------- d-----w C:\Program Files\Opera
2008-03-13 12:38 --------- d-----w C:\Program Files\CCleaner
2008-03-13 01:00 10,752 ----a-w C:\WINDOWS\DCEBoot.exe
2008-03-12 18:09 --------- d-----w C:\Program Files\Tales of Pirates Online
2008-03-12 18:09 --------- d-----w C:\Program Files\MastrScan
2008-03-12 18:09 --------- d-----w C:\Program Files\AviSynth 2.5
2008-03-12 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-12 18:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-10 22:45 --------- d-----w C:\Program Files\Zone Labs
2008-03-07 11:58 --------- d-----w C:\Program Files\Oberon Media
2008-03-07 10:28 --------- d-----w C:\Documents and Settings\HP_Eigenaar\Application Data\Microsoft Games
2008-03-01 23:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-03-01 16:35 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 19:50 --------- d-----w C:\Documents and Settings\HP_Eigenaar\Application Data\beid-cache
2008-02-29 08:58 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:58 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-04-08 14:44 87,608 ----a-w C:\Documents and Settings\HP_Eigenaar\Application Data\ezpinst.exe
2007-04-08 14:44 47,360 ----a-w C:\Documents and Settings\HP_Eigenaar\Application Data\pcouffin.sys
2006-11-25 20:50 1,886 ----a-w C:\Documents and Settings\HP_Eigenaar\usetup.exe
2005-09-23 22:49 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
.

------- Sigcheck -------

2005-03-02 20:14 2061312 c26d84b802567e629d42861a11c7ec04 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-19 20:47 2063744 4bf54c0431a9bb0bce6c821cd4018f7d C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 18:09 2063744 f51b8d8b0703518349096604e788b83e C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-04 06:00 2061184 e0399688d466b7c3afdffb5a2ed9f351 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:09 2061184 c6cf1974acdb8329daf9d001c0937cb0 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 20:25 2061952 6d080ddc482e83a69c9a862c247fa50d C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:05 2061952 57b09ad681c1d8db77ccc3e92d8f5d14 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:05 2071296 7c2cbe9daeec1c39f07db34346bc8007 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:05 2061952 57b09ad681c1d8db77ccc3e92d8f5d14 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-02-28 18:05 2061952 57b09ad681c1d8db77ccc3e92d8f5d14 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe

2005-03-02 20:15 2183936 5db3e8dec987b5d350e4a105dceaee6a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 20:47 2186368 4cb6c3b16587971c56aaa8a9b0511bc7 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 18:09 2186496 59dca97dc201792c1ccf9fe621ee5ed7 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-03 23:00 2185344 87aaea3908e069fb1be37380c895dfb8 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:09 2183680 281a1e82f5f8fc0b2f4b57ef296a4240 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 20:25 2184704 f609063bae4d058a4019c4d99a1fd8dd C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:05 2184704 caaa8fd3c034a227691a43b60873f097 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2003-05-30 21:23 2124032 52ddab8ea1f090ad419708709213f14e C:\WINDOWS\Resources\Boot\ntoskrnl.exe
2007-02-28 18:05 2194048 042b71f9d2821f5ebb7bcc522d99ba26 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:05 2184704 caaa8fd3c034a227691a43b60873f097 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-02-28 18:05 2184704 caaa8fd3c034a227691a43b60873f097 C:\WINDOWS\system32\VITrans\ntoskrnl.exe

2007-06-13 15:24 1427456 c17e18eb83c0e02fcf75c0593e1e32bb C:\WINDOWS\explorer.exe
2007-06-13 15:12 1036800 1d6245afbd3faabc16a885116be1874d C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-03 23:00 1035776 a1d7304a87fc3093150f5e3cc7b0f338 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:24 1036800 147e95a42a58ce99e403f7f57656bbeb C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:24 1036800 147e95a42a58ce99e403f7f57656bbeb C:\WINDOWS\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:00 15360]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31 1372160]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-05 21:21 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:53 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 01:35 49152]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 15:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 19:29 249856]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 19:23 663552]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2004-11-04 19:36 1569280]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-11 23:12 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-02 14:36 1177368]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]

C:\Documents and Settings\HP_Eigenaar\Menu Start\Programma's\Opstarten\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-07-01 21:12:14 106496]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-11-10 13:02 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Last.fm.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Last.fm.lnk
backup=C:\WINDOWS\pss\Last.fm.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Eigenaar^Menu Start^Programma's^Opstarten^Last.fm Helper.lnk]
path=C:\Documents and Settings\HP_Eigenaar\Menu Start\Programma's\Opstarten\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Eigenaar^Menu Start^Programma's^Opstarten^Thoosje Sidebar .lnk]
path=C:\Documents and Settings\HP_Eigenaar\Menu Start\Programma's\Opstarten\Thoosje Sidebar .lnk
backup=C:\WINDOWS\pss\Thoosje Sidebar .lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-22 16:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2006-02-24 19:46 147456 C:\Program Files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-05 21:21 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb]
C:\Program Files\ViOrb\ViOrb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\wianmpa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"C:\\Program Files\\Last.fm\\LastFM.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1024:TCP"= 1024:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 1
"1025:TCP"= 1025:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 2
"1026:TCP"= 1026:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 3
"1027:TCP"= 1027:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 4
"1028:TCP"= 1028:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 5
"1029:TCP"= 1029:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 6
"1030:TCP"= 1030:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 7
"1031:TCP"= 1031:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 8
"1032:TCP"= 1032:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 9
"1033:TCP"= 1033:TCP:87.66.117.233/255.255.255.255:Enabled:poort voor mirc 10
"59:TCP"= 59:TCP:87.66.117.233/255.255.255.255:Enabled:poort 59 voor mirc
"54047:UDP"= 54047:UDP:utorrent poort

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-04-02 14:36]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-02 14:36]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]
S3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usb.sys [2006-03-24 20:14]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 21:26:08
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...


**************************************************************************
.
Voltooingstijd: 2008-04-16 21:38:19
ComboFix-quarantined-files.txt 2008-04-16 19:37:05
ComboFix2.txt 2008-04-16 17:08:48
ComboFix3.txt 2008-04-16 15:38:01

Pre-Run: 100,293,148,672 bytes beschikbaar
Post-Run: 100,270,288,896 bytes beschikbaar
.
2008-04-09 21:25:53 --- E O F ---
  • 0

#12
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run and type in Combofix /u and hit OK to remove Combofix. You should be set to go.
  • 0

#13
Dreagan

Dreagan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I think you can tag this thread as fixed.. ^^
Browsers are back to full health and I've uninstalled combofix.

I'm very grateful for your help!
Thank you very much!


Dreagan
  • 0

#14
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP