[kuifje]

Hi,

Since a few days my bitdefender continuosly reports that it has blocked trojan.TDss.fm from my computer.
I can not seem to find the source of this problem.
Bitdefender says my computer is safe though, i would like to be sure.
So any help in getting rid of this trojan would be nice.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:22:45, on 3-5-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Trust\Trust R-Series Keyboard\StartAutorun.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Trust\Trust R-Series Keyboard\KMConfig.exe
C:\Program Files\Trust\Trust R-Series Keyboard\KMProcess.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Trust\Trust R-Series Keyboard\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] "C:\Windows\p_981116.exe" /Q:A
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Laura%20Jones%20and%20the%20Gates%20of%20Good%20and%20Evil/Images/armhelper.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15029/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: CyberLink Media TV Service - CyberLink - C:\Program Files\Acer Zone\Acer Zone TV Server\Kernel\DMSTV\CLMSServer.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\Trust R-Series Keyboard\KMWDSrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\Acer Zone\Acer Zone TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\Acer Zone\Acer Zone TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 7469 bytes

Kuifje

Edited by kuifje, 03 May 2009 - 08:20 AM.

[Advertisements]

Hi Kuifje ,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem.
Sorry for the delay, we have been very busy lately, and I apologize for your wait.



Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[SpySentinel]

Hi Kuifje ,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem.
Sorry for the delay, we have been very busy lately, and I apologize for your wait.



Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[kuifje]

Hi SpySentinel,

Thanks for the help!!!
After a small fight with my computer i got the combofix log.

I hope you can make chocolate out of it.

Kuifje

Combofix log:

ComboFix 09-05-04.A3 - prutteltje 05-05-2009 20:01.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.2047.1360 [GMT 2:00]
Gestart vanuit: c:\users\prutteltje\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)
AV: Norton Internet Security *On-access scanning enabled* (Updated)
AV: Spy Sweeper with AntiVirus *On-access scanning disabled* (Updated)
FW: Bitdefender Firewall *disabled*
FW: Norton Internet Security *enabled*
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\ovfsthxpfeoysdp.sys
c:\windows\system32\ovfsthxtitpsscn.dat
c:\windows\system32\ovfsthxxevqpngb.dll
c:\windows\system32\ovfsthxxnrtcldl.dll
c:\windows\system32\ovfsthxxpdmetcm.dll
c:\windows\system32\ovfsthxyvwxvrho.dat
c:\windows\system32\uniq.tll

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-04-05 to 2009-05-05 ))))))))))))))))))))))))))))))
.

2009-05-01 15:29 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-01 15:29 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-29 19:24 . 2009-04-29 19:24 -------- d-----w c:\users\prutteltje\AppData\Roaming\funkitron
2009-04-29 17:41 . 2009-04-29 17:41 -------- d-----w c:\users\prutteltje\AppData\Roaming\GOL_byHasbro
2009-04-26 17:39 . 2009-04-26 17:43 -------- d-----w c:\users\prutteltje\AppData\Roaming\Mysteryville2
2009-04-26 17:38 . 2009-04-26 18:44 -------- d-----w c:\program files\iWin.com Games
2009-04-25 16:20 . 2009-04-25 16:20 -------- d-----w c:\users\prutteltje\AppData\Local\Gamenauts
2009-04-24 20:33 . 2009-04-24 20:33 -------- d-----w c:\programdata\SpecialBit
2009-04-24 20:33 . 2009-04-24 20:33 -------- d-----w c:\users\All Users\SpecialBit
2009-04-19 19:16 . 2009-04-19 19:16 -------- d-----w c:\users\prutteltje\AppData\Roaming\Reflexivev1002
2009-04-09 05:27 . 2008-10-10 02:52 2036576 ----a-w c:\windows\system32\D3DCompiler_40.dll
2009-04-09 05:27 . 2008-10-10 02:52 452440 ----a-w c:\windows\system32\d3dx10_40.dll
2009-04-09 05:27 . 2008-10-10 02:52 4379984 ----a-w c:\windows\system32\D3DX9_40.dll
2009-04-09 05:27 . 2008-10-27 08:04 70992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2009-04-09 05:27 . 2008-10-27 08:04 514384 ----a-w c:\windows\system32\XAudio2_3.dll
2009-04-09 05:27 . 2008-10-27 08:04 235856 ----a-w c:\windows\system32\xactengine3_3.dll
2009-04-09 05:27 . 2008-10-27 08:04 23376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2009-04-08 20:01 . 2009-04-08 20:01 -------- d-----w c:\program files\Kalypso
2009-04-08 16:54 . 2009-04-08 16:54 120344577 ----a-w c:\windows\system32\xa685930296.exe
2009-04-08 16:54 . 2009-04-08 16:54 120344577 ----a-w c:\windows\system32\xa685927597.exe

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-05 18:19 . 2009-01-28 04:34 81984 ----a-w c:\windows\system32\bdod.bin
2009-05-05 17:38 . 2006-11-02 16:11 676772 ----a-w c:\windows\system32\perfh013.dat
2009-05-05 17:38 . 2006-11-02 16:11 131268 ----a-w c:\windows\system32\perfc013.dat
2009-05-05 17:31 . 2008-03-02 08:00 12 ----a-w c:\windows\bthservsdp.dat
2009-05-01 15:30 . 2009-01-25 23:58 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-31 19:02 . 2009-01-26 00:54 -------- d-----w c:\program files\Java
2009-03-17 03:38 . 2009-04-15 17:26 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 17:26 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-11 20:55 . 2009-02-22 15:18 -------- d-----w c:\program files\BigfishGames
2009-03-09 03:19 . 2009-01-26 00:55 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-03 04:46 . 2009-04-15 17:26 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 17:26 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 17:26 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-15 17:26 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 17:26 551424 ------w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 17:26 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 17:26 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-15 17:26 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 17:26 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 17:26 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 17:26 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 17:26 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-15 17:26 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-13 20:30 . 2009-02-13 20:30 94801292 ----a-w c:\windows\system32\xa94226663.exe
2009-02-13 20:30 . 2009-02-13 20:30 94801292 ----a-w c:\windows\system32\xa94224588.exe
2009-02-13 08:49 . 2009-04-15 17:26 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-15 17:26 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-02-11 20:58 . 2009-02-11 20:58 55752346 ----a-w c:\windows\system32\xa275937423.exe
2009-02-11 20:58 . 2009-02-11 20:58 55752346 ----a-w c:\windows\system32\xa275934350.exe
2009-02-11 18:43 . 2009-02-11 18:43 97330812 ----a-w c:\windows\system32\xa267784077.exe
2009-02-11 18:43 . 2009-02-11 18:43 97330812 ----a-w c:\windows\system32\xa267781800.exe
2009-02-09 03:10 . 2009-03-11 00:10 2033152 ----a-w c:\windows\system32\win32k.sys
2008-06-18 18:14 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2007-12-12 03:44 . 2007-10-17 16:26 24 --sh--w c:\windows\S66A3B434.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-21 171448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KMCONFIG"="c:\program files\Trust\Trust R-Series Keyboard\StartAutorun.exe" [2007-03-06 212992]
"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-01 185872]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-04 368640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

c:\users\prutteltje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2007-11-22 118784]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-1-9 528384]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-4-19 278528]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 10:41 294912 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A62367A5-2A7E-4980-A0A2-A8DE70B26CCE}"= UDP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{3FAF021C-7629-41B9-8399-8452F1113F3B}"= TCP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{8F48EE35-309A-4E56-A6AE-FA77D3FAA67F}"= UDP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{4451D232-3E9B-4D9A-A10B-6EFB54C3ED87}"= TCP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{92620155-6C12-4238-A813-7A4416B1E15D}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{6EF17F1C-B45C-4474-9998-80FC1754ECE9}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{86464936-6159-4A2B-B2C3-DD69C978FCA5}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{CC415EFE-1025-4EA9-8BD1-7663FCDD5805}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{DED866F4-1879-45BD-9E10-4C21323FCE1F}"= UDP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{81719486-D2C1-4F2A-96C2-7B3950B7C23D}"= TCP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{8737E236-F936-46A7-8F00-48D9E2C267FD}"= UDP:c:\program files\Acer Zone\Acer Zone TV Server\TVServer.exe:CyberLink TV Server
"{F1EF58D9-5B0C-40D5-8520-67A9F28C485D}"= TCP:c:\program files\Acer Zone\Acer Zone TV Server\TVServer.exe:CyberLink TV Server
"{08DCD9A2-876B-4A95-A870-F72F380447B8}"= UDP:c:\program files\Acer Zone\Acer Zone TV Server\Kernel\DMSTV\CLMSServer.exe:CyberLink Media Server
"{C2860DAE-9623-4FE9-982C-70B85C7EB1B8}"= TCP:c:\program files\Acer Zone\Acer Zone TV Server\Kernel\DMSTV\CLMSServer.exe:CyberLink Media Server
"{00BEEE77-BE4B-4F80-BF25-9F9B228229CB}"= UDP:c:\program files\Acer Zone\Acer Zone TV Enhance\TVEnhance.exe:CyberLink TVEnhance
"{CF484391-5857-4036-9650-9E9C8E3CE555}"= TCP:c:\program files\Acer Zone\Acer Zone TV Enhance\TVEnhance.exe:CyberLink TVEnhance
"{80B5F622-E8EC-4258-8967-A50A98C3F702}"= UDP:c:\program files\Acer Zone\Acer Zone TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program
"{A1CF151E-8B6C-4E2D-9C04-88EBDD950D1B}"= TCP:c:\program files\Acer Zone\Acer Zone TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program
"{471318BB-F1CC-4150-AB14-34F65DECF155}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{610820C0-FBF7-4673-AFE1-CB677BBBA5A3}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{ED475149-3E59-4F9C-8C66-5E0935EF8438}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{919A370E-5F34-4CBA-A440-2189C5A24C99}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"{41D98061-CB34-49D7-A373-221EB08CFCF3}"= c:\program files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{A2B91647-DB39-45A5-9F18-A50506AD7FD1}"= Disabled:UDP:c:\program files\SlySoft\AnyDVD\AnyDVD.exe:AnyDVD
"{A0039FFA-377D-452B-A040-B2D1F4C28012}"= Disabled:TCP:c:\program files\SlySoft\AnyDVD\AnyDVD.exe:AnyDVD
"TCP Query User{EB6B2409-DA82-4637-91D2-AE38B899054D}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{BF63570A-2B10-4FC8-A5F6-07FFC4C441AB}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{15F63ECF-B010-4F6E-8D54-89BF85695207}"= UDP:d:\k&l\kaneandlynch.exe:Kane & Lynch: Dead Men
"{E488E3E3-C1AA-4ECA-A102-9AC0758D3B39}"= TCP:d:\k&l\kaneandlynch.exe:Kane & Lynch: Dead Men
"{FB558341-280E-42DF-852C-4D99E63A0A26}"= UDP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{EBADF087-0022-4F1E-B5C6-424F4213BA81}"= TCP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [5-7-2006 14:46 63352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [29-2-2008 16:03 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [29-2-2008 16:03 51440]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2-11-2006 16:51 13560]
R2 athsgt;athsgt;c:\windows\System32\drivers\athsgt.sys [18-7-2007 16:36 164992]
R2 CyberLink Media TV Service;CyberLink Media TV Service;c:\program files\Acer Zone\Acer Zone TV Server\Kernel\DMSTV\CLMSServer.exe [18-4-2007 14:22 262237]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Trust\Trust R-Series Keyboard\KMWDSrv.exe [5-4-2007 10:29 208896]
R2 limsgt;limsgt;c:\windows\System32\drivers\limsgt.sys [18-7-2007 16:36 12544]
R2 litsgt;litsgt;c:\windows\System32\drivers\litsgt.sys [10-11-2007 19:56 137344]
R2 tansgt;tansgt;c:\windows\System32\drivers\tansgt.sys [10-11-2007 19:55 12032]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [2-6-2008 16:16 86792]
R3 Ph3xIB32;Philips 713x VU PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [3-4-2007 10:43 1131136]
R3 RTL85n86;Stuurprogramma voor Realtek 8180/8185 Extensible 802.11-draadloos apparaat;c:\windows\System32\drivers\RTL85n86.sys [2-11-2006 12:25 311808]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16-2-2006 16:51 4096]
S3 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\Acer Zone\Acer Zone TV Enhance\Kernel\TV\TVECapSvc.exe [18-4-2007 14:23 286812]
S3 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\Acer Zone\Acer Zone TV Enhance\Kernel\TV\TVESched.exe [18-4-2007 14:23 110682]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53bd902b-f5b3-11db-b2a1-001921573548}]
\shell\AutoRun\command - Q:\Setup.exe
.
Inhoud van de 'Gedeelde Taken' map

2009-05-05 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 07:09]

2009-05-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.startpagina.nl
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\prutteltje\AppData\Roaming\Mozilla\Firefox\Profiles\1d6ow8v6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.startpagina.nl/
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.08
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.08);user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast, .

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 20:19
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-3047432322-4276535874-3232029594-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3b,07,60,4e,0d,12,14,b7,3b,bc,56,ef,3a,3d,0d,93,bc,9d,8c,e5,bc,71,fa,
a8,ac,50,d4,8a,68,ef,73,39,f2,38,bf,bf,04,62,98,55,d2,85,18,ef,f5,1a,81,52,\
"??"=hex:a0,61,76,1a,b3,c8,9b,e0,05,2e,95,a9,c8,c9,59,e4

[HKEY_USERS\S-1-5-21-3047432322-4276535874-3232029594-1000\Software\SecuROM\License information*]
"datasecu"=hex:91,63,94,3d,25,06,48,b1,7d,a1,df,86,28,20,3b,dc,be,7d,91,45,ff,
f1,3b,bc,1a,37,66,4d,2a,e0,41,32,d1,cc,2b,d5,3b,5e,0d,81,4d,ab,7f,1d,7d,67,\
"rkeysecu"=hex:35,70,a6,03,e0,9f,cc,b4,a2,16,77,cb,57,4f,02,c8
.
Voltooingstijd: 2009-05-05 20:21
ComboFix-quarantined-files.txt 2009-05-05 18:21

Pre-Run: 27.968.774.144 bytes beschikbaar
Post-Run: 29.535.309.824 bytes beschikbaar

244 --- E O F --- 2009-04-29 01:00

[SpySentinel]

Hi kuifje, You're welcome


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\S66A3B434.tmp
c:\windows\system32\xa685930296.exe
c:\windows\system32\xa685927597.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53bd902b-f5b3-11db-b2a1-001921573548}]

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[kuifje]

Wow you're fast SpySentinel!

The fight with my computer i mentioned before was due to the notification by Combofix that i still had Norton anti virus stuff running on my computer.
Norton came with the comp. and i removed it. (or so i thought)

Thanks again,
Kuifje

Anyway here is the requested log:


ComboFix 09-05-04.A3 - prutteltje 05-05-2009 23:21.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.2047.980 [GMT 2:00]
Gestart vanuit: c:\users\prutteltje\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\prutteltje\Desktop\CFScript.txt
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)
AV: Norton Internet Security *On-access scanning enabled* (Updated)
AV: Spy Sweeper with AntiVirus *On-access scanning disabled* (Updated)
FW: Bitdefender Firewall *disabled*
FW: Norton Internet Security *enabled*

FILE ::
c:\windows\S66A3B434.tmp
c:\windows\system32\xa685927597.exe
c:\windows\system32\xa685930296.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\xa685927597.exe
c:\windows\system32\xa685930296.exe

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-04-05 to 2009-05-05 ))))))))))))))))))))))))))))))
.

2009-05-01 15:29 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-01 15:29 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-29 19:24 . 2009-04-29 19:24 -------- d-----w c:\users\prutteltje\AppData\Roaming\funkitron
2009-04-29 17:41 . 2009-04-29 17:41 -------- d-----w c:\users\prutteltje\AppData\Roaming\GOL_byHasbro
2009-04-26 17:39 . 2009-04-26 17:43 -------- d-----w c:\users\prutteltje\AppData\Roaming\Mysteryville2
2009-04-26 17:38 . 2009-04-26 18:44 -------- d-----w c:\program files\iWin.com Games
2009-04-25 16:20 . 2009-04-25 16:20 -------- d-----w c:\users\prutteltje\AppData\Local\Gamenauts
2009-04-24 20:33 . 2009-04-24 20:33 -------- d-----w c:\programdata\SpecialBit
2009-04-24 20:33 . 2009-04-24 20:33 -------- d-----w c:\users\All Users\SpecialBit
2009-04-19 19:16 . 2009-04-19 19:16 -------- d-----w c:\users\prutteltje\AppData\Roaming\Reflexivev1002
2009-04-09 05:27 . 2008-10-10 02:52 2036576 ----a-w c:\windows\system32\D3DCompiler_40.dll
2009-04-09 05:27 . 2008-10-10 02:52 452440 ----a-w c:\windows\system32\d3dx10_40.dll
2009-04-09 05:27 . 2008-10-10 02:52 4379984 ----a-w c:\windows\system32\D3DX9_40.dll
2009-04-09 05:27 . 2008-10-27 08:04 70992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2009-04-09 05:27 . 2008-10-27 08:04 514384 ----a-w c:\windows\system32\XAudio2_3.dll
2009-04-09 05:27 . 2008-10-27 08:04 235856 ----a-w c:\windows\system32\xactengine3_3.dll
2009-04-09 05:27 . 2008-10-27 08:04 23376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2009-04-08 20:01 . 2009-04-08 20:01 -------- d-----w c:\program files\Kalypso

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-05 21:44 . 2009-01-28 04:34 81984 ----a-w c:\windows\system32\bdod.bin
2009-05-05 21:40 . 2008-03-02 08:00 12 ----a-w c:\windows\bthservsdp.dat
2009-05-05 18:24 . 2006-11-02 16:11 676772 ----a-w c:\windows\system32\perfh013.dat
2009-05-05 18:24 . 2006-11-02 16:11 131268 ----a-w c:\windows\system32\perfc013.dat
2009-05-01 15:30 . 2009-01-25 23:58 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-31 19:02 . 2009-01-26 00:54 -------- d-----w c:\program files\Java
2009-03-17 03:38 . 2009-04-15 17:26 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 17:26 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-11 20:55 . 2009-02-22 15:18 -------- d-----w c:\program files\BigfishGames
2009-03-09 03:19 . 2009-01-26 00:55 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-03 04:46 . 2009-04-15 17:26 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 17:26 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 17:26 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-15 17:26 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 17:26 551424 ------w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 17:26 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 17:26 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-15 17:26 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 17:26 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 17:26 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 17:26 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 17:26 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-15 17:26 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-13 20:30 . 2009-02-13 20:30 94801292 ----a-w c:\windows\system32\xa94226663.exe
2009-02-13 20:30 . 2009-02-13 20:30 94801292 ----a-w c:\windows\system32\xa94224588.exe
2009-02-13 08:49 . 2009-04-15 17:26 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-15 17:26 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-02-11 20:58 . 2009-02-11 20:58 55752346 ----a-w c:\windows\system32\xa275937423.exe
2009-02-11 20:58 . 2009-02-11 20:58 55752346 ----a-w c:\windows\system32\xa275934350.exe
2009-02-11 18:43 . 2009-02-11 18:43 97330812 ----a-w c:\windows\system32\xa267784077.exe
2009-02-11 18:43 . 2009-02-11 18:43 97330812 ----a-w c:\windows\system32\xa267781800.exe
2009-02-09 03:10 . 2009-03-11 00:10 2033152 ----a-w c:\windows\system32\win32k.sys
2008-06-18 18:14 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2007-12-12 03:44 . 2007-10-17 16:26 24 --sh--w c:\windows\S66A3B434.tmp
.

((((((((((((((((((((((((((((( SnapShot@2009-05-05_18.19.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-05-05 17:32 . 2009-05-05 17:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-05 21:41 . 2009-05-05 21:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-05-05 17:32 . 2009-05-05 17:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-05 21:41 . 2009-05-05 21:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-05-05 18:24 595308 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-05 17:38 595308 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-05 18:24 104742 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-05-05 17:38 104742 c:\windows\System32\perfc009.dat
+ 2009-01-13 19:12 . 2009-05-05 21:40 281424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-01-13 19:12 . 2009-05-05 17:31 281424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2006-11-02 10:22 . 2009-04-26 19:03 6406144 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2009-05-05 21:40 6406144 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-05-05 21:20 . 2009-05-05 21:20 6406144 c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2008-02-17 02:03 . 2009-05-05 18:23 185992517 c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-21 171448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KMCONFIG"="c:\program files\Trust\Trust R-Series Keyboard\StartAutorun.exe" [2007-03-06 212992]
"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-01 185872]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-04 368640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

c:\users\prutteltje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2007-11-22 118784]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-1-9 528384]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-4-19 278528]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 10:41 294912 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A62367A5-2A7E-4980-A0A2-A8DE70B26CCE}"= UDP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{3FAF021C-7629-41B9-8399-8452F1113F3B}"= TCP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{8F48EE35-309A-4E56-A6AE-FA77D3FAA67F}"= UDP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{4451D232-3E9B-4D9A-A10B-6EFB54C3ED87}"= TCP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{92620155-6C12-4238-A813-7A4416B1E15D}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{6EF17F1C-B45C-4474-9998-80FC1754ECE9}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{86464936-6159-4A2B-B2C3-DD69C978FCA5}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{CC415EFE-1025-4EA9-8BD1-7663FCDD5805}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{DED866F4-1879-45BD-9E10-4C21323FCE1F}"= UDP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{81719486-D2C1-4F2A-96C2-7B3950B7C23D}"= TCP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{8737E236-F936-46A7-8F00-48D9E2C267FD}"= UDP:c:\program files\Acer Zone\Acer Zone TV Server\TVServer.exe:CyberLink TV Server
"{F1EF58D9-5B0C-40D5-8520-67A9F28C485D}"= TCP:c:\program files\Acer Zone\Acer Zone TV Server\TVServer.exe:CyberLink TV Server
"{08DCD9A2-876B-4A95-A870-F72F380447B8}"= UDP:c:\program files\Acer Zone\Acer Zone TV Server\Kernel\DMSTV\CLMSServer.exe:CyberLink Media Server
"{C2860DAE-9623-4FE9-982C-70B85C7EB1B8}"= TCP:c:\program files\Acer Zone\Acer Zone TV Server\Kernel\DMSTV\CLMSServer.exe:CyberLink Media Server
"{00BEEE77-BE4B-4F80-BF25-9F9B228229CB}"= UDP:c:\program files\Acer Zone\Acer Zone TV Enhance\TVEnhance.exe:CyberLink TVEnhance
"{CF484391-5857-4036-9650-9E9C8E3CE555}"= TCP:c:\program files\Acer Zone\Acer Zone TV Enhance\TVEnhance.exe:CyberLink TVEnhance
"{80B5F622-E8EC-4258-8967-A50A98C3F702}"= UDP:c:\program files\Acer Zone\Acer Zone TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program
"{A1CF151E-8B6C-4E2D-9C04-88EBDD950D1B}"= TCP:c:\program files\Acer Zone\Acer Zone TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program
"{471318BB-F1CC-4150-AB14-34F65DECF155}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{610820C0-FBF7-4673-AFE1-CB677BBBA5A3}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{ED475149-3E59-4F9C-8C66-5E0935EF8438}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{919A370E-5F34-4CBA-A440-2189C5A24C99}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"{41D98061-CB34-49D7-A373-221EB08CFCF3}"= c:\program files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{A2B91647-DB39-45A5-9F18-A50506AD7FD1}"= Disabled:UDP:c:\program files\SlySoft\AnyDVD\AnyDVD.exe:AnyDVD
"{A0039FFA-377D-452B-A040-B2D1F4C28012}"= Disabled:TCP:c:\program files\SlySoft\AnyDVD\AnyDVD.exe:AnyDVD
"TCP Query User{EB6B2409-DA82-4637-91D2-AE38B899054D}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{BF63570A-2B10-4FC8-A5F6-07FFC4C441AB}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{15F63ECF-B010-4F6E-8D54-89BF85695207}"= UDP:d:\k&l\kaneandlynch.exe:Kane & Lynch: Dead Men
"{E488E3E3-C1AA-4ECA-A102-9AC0758D3B39}"= TCP:d:\k&l\kaneandlynch.exe:Kane & Lynch: Dead Men
"{FB558341-280E-42DF-852C-4D99E63A0A26}"= UDP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{EBADF087-0022-4F1E-B5C6-424F4213BA81}"= TCP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [5-7-2006 14:46 63352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [29-2-2008 16:03 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [29-2-2008 16:03 51440]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2-11-2006 16:51 13560]
R2 athsgt;athsgt;c:\windows\System32\drivers\athsgt.sys [18-7-2007 16:36 164992]
R2 CyberLink Media TV Service;CyberLink Media TV Service;c:\program files\Acer Zone\Acer Zone TV Server\Kernel\DMSTV\CLMSServer.exe [18-4-2007 14:22 262237]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Trust\Trust R-Series Keyboard\KMWDSrv.exe [5-4-2007 10:29 208896]
R2 limsgt;limsgt;c:\windows\System32\drivers\limsgt.sys [18-7-2007 16:36 12544]
R2 litsgt;litsgt;c:\windows\System32\drivers\litsgt.sys [10-11-2007 19:56 137344]
R2 tansgt;tansgt;c:\windows\System32\drivers\tansgt.sys [10-11-2007 19:55 12032]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [2-6-2008 16:16 86792]
R3 Ph3xIB32;Philips 713x VU PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [3-4-2007 10:43 1131136]
R3 RTL85n86;Stuurprogramma voor Realtek 8180/8185 Extensible 802.11-draadloos apparaat;c:\windows\System32\drivers\RTL85n86.sys [2-11-2006 12:25 311808]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16-2-2006 16:51 4096]
S3 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\Acer Zone\Acer Zone TV Enhance\Kernel\TV\TVECapSvc.exe [18-4-2007 14:23 286812]
S3 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\Acer Zone\Acer Zone TV Enhance\Kernel\TV\TVESched.exe [18-4-2007 14:23 110682]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhoud van de 'Gedeelde Taken' map

2009-05-05 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 07:09]

2009-05-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.startpagina.nl
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\prutteltje\AppData\Roaming\Mozilla\Firefox\Profiles\1d6ow8v6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.startpagina.nl/
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.08
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.08);user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast, .

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 23:44
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-3047432322-4276535874-3232029594-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3b,07,60,4e,0d,12,14,b7,3b,bc,56,ef,3a,3d,0d,93,bc,9d,8c,e5,bc,71,fa,
a8,ac,50,d4,8a,68,ef,73,39,f2,38,bf,bf,04,62,98,55,d2,85,18,ef,f5,1a,81,52,\
"??"=hex:a0,61,76,1a,b3,c8,9b,e0,05,2e,95,a9,c8,c9,59,e4

[HKEY_USERS\S-1-5-21-3047432322-4276535874-3232029594-1000\Software\SecuROM\License information*]
"datasecu"=hex:91,63,94,3d,25,06,48,b1,7d,a1,df,86,28,20,3b,dc,be,7d,91,45,ff,
f1,3b,bc,1a,37,66,4d,2a,e0,41,32,d1,cc,2b,d5,3b,5e,0d,81,4d,ab,7f,1d,7d,67,\
"rkeysecu"=hex:35,70,a6,03,e0,9f,cc,b4,a2,16,77,cb,57,4f,02,c8
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\msiexec.exe
c:\program files\Common Files\microsoft shared\Source Engine\OSE.EXE
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\snmptrap.exe
c:\windows\System32\TuneUpDefragService.exe
c:\windows\System32\vds.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2008\vsserv.exe
c:\windows\System32\conime.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Trust\Trust R-Series Keyboard\KMCONFIG.exe
c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Trust\Trust R-Series Keyboard\KMProcess.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Voltooingstijd: 2009-05-05 23:47 - machine werd herstart
ComboFix-quarantined-files.txt 2009-05-05 21:47
ComboFix2.txt 2009-05-05 18:21

Pre-Run: 30.645.301.248 bytes beschikbaar
Post-Run: 30.445.359.104 bytes beschikbaar

290 --- E O F --- 2009-04-29 01:00

[SpySentinel]

Hi kuifje, I try to reply in a timely manner.

It you would like, I can help you remove Norton AntiVirus. Please download the Norton Removal Tool to help clean up your Norton Products.


Step #1

Download RootRepeal.zip and unzip it to your Desktop.

• Double click RootRepeal.exe to start the program
• Click on the Report tab at the bottom of the program window
• Click the Scan button
• In the Select Scan dialog, check:
  • Drivers
  • Files
  • Processes
  • SSDT
  • Stealth Objects
  • Hidden Services
• Click the OK button
• In the next dialog, select all drives showing
• Click OK to start the scan
  

  Note: The scan can take some time. DO NOT run any other programs while the scan is running

• When the scan is complete, the Save Report button will become available
• Click this and save the report to your Desktop as RootRepeal.txt
• Go to File, then Exit to close the program

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

Step #2

Launch Malwarebytes' Anti-Malware

• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode.
  

  You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  Use your up arrow key to highlight SafeMode then hit enter.

• Double click the setup file to run it.
• Click Next to continue.
• It will by default install it to your desktop folder.Click Next.
• Hit ok at the prompt for scanning in Safe Mode.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• System Memory
• Startup Objects
• Disk Boot Sectors.
• My Computer.
• Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left un-neutralized then click the button that says Neutralize all
• If it says it cannot be Neutralized then chooose The delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file name it Kas.
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  

  Note: This tool will self uninstall when you close it so please save the log before closing it.

[kuifje]

Hi SpySentinal,

Sorry for the delay in answering you.
I am still working on the requested info.
The rootrepeal procedure indeed takes a lot of time and i think i am doing something wrong.
It was almost finished (after almost 3 days ) and then it stopped without creating a report.
I will run it again and run the other programs aswell and reply you prpperly.
Thing is i just heard today that i have to leave on a business trip tomorrow and will be back next wednesday.
So the reply is going to be late next week.
i hope you are still willing to help me by then.
again sorry for the delay and thanks for the help so far.

Kuifje

[SpySentinel]

Hi kuifje, thanks for letting me know. I will be here awaiting your reply when you return. You won't get rid of me that easy


If you can't get the RootRepeal scan to work, just let me know and post the other logs.